CyberWire Daily

CyberWire Daily

By N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Episodes

The hot pursuit of Volt Typhoon.

Volt Typhoon retains the attention of US investigators. The IMF reports a cyber breach. Fujitsu finds malware on internal systems. Securonix researchers describe DEEP#GOSU targeting South Korea. Subsea cable breaks leave West and Central Africa offline. Health care groups oppose enhanced cyber security regulations. A Pennsylvania school district grapples with a ransomware attack. AT&T denies a data leak. Our guest Kevin Magee of Microsoft Canada shared his experiments with board reporting. And Apex Legends eSports competitors get some unexpected upgrades.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Kevin Magee of Microsoft Canada sharing his experiments using N2K’s CSO Rick Howard's forecasting methodology from his Cybersecurity First Principles book regarding board reporting.  Selected Reading US is still chasing down pieces of Chinese hacking operation, NSA official says (The Record) IMF Investigates Serious Cybersecurity Breach (Infosecurity Magazine) Tech giant Fujitsu says it was hacked, warns of data breach (TechCrunch) Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware (securonix) Ghana says repairs on subsea cables could take five weeks  (Reuters) Health care groups resist cybersecurity rules in wake of landmark breach (CyberScoop) Pennsylvania’s Scranton School District dealing with ransomware attack (The Record) AT&T says leaked data of 70 million people is not from its systems (BleepingComputer) The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (Security Affairs) Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/03/2430m 35s

Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]

The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1) provides a set of building blocks for describing the Tasks, Knowledge, and Skills (TKS) that are needed to perform cybersecurity work by individuals or teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. On this Special Edition podcast, N2K CyberWire's Dave Bittner is joined by the team at NIST and FIU's Jack D. Gordon Institute for Public Policy to delve into the history of the NICE Framework through its latest update and looking into the future. Brian Fonseca, Director at the Jack D. Gordon Institute for Public Policy, shares an introduction to the NICE Framework. Karen Wetzel, NICE Framework Manager, discusses the updates to the framework. Rodney Petersen, Director of NICE, talks about what these updates mean to cybersecurity education's future. Resources: NICE Framework Resource Center Getting Started with the NICE Framework 2024 NICE Conference and Expo: Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap Take advantage of the early bird pricing until March 19, 2024. Don’t miss out on this opportunity! Jack D. Gordon Institute for Public Policy at Florida International University (FIU) Veterans and First Responders Training Initiative Intelligence Fellowship And be sure to check out our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/03/2447m 32s

Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't ready to retire quite yet because she loved the industry so much, saying "I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother." She shares words of wisdom for all trying to get into the industry, saying that you need to always take the risk like she did when she first started her career. We thank Dawn for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/03/2410m 2s

Inside SendGrid's phishy business. [Research Saturday]

Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing services to launch a phishing campaign impersonating itself.  Hackers behind this novel phishing campaign used SendGrid’s Tracking Settings feature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid.  Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Phishception – SendGrid is abused to host phishing attacks impersonating itself Learn more about your ad choices. Visit megaphone.fm/adchoices
16/03/2431m 55s

Flight fiasco: UK Defence Minister's jet faces GPS jamming.

Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education’s future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register) StopCrypt: Most widely distributed ransomware now evades detection (Bleeping Computer) Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (The Record) Massive Data Breach Exposes Info of 43 Million French Workers (Hack Read) WARNING: THREE VULNERABILITIES IN ARCSERVE UDP SOFTWARE DEMAND URGENT ACTION, PATCH IMMEDIATELY! (certbe) FCC approves cybersecurity label for consumer devices  (CyberScoop) Hackers can read private AI-assistant chats even though they’re encrypted  (Ars Technica) MITRE-Harris poll reveals US public's concerns over critical infrastructure and perceived risks  (Industrial Cyber) Tech Support Firms Agree to $26M FTC Settlement Over Fake Services (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/03/2437m 14s

A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]

In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 1 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder (LinkedIn) joins Andrew (X; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency.  What You’ll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis  Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage  Reflections Human nature throughout history History repeating itself  And much, much more … Quotes of the Week “Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” Resources  SURFACE SKIM *SpyCasts* Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023) The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023) SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022) “How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020) *Beginner Resources* What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video] Psychologists in the CIA, American Psychological Association (2002) [Short article] 7 Reasons to Study Psychology, University of Toronto (n.d.) [Short article] DEEPER DIVE Books Freud and Beyond, S. A. Mitchell (Basic Books, 2016) Narcissism and Politics: Dreams of Glory, J. M. Post (Cambridge University Press, 2014) The True Believer: Thoughts on the Nature of Mass Movements, E. Hoffer (Harper Perennial Modern Classics, 2010)  Team of Rivals: The Political Genius of Abraham Lincoln, D. K. Goodwin (Simon & Schuster, 2004) Leaders, Fools, and Impostors: Essays on the Psychology of Leadership, M. F. R. Kets de Vries (iUniverse, 2003)  Primary Sources  Charles de Gaulle to Pamela Digby Churchill (1942)  Blood, Toil, Tears and Sweat (1940) Memoirs of Ulysses S. Grant (1885) Gettysburg Address (1863)  House Divided Speech (1858) Excerpt on Cleopatra from Plutarch's Life of Julius Caesar (ca. 2nd century AD) Plutarch’s The Life of Alexander (ca. 2nd century AD)  Appian’s The Civil Wars (ca. 2nd century AD)  Virgil’s The Aeneid (19 B.C.E)  *Wildcard Resource* On Dreams by Sigmund Freud (1901) In this simplified version of the father of psychoanalysis’ seminal book The Interpretation of Dreams, you can get a small taste for Freudian philosophy. Freud believed that dreams were a reflection of the subconscious mind and that studying a person’s dreams can elucidate their inner wants and needs. What are your dreams telling you?  Learn more about your ad choices. Visit megaphone.fm/adchoices
15/03/241h 13m

TikTok showdown: U.S. lawmakers target privacy and security.

The US House votes to enact restrictions on TikTok. HHS launches an investigation into Change Healthcare. An Irish Covid-19 portal puts over a million vaccination records at risk. Google distributes $10 million in bug bounty rewards. Nissan Oceana reports a data breach resulting from an Akira ransomware attack. Meta sues a former VP for alleged data theft.  eSentire sees Blind Eagle focusing on the manufacturing sector. Claroty outlines threats to health care devices. A major provider of yachts is rocked by a cyber incident. In our Threat Vector segment, David Moulton explores the new SEC cybersecurity regulations with legal expert and Unit 42 Consultant Jacqueline Wudyka. And ransomware victims want their overtime pay.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton explores the new SEC cybersecurity regulations that reshape how public companies handle cyber risks with legal expert and Unit 42 Consultant Jacqueline Wudyka. They discuss the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape.  Selected Reading Bill that could spur TikTok ban gains House OK  (SC Media) What would a TikTok ban look like for users? (NBC News) HHS to investigate UnitedHealth and ransomware attack on Change Healthcare (The Record) How a user access bug in Ireland’s vaccination website exposed more than a million records (ITPro) Google Paid $10m in Bug Bounties to Security Researchers in 2023 (Infosecurity Magazine) Nearly 100K impacted by Nissan Oceania cyberattack (SC Media) Meta Sues Former VP After Defection to AI Startup (Infosecurity Magazine) Malware Analysis: Blind Eagle's North American Journey (esentire) Only 13% of medical devices support endpoint protection agents (Help Net Security) Billion-dollar boat seller MarineMax reports cyberattack to SEC (The Record) City workers not getting paid overtime amid Hamilton's ransomware attack: unions (CBS News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/03/2433m 46s

Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]

Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the side. She quotes David Duchovny in an interview once, explaining how sometimes you need to keep your head down and outwork others. Teresa said this resonated with her, saying, "that's how I went from a foreclosure box on the porch to where I am now. I have a good job and, and I have a career and I have a really good career and I absolutely love it." We thank Teresa for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/03/249m 3s

The usual suspects are up to their usual tricks.

ODNI’s Annual Threat Assessment highlights the usual suspects. The White House meets with UnitedHealth Group’s CEO. A convicted LockBit operator gets four years in prison. The Clop ransomware group leaks data from major universities. Equilend discloses a data breach. Fortinet announces critical and high-severity vulnerabilities. GhostRace exploits speculative race conditions in popular CPUs. Incognito Market pulls the rug and extorts its users. Patch Tuesday notes. On the Learning Layer, Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. They explore Joe's journey on the road to taking his CISSP test. And, I do not authorize Facebook, Meta or any of its subsidiaries to use this podcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Join us as a Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. On this episode, they explore Joe's journey as he embarks on the road to taking his CISSP test after fourteen years in the cyber industry, and why he decided to get it now. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Selected Reading ODNI's 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability - Industrial Cyber (Industrial Cyber) White House meets with UnitedHealth CEO over hack  (Reuters) LockBit ransomware affiliate gets four years in jail, to pay $860k (bleepingcomputer) Stanford University ransomware attack impacts 27K  (SC Media) EquiLend Employee Data Breached After January Ransomware Attack (HACKread) Fortinet reports two critical and three high severity issues, plan to patch (beyondmachines) Major CPU, Software Vendors Impacted by New GhostRace Attack (SecurityWeek) Incognito Market: The not-so-secure dark web drug marketplace  (Graham Cluley) Microsoft Patch Tuesday – Major Flaws In Office, Exchange And SQL Server (cybersecuritynews) New Facebook photo rule hoax spreads (Malwarebytes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/03/2431m 12s

Biden's budget boost for cybersecurity.

Biden’s budget earmarks thirteen billion bucks for cybersecurity. DOJ targets AI abuse. A US trade mission to the Philippines includes cyber training. CISA and OMB release a secure software attestation form. CyberArk explores AI worms. Russia arrests a South Korean on cyber espionage charges. French government agencies are hit with DDoS attacks. Jessica Brandt is named director of the Foreign Malign Influence Center. Afternoon Cyber Tea host Ann Johnson speaks with her guest Keren Elazari about the hacker mindset. Google builds itself the Bermuda Triangle of Broadband.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Afternoon Cyber Tea host Ann Johnson talks with her guest Keren Elazari about the hacker mindset. To hear the full conversation, please listen to the episode of Afternoon Cyber Tea. Selected Reading US Federal Budget Proposes $27.5B for Cybersecurity (GovInfo Security) Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences (SecurityWeek) Microsoft to train 100,000 Philippine women in AI, cybersecurity (South China Morning Post) US launches secure software development attestation form to enhance federal cybersecurity (Industrial Cyber) The Rise of AI Worms in Cybersecurity (Security Boulevard) South Korean detained earlier this year is accused of espionage in Russia, state news agency says (Associated Press)  Massive cyberattacks hit French government agencies (Security Affairs) ODNI appoints new election security leader ahead of presidential race (The Record) Google’s self-designed office swallows Wi-Fi “like the Bermuda Triangle” ( Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/03/2427m 10s

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/03/247m 19s

CISA’s news trifecta.

A roundup of news out of CISA. California reveals data brokers selling the sensitive information of minors. Permiso Security shares an open-source cloud intrusion detection tool. Darktrace highlights a campaign exploiting DropBox.  EU's Cyber Solidarity Act forges ahead. A White House committee urges new economic incentives for securing OT systems. Paysign investigates claims of a data breach.  Our guest is Alex Cox, Director Threat Intelligence, Mitigation, and Escalation at LastPass, to discuss what to expect after LockBit. And Axios highlights the clowns and fools behind ransomware attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Alex Cox, Director, Threat Intelligence, Mitigation, Escalation (TIME) at LastPass, joins us to discuss what to expect after LockBit. Selected Reading Top US cybersecurity agency hacked and forced to take some systems offline (CNN Politics) CISA’s open source software security initiatives detailed (SC Media) GAO uncovers mixed feedback on CISA's OT cybersecurity services when it comes to addressing risks (Industrial Cyber) Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors (The Record) New Open Source Tool Hunts for APT Activity in the Cloud (SecurityWeek) Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins (HACKREAD) Everything you need to know about the EU's Cyber Solidarity Act (ITPro) White House advisory group says market forces ‘insufficient’ to drive cybersecurity in critical infrastructure (CyberScoop) Paysign investigating reports of consumer information data breach (The Record) The clowns and fools behind ransomware attacks (Axios)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/03/2435m 39s

Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes you out of your comfort zone actually makes you learn and grow." She notes that challenges experienced in life increase your risk appetite so significantly. Swati advises those looking to make a job change to be certain of what is attracting them and to be yourself. We thank Swati for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/03/2411m 4s

Setting better cyber job expectations to attract and retain talent. [Special Edition]

In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar. In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job descriptions to better reflect cyber role expectations to improve hiring, training, and retention. To view the original webinar on demand, visit here. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/03/2421m 2s

Understanding the multi-tiered impact of ransomware. [Research Saturday]

This week we are joined by Jamie MacColl and Dr. Pia Hüsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, Organisations and Society." The research reveals some of the harms caused by ransomware, including physical, financial, reputational, psychological and social harms. Researchers state "Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society." The research can be found here: Ransomware: Victim Insights on Harms to Individuals, Organisations and Society Learn more about your ad choices. Visit megaphone.fm/adchoices
09/03/2422m 55s

From breach to battle: The escalating threat of Midnight Blizzard.

Russian hackers persist against Microsoft’s internal systems. Change Healthcare systems are slowly coming back online. Russian propaganda sites masquerade as local news. Swiss government info is leaked on the darknet.  Krebs on Security turns the tables on the Radaris online data broker. The NSA highlights the fundamentals of Zero Trust. The British Library publishes lessons learned from their ransomware attack. Researchers run a global prompt hacking competition. CheckPoint looks at Magnet Goblin. Experts highlight the need for psychological safety in cyber security. Our guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. And the I-Soon leak reveals the seedy underbelly of Chinese cyber operations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. Selected Reading Microsoft says Russian-state sponsored hackers have been able to access internal systems  (Reuters)  Change Healthcare brings some systems back online after cyberattack (The Record) Spate of Mock News Sites With Russian Ties Pop Up in U.S  (The New York Times) Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration (Security Affairs) A Close Up Look at the Consumer Data Broker Radaris (krebsonsecurity) NSA Details Seven Pillars Of Zero Trust (GB Hackers) LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review (British Library) A Taxonomy of Prompt Injection Attacks  (Schneier on Security) https://arxiv.org/pdf/2311.16119.pdf (Research) Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities  (Check Point Research) Why 'psychological safety' is so important for building a robust security culture (ITPro) Inside Chinese hacking company’s culture of influence, alcohol and sex (C4isernet) International Women's Day (International Women’s Day)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/03/2438m 0s

Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]

In honor of International Women's Day, please enjoy this encore of our 2023 Women in Cyber panel. In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi, Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy, VP, Leadership & Business at Skillsoft Lauren Zabierek, Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices
08/03/2450m 46s

A secret scheme resulting in stolen secrets.

A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. There’s a snake in Facebook’s walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to keep their innovations above water. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. You can find out more from Cobalt’s OffSec Shift report here.  Selected Reading Former Google Engineer Charged With Stealing AI Secrets (Infosecurity Magazine) Several States Attorneys General have written to Meta demanding better account recovery (NY gov) Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers  (SecurityWeek) Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware  (Graham Cluley) Microsoft AI engineer warns FTC about Copilot Designer safety concerns  (The Verge) Snake, a new Info Stealer spreads through Facebook messages (Security Affairs) NSA Details Seven Pillars Of Zero Trust (gbhackers) How Public AI Can Strengthen Democracy  (Schneier on Security) This agency is tasked with keeping AI safe. Its offices are crumbling. (WashingtonPost) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/03/2432m 58s

Encore: Dinah Davis: Building your network. [R&D] [Career Notes]

In honor of International Women's Day, please enjoy this encore of Dinah Davis sharing her story. Coming from her love of math, VP of R&D at Arctic Wolf Networks Dinah Davis shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/03/248m 10s

No cyber blues on Super Tuesday.

CISA says Super Tuesday ran smoothly. The White House sanctions spyware vendors. The DoD launches its Cyber Operational Readiness Assessment program. NIST unveils an updated NICE Framework. Apple patches a pair of zero-days. The GhostSec and Stormous ransomware gangs join forces. Cado Security tracks a new Golang-based malware campaign. Google updates its search algorithms to fight spammy content. Canada's financial intelligence agency suffers a cyber incident. On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz joins us to discuss cloud threats. Moonlighting on the dark side.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz and host of their Crying Out Cloud podcast, joins us to discuss cloud threats. Learn more in Wiz's State of the AI Cloud report.  Selected Reading No security issues as Super Tuesday draws to a close, CISA official says (The Record) Biden administration sanctions makers of commercial spyware used to surveil US (CNN Business) US DoD launches CORA program to revolutionize cybersecurity strategy (Industrial Cyber) Unveiling NICE Framework Components v1.0.0: Explore the Latest Updates Today! (NIST) Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS (Malwarebytes) Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks (Security Affairs) Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (Bleeping Computer) Google is starting to squash more spam and AI in search results (The Verge) Cyberattack forces Canada’s financial intelligence agency to take systems offline (The Record) Cyber Pros Turn to Cybercrime as Salaries Stagnate (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/03/2437m 53s

From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]

In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving threat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠ Threat Research: ⁠⁠https://unit42.paloaltonetworks.com/⁠⁠ Facebook: ⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠ LinkedIn: ⁠⁠https://www.linkedin.com/company/unit42/⁠⁠ YouTube: ⁠⁠@PaloAltoNetworksUnit42⁠⁠ Twitter: ⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices
05/03/247m 30s

Change Healthcare hackers cash in $22 million ransom.

Is the ALPHV gang pulling up a twenty two million dollar rug? Meta platforms are experiencing outages.  Ukraine claims a cyberattack on the Russian Ministry of Defense. Malicious phishers hope to hook hashes. TeamCity users are warned of critical vulnerabilities. The Discord leaker pleads guilty. AmEx suffers a third-party data breach. Amazon is flooded with fake copycat publications. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division to discuss Volt Typhoon. And, Dude, she is just not that into you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division joins us to discuss Volt Typhoon. Selected Reading Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment  (WIRED) Ukraine claims it hacked Russian Ministry of Defense servers (Bleeping Computer) Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes (Help Net Security) TeamCity Users Urged to Patch Critical Vulnerabilities (Infosecurity Magazine) Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison (Reuters) American Express credit cards exposed in third-party data breach (Bleeping Computer) Tech writer Kara Swisher has a new book. Enter the AI-generated scams. (Bleeping Computer) Retired Army officer charged with sharing classified information about Ukraine on foreign dating site (CBS News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/03/2428m 21s

Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]

In honor of International Women's Day, please enjoy this encore of Monica Ruiz sharing her story. Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
05/03/247m 41s

Cyberattack causes a code red on US healthcare.

The US healthcare sector is struggling to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NIST’s updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women in cyber. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. You can hear their full discussion here, and tune in to Microsoft Security’s Afternoon Cyber Tea every other Tuesday on the N2K’s CyberWire Network.   Selected Reading Health-care hack spreads pain across hospitals and doctors nationwide (Washington Post) Russia’s chief propagandist leaks intercepted German military Webex conversation (The Record) Cyber ransoms are too profitable. Let’s make paying illegal (The Times UK) News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian… (Bleeping Computer) Price fixing by algorithm is still price fixing (Federal Trade Commission) FCC Employees Targeted in Sophisticated Phishing Attacks (SecurityWeek) Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday (SecurityWeek) Germany takes down cybercrime market with over 180,000 users (Bleeping Computer) Exceptional Women Recognised for Contribution to Cyber Industry at Most Inspiring Women in Cyber Awards 2024 (IT Security Guru) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/03/2430m 1s

Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/03/249m 6s

The return of a malware menace. [Research Saturday]

This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. The research can be found here: Bumblebee Buzzes Back in Black  Learn more about your ad choices. Visit megaphone.fm/adchoices
02/03/2421m 8s

WhatsApp's legal triumph cracks the spyware vault.

A court orders NSO Group to hand over their source code. The Five Eyes reiterate warnings about Ivanti products. Researchers demonstrate a generative AI worm. Fulton County calls LockBit’s bluff. SMS codes went unprotected online. Golden Corral serves up a buffet of personal data. Ransom demands continue to climb. A US Senator calls on the FTC to investigate auto industry privacy practices. Dressing up data centers. Our guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. And Cops can’t keep their suspects straight.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. You can find the press release here.  Selected Reading Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient (Infosecurity Magazine) A leaky database spilled 2FA codes for the world’s tech giants (TechCrunch) Report: Average Initial Ransomware Demand in 2023 Reached $600K (Security Boulevard) Here Come the AI Worms (WIRED) Golden Corral restaurant chain data breach impacts 183,000 people (Bleeping Computer) Hackers stole 'sensitive' data from Taiwan telecom giant: ministry(Tech Xplore) CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog (Security Affairs) Senator asks FTC to investigate automakers’ data privacy practices (The Record) Looking good, feeling safe – data center security by design (Data Center Dynamics) Cops visit school of 'wrong person's child,' mix up victims and suspects in epic data fail (The Register) OpenTitan® Partnership Makes History as First Open-Source Silicon Project to Reach Commercial Availability (lowRISC) Creating Connections: Embracing change. (N2K Women in STEM newsletter)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/03/2436m 4s

Iran's cyber quest in Middle Eastern aerospace.

Iran-Linked Cyber-Espionage Targets Middle East's Aerospace and Defense. SpaceX is accused of limiting satellite internet for US troops. Savvy Seahorse' Floods the Net with Investment Scams. GUloader Malware draws on a crafty graphic attack vector. Repo confusion attacks persist. European consumer groups question Meta’s data collection options. Allegations of Russia targeting civilian critical infrastructure in Ukraine. Cisco patches high-severity flaws. The US puts a Canadian cyber firm on its Entity List. On the Threat Vector segment, we have a conversation between host David Moulton and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing Unit 42's 2024 Incident Response Report. And the counter-productive messaging in anti-piracy campaigns.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, we have a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42,  and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report.  Selected Reading Suspected Iranian cyber-espionage campaign targets Middle East aerospace, defense industries (The Record) US tells Musk to allow service in Taiwan (Taipei Times) SpaceX Refutes Claim It’s Withholding Starshield in Taiwan (Bloomberg)  Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads (infoblox) GUloader Unmasked: Decrypting the Threat of Malicious SVG Files  (McAfee Blog) Over 100,000 Infected Repos Found on GitHub (Apiiro) Rights groups file GDPR suits on Meta's pay-or-consent model (The Register) Russia Attacked Ukraine's Power Grid at Least 66 Times to ‘Freeze It Into Submission’ (WIRED) Cisco Patches High-Severity Vulnerabilities in Data Center OS  (SecurityWeek) Network intelligence company Sandvine banned from trading in the US  (SC Media) Intimidating anti-piracy warnings have the opposite effect on men, new study says (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/02/2431m 43s

Protecting American data.

President Biden is set to sign an executive order restricting overseas sharing by data brokers. US Federal agencies warn of exploited Ubiquiti EdgeRouters. A new ransomware operator claims to have hacked Epic Games. A cross-site scripting issue leaves millions of Wordpress sites vulnerable. The Rhysida ransomware group posts a multi-million dollar ransom demand on a Children’s Hospital in Chicago. Mandiant tracks Chinese threat actors targeting Ivanti VPNs. The former head of DHS weighs in on a federal cyber insurance backstop. Domain Registrars offer bulk name blocking for brands. Our guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. Cameo celebrities are taken out of context for political gains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here. To hear the full interview with Magpie, check out Control Loop.  Selected Reading Biden Executive Order Targets Bulk Data Transfers to China (GovInfo Security) FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation (HACKREAD) Fortnite game developer Epic Games allegedly hacked (Cyber Daily) LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack (Cyber Security News) Ransomware gang seeks $3.4 million after attacking children’s hospital (The Record) Chinese Cyberspies Use New Malware in Ivanti VPN Attacks (SecurityWeek) A Cyber Insurance Backstop (Schneier on Security) Cyberwar Podcast with Kate and Alex - Special Guest Michael Chertoff  Registrars can now block all domains that resemble brand names (BleepingComputer) Cameo is being used for political propaganda — by tricking the stars involved (NPR) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/02/2437m 0s

Out with the old, in with the new.

NIST’s Cybersecurity Framework gets an upgrade. ONCD makes a case against memory-related software bugs. A recent cyberattack targets Canada's Royal Canadian Mounted Police. US dethrones Russia as top target in cyber breaches. Caveat podcast cohost Ben Yelin discusses remedies in the generative AI copyright cases.And, Reggaeton Be Gone, a creative way to deal with your neighbors’ music choices.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, cohost of Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security, thinking about remedies in the generative AI copyright cases. You can find the Lawfare article Ben references here.   Selected Reading NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) After decades of memory-related software bugs, White House calls on industry to act (The Record)  Canada's RCMP, Global Affairs Hit by Cyberattacks (SecurityWeek) A cyber attack hit the Royal Canadian Mounted Police (Security Affairs)  UK email mistake put ‘lives at risk’ for Afghans who had worked with British military (The Record)  Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (The Record)  Number of data breaches falls globally, triples in the US (TechSpot) Steel giant ThyssenKrupp confirms cyberattack on automotive division (Bleeping Computer) The Change Healthcare cyberattack is still impacting pharmacies. It's a bigger deal than you think (Fast Company) US Pharmacy Outage Triggered by 'Blackcat' Ransomware at UnitedHealth Unit, Sources Say (US News and World Report)  Getting Ahead of Cybersecurity Materiality Mayhem (Security Boulevard)  Raspberry Pi maker builds device to hack neighbor's Bluetooth speakers that were streaming annoying music (TechSpot) Reggaeton Be Gone (Hackster.io) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/02/2426m 37s

LockBit reloaded: Unveiling the next chapter in cybercrime.

LockBits reawakening. China's ramp up to safety for vital sectors. Data leak leaves China feeling exposed. Malware hidden by North Korea in fake developer job listings. UK Watchdog rebukes firm for biometric scanning of staff at leisure centers. SVR found adapting for the cloud environment. DOE proposes cybersecurity guidelines for the electric sector. Wideness of breach in the financial industry revealed. Moving on to better things. Things are looking up in the cybersecurity startup ecosystem. UK's National Cyber Security Centre announced they are launching a Cyber Governance Training Pack for boards. N2K’s President Simone Petrella talks with Elastic's CISO Mandy Andress about the CISO role and the intersection of cybersecurity, law, and organizational strategy. And, there’s a facial recognition battle going on at Waterloo, the University of Waterloo that is.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Simone Petrella, N2K’s President, talks with Mandy Andress, Elastic's CISO, about the CISO role and the intersection of cybersecurity, law, and organizational strategy. Selected Reading LockBit Ransomware Gang Resurfaces With New Site (SecurityWeek) LockBit ransomware gang attempts to relaunch its services following takedown (The Record)  China to increase protections against hacking for key industries (Reuters) The I-Soon data leak unveils China's cyber espionage tactics, techniques, procedures, and capabilities. (N2K CyberWire) Fake Developer Jobs Laced With Malware (Phylum Blog) Data watchdog tells off outsourcing giant for scanning staff biometrics despite 'power imbalance' (The Register)  SVR cyber actors adapt tactics for initial cloud access (National Cyber Security Centre) New DOE-Funded Initiative Outlines Proposed Cybersecurity Baselines for Electric Distribution Systems (Energy.gov)  LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack (TechCrunch)  Actual filing to Office of Maine Attorney General: Data Breach Notifications - Consumer Protection (Maine.gov)  U-Haul data breach affects 67,000 customers in US and Canada (AZ Central) Actual filing to Office of Maine AG: Data Breach Notifications - Consumer Protection (Maine.gov)   Funding Down, Optimism Up: The Bright Spots For Cybersecurity Startups In 2024 (Forbes) NCSC to Offer Cyber Governance Guidance to Boards (InfoSecurity Magazine)  'Facial recognition' error message on vending machine sparks concern at University of Waterloo (CTV News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/02/2429m 17s

Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]

Director of Security Engineering at Marqeta and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work Our thanks to Chris for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/02/247m 27s

Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]

Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor." From late 2020 to late 2022, Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union. The research states "They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites." The research can be found here: Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor Learn more about your ad choices. Visit megaphone.fm/adchoices
24/02/2423m 45s

Crackdown on privacy leads to a multi-million dollar fine.

The FTC fines Avast over privacy violations. ConnectWise's ScreenConnect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach. EU Member States publish a cybersecurity and resilience report. Microsoft unleashes a PyRIT. A new infostealer targets the oil and gas sector. A cyberattack cripples a major US healthcare provider. Our guest is Kevin Magee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success building new companies there. And  a USB device is buzzing with malware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Kevin Magee from Microsoft Canada talks about recently meeting 15 cybersecurity startups in Ireland and finding out why they are having so much success building new companies there.  Selected Reading FTC Order Will Ban Avast from Selling Browsing Data for Advertising Purposes, Require It to Pay $16.5 Million Over Charges the Firm Sold Browsing Data After Claiming Its Products Would Block Online Tracking (FTC) Cybercriminal groups actively exploiting ‘catastrophic’ ScreenConnect bug (The Record) AT&T services resume, company blames "incorrect process" (Data Center Dynamics) 230k Individuals Impacted by Data Breach at Australian Telco Tangerine (SecurityWeek) EU releases comprehensive risk assessment report on cybersecurity, resilience of communication networks (Industrial Cyber) Microsoft Releases Red Teaming Tool for Generative AI (SecurityWeek) New Infostealer Malware Attacking Oil and Gas Industry (GB Hackers on Security) UnitedHealth says Change Healthcare hacked by nation state, as US pharmacy outages drag on (TechCrunch) Vibrator virus steals your personal information (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/02/2430m 24s

AT&T outage leaves major cities offline.

AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgänger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quantum leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this month’s Learning Layer segment, host Sam Meisenberg of N2K discusses learning science research. Sam breaks down research about quizzes and their impact on learner motivation and long term retention. Want to know more? Sam suggests you check out The Value of Using Tests in Education as Tools for Learning—Not Just for Assessment. Selected Reading AT&T, Verizon and T-Mobile customers hit by widespread cellular outages in U.S. (NBC News) US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals (SecurityWeek) LockBit Group Prepped New Crypto-Locker Before Takedown (Gov Info Security) Ukraine arrests father-son duo in Lockbit cybercrime bust (Reuters) Russian Cyberwarfare campaign (ClearSky Cyber Security) US Coast Guard issues cybersecurity directive for Chinese-made cranes after Biden's Executive Order (Industrial Cyber)  US agencies release joint fact sheet to strengthen cybersecurity in water and wastewater systems (Industrial Cyber)  E-ISAC 2023 report highlights cybersecurity triumphs and challenges in electricity sector (Industrial Cyber)  Toshiba and Orange test quantum encryption on traditional network (Computer Weekly) Hack at Services Firm Hits 2.4 Million Eye Doctor Patients (Gov Info Security) Chinese Duo Found Guilty of $3m Apple Fraud Plot (Infosecurity Magazine) VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (BleepingComputer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/02/2430m 18s

Anchoring security for US ports.

President Biden to sign EO to bolster maritime port security. Apple announces post-quantum encryption for iMessage. Malwarebytes examines the i-Soon data leak. Law enforcement airs LockBit’s dirty laundry. Varonis highlights vulnerabilities affecting Salesforce platforms. An appeals court overturns a $1 billion piracy verdict. NSA’s Rob Joyce announces his retirement. Anne Neuberger chats with WIRED.  A leading staffing firm finds its data for sale on the dark web. In our sponsored Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples from healthcare. Hackers and hobbyists push back on the proposed Flipper Zero ban.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples in healthcare. Selected Reading Biden to sign executive order to give Coast Guard added authority over maritime cyber threats (CyberScoop) Apple Announces 'Groundbreaking' New Security Protocol for iMessage (MacRumors) A first analysis of the i-Soon data leak (Malwarebytes) Cops turn LockBit ransomware gang's countdown timers against them (The Register) Security Vulnerabilities in Apex Code Could Leak Salesforce Data (Varonis) Court blocks $1 billion copyright ruling that punished ISP for its users’ piracy (Ars Technica) NSA cyber director to step down after 34 years of service (Nextgov/FCW) Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic (WIRED) Critical flaw found in deprecated VMware EAP. Uninstall it immediately (Security Affairs) Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data (HackRead) Save Flipper (Save Flipper) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/02/2436m 42s

The reign of digital terror ends.

Operation Cronos leaves LockBit operations on borrowed time. An alleged leak reveals internal operations from the Chinese Ministry of Public Security. An Israeli airline thwarts communications hijacking attempts. The alleged Raccoon Infostealer operator has been extradited to the US. ConnectWise patches critical vulnerabilities. Schneider Electric confirms a Cactus ransomware attack. Alleged Maryland money launderers face indictments. Russian hackers target media outlets in Ukraine. Our guest is Tomislav Pericin, Chief Software Architect at Reversing Labs , on the rise of software supply chain attacks. and Tinder hopes to reel in the catfish. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Tomislav Pericin, ReversingLabs Chief Software Architect, talking about the rise of software supply chain attacks. Learn more in their 2024 State of Software Supply Chain Security Report.  Selected Reading Police arrests LockBit ransomware members, release decryptor in global crackdown (BleepingComputer) U.S. and U.K. Disrupt LockBit Ransomware Variant (US Justice Department) Chinese Ministry Of Public Security Breach: Data On GitHub (The Cyber Express) Massive “i-Soon” leak reveals Chinese firm's hacking tools, targets, including NATO (The Stack) I-S00N Leaked Chinese foreign government infiltration intel on Github : r/cybersecurity (Reddit) Israeli Aircraft Survive “Cyber-Hijacking” Attempts (Infosecurity Magazine) Raccoon Infostealer operator extradited to the United States (Malwarebytes) Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! (Help Net Security) Schneider Electric confirms data was stolen in Cactus ransomware attack (IT Pro) Maryland Busts $9.5 Million #BEC Money Laundering Ring (CyberCrime & Doing Time) Several Ukrainian media outlets attacked by Russian hackers (The Record) Tinder Expands ID Checks Amid Rise in AI Scams, Dating Crimes (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/02/2430m 8s

AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]

Kathy O’Donnell is the leader of Space Solutions Architecture for AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting generative AI in the space domain. She walks us through some incredible case studies with AWS customers who are using generative AI and space technologies to improve life here on Earth. Learn more about generative AI use cases for space at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS successfully runs AWS compute and machine learning services on an orbiting satellite in a first-of-its kind space experiment | AWS Public Sector Blog AWS re:Invent 2022 - Accelerate Geospatial ML with Amazon SageMaker (AER204)  AWS re:Invent 2023 Audience Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/02/2440m 35s

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/02/2432m 12s

Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]

Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
18/02/246m 59s

Hackers come hopping back. [Research Saturday]

Ori David from Akamai is sharing their research "Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact that only internet facing applications were prioritized for Log4Shell patching and targets internal hosts, meaning that a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation.  The research states "FritzFrog has traditionally hopped around by using SSH brute force, and has successfully compromised thousands of targets over the years as a result." Over the years Akamai has seen more than 20,000 FritzFrog attacks, and 1,500+ victims. The research can be found here: Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal Learn more about your ad choices. Visit megaphone.fm/adchoices
17/02/2420m 16s

FBI initiates router revolution.

The FBI kicks Moobot out of small business routers. Sensitive data has been stolen from a state government network. AMC proposes a multi-million-dollar settlement after improperly sharing subscriber’s viewing habits. The U.S. targets an Iranian military ship in the Red Sea with a cyberattack. Lawmakers propose transparency in the use of algorithms in criminal trials. CERT-EU highlights a spear phishing spike. An infamous Zeus and IcedID operator pleads guilty. Our guests are Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how their 2024 season is shaping up. And AI comes to video. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how the 2024 season is shaping up. Selected Reading US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ (ABC News)  U.S. State Government Network Hacked Via Former Employee Account (Cyber Security News) CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks (SecurityWeek) AMC to pay $8M for allegedly violating 1988 law with use of Meta Pixel (Ars Technica) U.S. conducted cyberattack on suspected Iranian spy ship (NBC News) New bill would let defendants inspect algorithms used against them in court (The Verge) Hackers Exploit EU Agenda in Spear Phishing Campaigns (Infosecurity Magazine) Ukrainian Hacker Pleads Guilty for Leading Zeus & IcedID Malware Attacks (GBHackers on security) OpenAI introduces Sora, its text-to-video AI model  (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/02/2435m 12s

An AI arms race.

Microsoft highlights adversaries experiments with AI LLMs. A misconfiguration exposes a decades worth of emails. SentinelOne describes Kryptina ransomware as a service. The European Court of Human Rights rules against backdoors. Senator Wyden calls out a location data broker. GoldFactory steals facial scans to bypass bank security. The Glow fertility app exposes the data of twenty five million users. Qakbot returns. Our Guest Rob Boyce from Accenture talks about tailored extortion. And hacking the airport taxi line leads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Rob Boyce from Accenture talks about tailored extortion as actors continue to shift to pure data extortion, with old and new tactics. Selected Reading State-backed hackers are experimenting with OpenAI models (Cyberscoop) Staying ahead of threat actors in the age of AI (Microsoft) U.S. Internet Leaked Years of Internal, Customer Emails (Krebs on security) Kryptina RaaS | From Underground Commodity to Open Source Threat  (SentinelOne) Backdoors that let cops decrypt messages violate human rights, EU court says (Arstechnica) A company tracked visits to 600 Planned Parenthood locations for anti-abortion ads, senator says (POLITICO) Cybercriminals are stealing Face ID scans to break into mobile banking accounts (theregister) Fertility tracker Glow fixes bug that exposed users’ personal data (TechCrunch) New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer) Duo headed to prison for charging cabbies to skip JFK Airport line with Russian hackers' aid (nydailynews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/02/2430m 45s

It’s always DNS, but that may just be FUD.

It’s always DNS, but that may just be FUD. The DoD notifies victims of a cloud email server leak. New Jersey cops sue online data brokers. Crooks use WiFi jammers to thwart security systems. A copyright case against OpenAI is partially dismissed. Patch Tuesday includes two actively exploited zero days. CharmingCypress gathers political intelligence. Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. And beware Cupid’s misleading arrow. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. Check out the episode with the full conversation between Ann and Frank here.  Selected Reading KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers (SecurityWeek) US military notifies 20,000 of data breach after cloud email leak (TechCrunch) New Jersey law enforcement officers sue 118 data brokers for not removing personal info (The Record) Minnesota burglars are using Wi-Fi jammers to disable home security systems (TechSpot) Sarah Silverman’s lawsuit against OpenAI partially dismissed (The Verge) Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (BleepingComputer) DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability (The Hacker News) CharmingCypress Use Poisoned VPN Apps to Install Backdoor (Cyber Security News) Beyond the Hype: Questioning FUD in Cybersecurity Marketing  (SecurityWeek) Valentine's Day Scams Woo the Lonely-Hearted (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/02/2429m 11s

Phishing threats unleashed.

Attackers lock up Azure accounts with MFA. Bank of America alerts customers to a third party data breach. Malicious cyber activity targets elections worldwide. CISA highlights a vulnerability in Roundcube Webmail. Lawmakers introduce a bipartisan bill to enhance healthcare cybersecurity. Siemens and Schneider Electric address multiple industrial vulnerabilities. Perception in tech gender parity still has a ways to go. Dave Bittner speaks with Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, about Chinese threat actor Volt Typhoon. And the scourge of online obituary spam.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief at FBI, discussing  PRC/Volt Typhoon advisory and living off the land guidance. Read the press release on “U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure.” Selected Reading Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA (Ars Technica)  Bank of America warns customers of data breach after vendor hack (BleepingComputer) Global Malicious Activity Targeting Elections is Skyrocketing (Security Affairs) CISA Warns Of Active Attacks on Roundcube Webmail XSS Vulnerability (CISA) Bipartisan Senate Bill Requires HHS to Bolster Cyber Efforts (Gov Info Security) ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek)  Four in five men in tech say women are treated equally, as women criticise ‘invisible challenges’ (Euronews) The rise of obituary spam (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/02/2436m 19s

DOJ strikes justice.

The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on facts. Australia looks to criminalize doxxing. Federal IT leaders seek better coordination with CISA and the JCDC. Wired looks at the effect of cyberattacks on inequality. Our guest is Manny Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking cyber career opportunities for young people. And this thumb drive will self-destruct in five seconds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manuel "Manny" Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking career opportunities for young people who are interested in cyber and emergent technology. US Cyber Initiative grew out of AZ Cyber. Learn more about AZ Cyber here.  Selected Reading DOJ shuts down ‘Warzone’ malware vendor and charges two in connection (The Record) Ransomware attack forces 18 Romanian hospitals to go offline (BleepingComputer) Decryptor for Rhysida ransomware is available (Help Net Security) Canada moves to ban the Flipper Zero amid rising auto theft concerns (TECHSPOT) China’s Cyber Revenge | Why the PRC Fails to Back Its Claims of Western Espionage (SentinelOne) ‘Doxxing’ laws to be brought forward after Jewish WhatsApp leak  (The Sydney Morning Herald) Exclusive: Duke Energy to remove Chinese battery giant CATL from Marine Corps Base (Reuters) Federal IT officials call on CISA for tougher standards, more coordination (FedScoop) Priorities of the Joint Cyber Defense Collaborative for 2024 (CISA) The Hidden Injustice of Cyberattacks (WIRED) Ovrdrive USB stick with data-hiding and overheating self-destruct features nears crowdfunding goal (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/02/2436m 31s

Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]

Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
11/02/247m 41s

Ransomware is coming. [Research Saturday]

Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC." While there is evidence to support that RansomedVC runs cybercrime operations, Jon questions the claims it made regarding the authenticity of the data it stole and the methods it used to extort victims. The research states "I uncovered sensitive information about the group's leader, Ransomed Support (also known as Impotent), relating to secrets from his past." In this episode John shares his 6 key findings after spending months engaging with the lead criminal who runs RansomedVC. The research can be found here: Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC Learn more about your ad choices. Visit megaphone.fm/adchoices
10/02/2430m 48s

Imitation game: LastPass vs LassPass.

A LastPass imitator sneaks its way past Apple’s app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports fans check your passwords.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about their perspectives and initiatives in response to the cyber talent gap. Selected Reading Fake LastPass App Sneaks Past Apple's Review Team (MacRumors) Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store (LastPass) New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups (HACKREAD) New Department of Air Force partnership brings cyber, space and information units closer (DefenseScoop) Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices (SecurityWeek) FCC votes to outlaw scam robocalls that use AI-generated voices (CNN Business) US offers $10 million for tips on Hive ransomware leadership (Bleeping Computer) New legislation would give NIST drone cybersecurity responsibilities (FedScoop)  New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization (Talos Intelligence) Why Bloat Is Still Software’s Biggest Vulnerability (IEEE Spectrum) Super Bowl of Passwords: Chiefs vs. 49ers in the Battle of Cybersecurity (Security Boulevard) Taylor Swift's Influence on Cybersecurity (Enzoic) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/02/2435m 2s

Volt Typhoon’s stealthy threat to US critical infrastructure.

A joint advisory warns of Volt Typhoon’s extended network infiltration. Check your Cisco devices for patches. Fortinet clarifies its latest vulnerabilities. Internet outages plague Pakistan on election day. Kaspersky describes the new Coyote banking trojan. Cyber insurance is projected to reach new heights. The White House appoints a leader for the AI Safety Institute, and sees pushback on proposed reporting regulations. Can we hold AI liable for its foreseeable harms? Joe Carrigan joins us with insights on the Mother of All Data Breaches. The potential of Passkeys versus the comfort of passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Podcast partner and Hacking Humans co-host Joe Carrigan stops by today to discuss the mother of all data breaches. Selected Reading Chinese hackers hid in US infrastructure network for 5 years (BleepingComputer)  Akira, LockBit actively searching for vulnerable Cisco ASA devices (Help Net Security) Cisco fixes critical Expressway Series CSRF vulnerabilities (SecurityAffairs) Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (BleepingComputer)  Pakistani telcos suffer widespread Internet blackouts on election day (DCD) Coyote: A multi-stage banking Trojan abusing the Squirrel installer (Securelist) Cyber insurance market growing dramatically, Triple-I Finds (AI-TechPark) Biden Administration Names a Director of the New AI Safety Institute (SecurityWeek) No one's happy with latest US cyber incident reporting plan (The Register) DHS Is Recruiting Techies for the AI Corps (BankInfoSecurity) Can the courts save us from dangerous AI? (Vox) I Stopped Using Passwords. It's Great—and a Total Mess (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/02/2433m 27s

Taking a bite out of Apple.

A security researcher has been charged in an alleged multi-million dollar theft scheme targeting Apple. A House committee hearing explores OT security. Fortinet withdraws accidental CVEs. 2023 saw record highs in ransomware payments. A youtuber finds a cheap and easy bypass for Bitlocker encryption. Political pressure proves challenging for the JCDC. New Hampshire tracks down those fake Biden robocalls. European security agencies bolster warnings about Ivanti devices. HHS fines a New York medical center millions over an identity theft ring. On our sponsored Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, shares some practical examples of healthcare organizations transitioning to the cloud. Giving that toothbrush story the brushoff. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some practical examples in healthcare. Selected Reading A Security Researcher Allegedly Scammed Apple (404 Media) US House Homeland Security subcommittee addresses OT threats, CISA's role in securing OT - Industrial Cyber (Industrial Cyber) Operational Technology disruptions: An eye on the water sector. Robert M. Lee’s opening statement to before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection. (Control Loop podcast) Securing Operational Technology: A Deep Dive into the Water Sector (Homeland Security Events YouTube) Fortinet Patches Critical Vulnerabilities in FortiSIEM (SecurityWeek) Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error (Bleeping Computer) Ransomware hackers raked in $1 billion last year from victims (NBC News) BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM (Tom’s Hardware) The far right is scaring away Washington's private hacker army (POLITICO) N.H. attorney general says he found source of fake Biden robocalls (NBC News) European security agencies publish joint statement on Ivanti Connect Secure, Policy Secure vulnerabilities (Industrial Cyber) Medical Center Fined $4.75M in Insider ID Theft Incident (GovInfoSecurity) Surprising 3 Million Hacked Toothbrushes Story Goes Viral—Is It True? (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/02/2437m 49s

Cracking down on spyware.

The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Meta’s Oversight Board recommends updates to Facebook’s Manipulated Media policy. We’ve got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And it’s time to brush up on IOT security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In a special segment from Palo Alto Networks’ Threat Vector podcast, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dives deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. You can check out the full conversation here.  Selected Reading US to restrict visas for those who misuse commercial spyware (Reuters) Britain and France assemble diplomats for international agreement on spyware (The Record) Israeli government absent from London spyware conference and pledge (The Record) Government hackers targeted iPhones owners with zero-days, Google says (TechCrunch) Google agrees to pay $350 million settlement in security lapse case (Washington Post) Canon Patches 7 Critical Vulnerabilities in Small Office Printers  (SecurityWeek) Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Upload and JSON Protection (SOCRadar) ResumeLooters target job search sites in extensive data heist (Help Net Security) Millions at risk of fraud after massive health data hack in France (The Connexion) Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages, SenseOn research reveals (IT Security Guru) Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video (InfoSecurity Magazine) Toothbrushes are a cybersecurity risk, too: millions participate in DDoS attacks (Cybernews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/02/2433m 36s

A serious breach showdown.

Anydesk confirms a serious breach. Clorox and Johnson Controls file cyber incidents with the SEC. There’s already a potential Apple Vision Pro kernel exploit. A $25 million deepfake scam. Akamai research hops on the FritzFrog botnet. The US sanctions Iranians for attacks on American water plants. Commando Cat targets Docker API endpoints. Pennsylvania courts fall victim to a DDoS attack. A new leader takes the reins at US Cyber Command and the NSA. Our guest is Dr. Heather Monthie from N2K Networks, with insights on the White House's recent easing of education requirements for federal contract jobs. And remembering one of the great cryptology communicators.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Heather Monthie from N2K Networks shares some insight into the White House's recent easing of education requirements for federal contract jobs. You can find the background to that in our Selected Reading section.  Selected Reading AnyDesk, an enterprise remote software platform used by major firms including Raytheon and Samsung, suffered a security breach - here’s what you need to know (IT Pro) Clorox and Johnson Controls Reveal $76m Cyber-Attack Bill (Infosecurity Magazine) MIT student claims to hack Apple Vision Pro on launch day (Cybernews) Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (CNN) FritzFrog botnet is exploiting Log4Shell bug now, experts say (The Record) US sanctions Iranian officials over cyber-attacks on water plants (BBC) The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker  (Cado Security) Pennsylvania court agency's website hit by disabling cyberattack, officials say (ABC News) Cyber Command, NSA usher in Haugh as new chief (The Record) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) White House moves to ease education requirements for federal cyber contracting jobs (GAO) David Kahn, historian who cracked the code of cryptology, dies at 93 (Washington Post) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/02/2436m 7s

Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]

Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
04/02/247m 25s

Weathering the internet storm. [Research Saturday]

Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield. The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed. The research can be found here: Jenkins Brute Force Scans Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527 Learn more about your ad choices. Visit megaphone.fm/adchoices
03/02/2425m 37s

A digital leaker gets 40 years behind bars.

Former CIA leaker sentenced to 40 years. Interpol arrests suspected cybercriminals and takes down servers. Cloudflare discloses a Thanksgiving Day data breach. The FBI removes malware from outdated routers. President Biden plans to veto a Republican-led bill overturning cyber disclosure rules. Attackers target poorly managed Linux systems. Infected USB devices take advantage of popular websites for malware distribution. Blackbaud faces a data deletion mandate from the FTC. Our guest is Adam Marré, CISO of Arctic Wolf, to kick off our continuing discussion of 2024 election security. A cybersecurity incident in Georgia leads to a murder suspect on the run. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Marré, CISO of Arctic Wolf, joins us to begin our discussion of election security in 2024. Adam will be sharing their Election Cybersecurity Survey outlining key cybersecurity threats to the 2024 election season.  Selected Reading 40 years in prison for ex-CIA coder who leaked hacking tools to WikiLeaks (Digital Journey) Interpol arrests more than 30 cybercriminals in global ‘Synergia’ operation (The Record) Cloudflare Hacked After State Actor Leverages Okta Breach (HACKREAD) FBI removes malware from hundreds of routers across the US (Malwarebytes) Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules (SecurityWeek) Threat Actors Installing Linux Backdoor Accounts (ASEC) USB Malware Chained with Text Strings on Legitimate Websites Attacks Users (Cybersecurity News) FTC settles with Blackbaud over poor data practices leading to massive hack (The Record) Murder suspect mistakenly released from jail after 'cybersecurity incident'  (ABC News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/02/2432m 52s

Defending America against China's ominous onslaught.

Directors Wray and Easterly warn congress of threats from Chinese hackers. Myanmar authorities extradite pig butchering suspects. Automation remains a challenge. Snyk Security Labs plugs holes in “Leaky Vessels.” Pegasus spyware targets human rights groups in Jordan. Subtle-paws scratch at Ukrainian military personnel. White Phoenix brings your ransomed files back from the ashes. In today’s Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with MDR Senior Manager Oded Awaskar, about how AI might change the world of security operations and threat-hunting. A wee lil trick for bypassing Chat GPT guardrails. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In today’s segment of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with Oded Awaskar, an MDR Senior Manager, about threat-hunting and how AI and ML might change the world of security operations and threat-hunting. Tune in to Palo Alto Networks’ biweekly Threat Vector podcast on our network for the full conversation. If you are interested to learn more about Unit 42 World-Renowned threat hunters, visit https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting and https://www.paloaltonetworks.com/unit42/respond/managed-detection-response In coming episodes, David will discuss the impact of the SEC Cyber Rules with Jacqueline Wudyka and share a conversation with Sam Rubin, Global Head of Operations for Unit 42, about his testimony at the Congressional hearing on the growing threat of ransomware. Selected Reading Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) FBI director warns Chinese hackers aim to 'wreak havoc' on U.S. critical infrastructure (NBC News) Opening Statement by CISA Director Jen Easterly (CISA on YouTube) FBI issues dramatic public warning: Chinese hackers are preparing to 'wreak havoc' on the US (CNN on YouTube)  CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday (Bleeping Computer) iPhone Under Attack: U.S. Government Issues 21 Days To Comply Warning (Forbes) Why Are Cybersecurity Automation Projects Failing? (Security Week) Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government (The Record) Leaky Vessels: Docker and runc Container Breakout Vulnerabilities (Snyk) At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds (SecurityWeek) Online ransomware decryptor helps recover partially encrypted files (Bleeping Computer) Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor (Securonix) OpenAI's GPT-4 safety systems broken by Scots Gaelic (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/02/2435m 38s

VPN compromise causes concerns.

Global Affairs Canada investigates a major data breach. New York sues Citibank over inadequate online security. Alpha ransomware launches a dedicated leak site on the dark web. A leaked database with 50 million records may or may not be real. CISA and the FBI provide guidance for SOHO routers.Patch ‘em if ya got ‘em. Krustyloader exploits Ivanti weaknesses. Unit 42 tracks a large-scale scareware campaign. Alex Stamos calls Microsoft’s security strategies “morally indefensible.” Our guests are Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society to talk about their new podcast "Breaking Through in Cybersecurity Marketing." And do you have what it takes to protect his majesty’s royal laptop? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society join Dave to share about their podcast "Breaking Through in Cybersecurity Marketing" that is joining the N2K network. You can listen to their newest episode on our network.  Selected Reading Global Affairs investigating 'malicious' hack after VPN compromised for over one month (National Post)  Lawsuit: Citibank refused to reimburse scam victims who lost “life savings”  (Ars Technica) Unveiling Alpha Ransomware: A Deep Dive into Its Operations (Netenrich) Nearly 50 million Europcar customer records put up for sale on the dark web – or were they? (ITPro) Apple and Google Just Patched Their First Zero-Day Flaws of the Year (WIRED) Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware (Security Affairs) ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (Palo Alto Networks) Microsoft's Dangerous Addiction To Security Revenue (LinkedIn) Be the Royal Family’s Cybersecurity Manager, and get a cut-price honey dipper! (Graham Cluley)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
31/01/2434m 5s

A Typhoon counter.

The U.S. counters a Chinese hacking campaign. Juniper issues out of band patches. Schneider Electric suffers a ransomware attack. Over a million and a half individuals are affected by an insurance consulting firm breach. AT&T finds DarkGate malware leveraging Microsoft teams. The White House is set to require AI developers to share safety test results. Resecurity finds high level credentials posted online. Zscaler says Zloader malware is back. The Georgia county prosecuting former President Trump got hit with a cyberattack. Microsoft’s Ann Johnson speaks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. And yesterday’s airborne joker is off the hook.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast, talks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. Selected Reading Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz (The Hacker News) Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (The Hacker News) Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates (SecurityWeek) DarkGate malware delivered via Microsoft Teams - detection and response (AT&T) AI companies will need to start reporting their safety tests to the US government (AP) Hundreds of network operators’ credentials found circulating in Dark Web (Security Affairs) New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility (The Hacker News) Cyberattack Hits Georgia County Where Trump Is Charged (Bloomberg) British man acquitted over London-Spain flight bomb hoax (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/01/2429m 26s

Seeking dismissal of SEC allegations.

Solarwinds seeks dismissal of SEC allegations. Urgent calls to implement fixes for Jenkins open-source software automation tools. A New Jersey township closes schools and offices after a cyberattack. The Centre for Cybersecurity Belgium warns of a critical vulnerability in GitLab. The FBI arrests a notorious swatter. HHS releases cybersecurity performance goals. The feds remind organizations to preserve online messaging. Mercedes-Benz exposes data after an authentication token was left unsecured. A dark web drug dealer pleads guilty. Our guest is Caleb Barlow from Cyberbit, discussing hacker celebrities and why yours truly did not make the list. And threats of airport terrorism on public WiFi is no joking matter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Podcast partner Caleb Barlow, CEO of Cyberbit, discusses hacker celebrities and why our own Dave Bittner did not make the list. Selected Reading SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit  (Bloomberg Law) Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks (Security Boulevard) Freehold Township district: All schools and offices closed Monday due to cybersecurity incident (News12 New Jersey) WARNING: CRITICAL ARBITRARY FILE WRITE VULNERABILITY IN GITLAB CE/EE, PATCH IMMEDIATELY! (Centre for Cybersecurity Belgium) Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks (WIRED) HHS debuts voluntary cybersecurity performance goals to enhance healthcare sector resilience (Industrial Cyber) Don’t Delete Slack or Signal Chats, US Agencies Warn Companies (Bloomberg Law) How a mistakenly published password exposed Mercedes-Benz source code (TechCrunch) Dark Web Drugs Vendor Forfeits $150m After Guilty Plea (Infosecurity Magazine) ‘On My Way to Blow Up the Plane’: Teen Faces Huge Fine After Joke Leads to Fighter Jets Scrambling (Gizmodo) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/01/2430m 49s

Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]

Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help you to grow in your career," sharing that community is the key to her success and working hard to network has been a great help to her to get her where she is today. We thank Rashmi for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/01/249m 53s

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/01/2432m 12s

Hooked on pirated macOS applications. [Research Saturday]

Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. The research states "These applications are being hosted on Chinese pirating websites in order to gain victims." The discovery marks new and advanced malware, similar to the ZuRu malware, first discovered by Objective-See in 2021 within the iTerm2 application. The research can be found here: Jamf Threat Labs discovers new malware embedded in pirated applications Learn more about your ad choices. Visit megaphone.fm/adchoices
27/01/2423m 0s

A new purchase is cause for a call out.

Senator Wyden calls out the NSA for purchasing American’s internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their investments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang member will be doing some time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tony Surak from DataTribe joins us to share his take on the state of the VC cyber market. Selected Reading Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order  Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition  FTC officially asks Big Tech about their AI deals | Cybernews  GSA Sparks Security Fears After Buying Risky Chinese Cameras Akira ransomware gang says it stole passport scans from Lush • The Register Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware - SecurityWeek How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar | WIRED On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty Trickbot malware developer sentenced to 5 years behind bars • The Register Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/01/2432m 17s

Another day, another Blizzard attack.

Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors.  iOS notifications are exploited for tracking. EquiLend’s systems go offline after a cyberattack.  A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine.  The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. Selected Reading Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers (The Record) Inside a Global Phone Spy Tool Monitoring Billions (404 Media) Cisco Patches Critical Vulnerability in Enterprise Collaboration Products (SecurityWeek) Instagram and Facebook will now prevent strangers from messaging minors by default (The Verge) Research Reveals How iPhone Push Notifications Leak User Data (MacRumors) Financial tech firm EquiLend says recovery after cyberattack ‘may take several days’ (The Record) 'No gift is too small' | GALA Hispanic Theater asking for donations after hackers drain bank accounts (WUSA9) Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks (The Record) The 2024 Ransomware Threat Landscape (Symantec Enterprise Blogs) Who pays, and why: A researcher examines the ransomware victim’s mindset (The Record) Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive - SecurityWeek (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/01/2435m 32s

The fight against exploiting Americans.

Biden prepares executive order on foreign access to data. Britain’s NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans’ Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) Why Bulletproof Hosting is Key to Cybercrime-as-a-Service (Infosecurity Magazine) Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback (WIRED) Missouri secretary of state accused of withholding cybersecurity reviews of election authorities (StateScoop) Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (Check Point)  These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/01/2438m 2s

The mother of all data breaches.

The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security’s Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here.  Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA’s Easterly the target of ‘harrowing’ swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/01/2431m 49s

Midnight Blizzard brings the storm.

Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine’s Monobank gets DDoSed. N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a Time Lord.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast launching next month.    Selected Reading Microsoft: Russian Hackers Had Access to Executives' Emails (GovInfo Security) LockBit ransomware gang claims the attack on the sandwich chain Subway (Security Affairs) Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (The Record) Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (Mandiant) North Korea’s ScarCruft APT group targets infosec pros (CSO Online) FTC Order Will Ban InMarket from Selling Precise Consumer Location Data (Federal Trade Commission) US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities (SecurityWeek) Ukraine’s Monobank hit with massive DDoS attack (Silicon Republic) Senators ask DOJ to investigate whether facial recognition tech violates Civil Rights Act (The Record) RIP, Internet’s Time Lord (On My Om) Network Time Protocol (NTP) attack (noun) (Word Notes podcast) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/01/2429m 59s

Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]

CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
21/01/247m 48s

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices
21/01/2435m 3s

A firewall wake up call. [Research Saturday]

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices
20/01/2423m 1s

New malware, new threats.

Microsoft warns of an Iranian cyberespionage group. The CyberSafety Review Board receives critical reviews of its own. VMWare warns of active product exploitation. Tax info gets leaked in accounting firm breach. Kansas State University reports a cyber incident. CISA adds Citrix Netscaler vulnerabilities to its Known Exploited Vulnerabilities catalog. Councils in the UK suffer online disruptions. Cyber insurance can be a double edged sword. More email security breaches lead to firings. In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service With an update on the Cybersecurity Talent Initiative. And it’s shields up for Generation Z. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service sharing an update on the Cybersecurity Talent Initiative and how federal agencies and early career existing talent that may be interested in the program’s offerings. Selected Reading Microsoft: Iranian hackers target researchers with new MediaPl malware (Bleeping Computer) Cyber Safety Review Board needs stronger authorities, more independence, experts say (Cyberscoop) VMware vCenter Server Vulnerability Exploited in Wild (SecurityWeek) ELO accounting data breach sparks tax fraud (Cybernews) Cyber attacks on Kent councils disrupt online services (BBC) Kansas State University suffered a serious cybersecurity incident (SecurityAffairs) CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities (Malwarebytes) Cyber Insurance in the Age of Ransomware: Protection or Provocation? (SOCRadar) Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks (IT Pro) Think boomers are most vulnerable to cybersecurity attacks? Wrong. It's actually Gen Z (CBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/01/2432m 34s

A credential dump hits the online underground.

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest This segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more.  Check out the Threat Vector podcast and follow it on your favorite podcast app.  Selected Reading Researcher uncovers one of the biggest password dumps in recent history (Ars Technica) Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt) Feds warn China-made drones pose risk to US critical infrastructure (SC Media) TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News) Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today) Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD) PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs) Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes) Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News) Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group) Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint) Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/01/2431m 12s

Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]

Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network. You can hear more from the T-Minus space daily show here. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/01/2429m 34s

Maximum severity vulnerability needs critical updates.

Atlassian issues critical updates. CISA and the FBI warn of AndroxGh0st. A GPU vulnerability hits major manufacturers. A Foxconn subsidiary in Taiwan gets hacked. Australians suffer breached credit cards through credential stuffing. A parade of horrible hackers and scammers. CISO accountability is highlighted at ShmooCon. Cybersecurity VC funding plummets. On the Learning Layer, N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session. Don’t ask ChatGPT to handle your Amazon product listings.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Learning Layer with N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session he held with Jaden Dicks. Selected Reading Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability, CVE-2023-22527: Patch Now (SOCRadar) FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation (Security Affairs) A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data (TechSpot) Taiwan’s Foxconn subsidiary faces cyberattack (Taiwan News) 15,000 Aussies Affected After Binge, The Iconic Hacked (Pedestrian) Hackers post disturbing videos to online forum used by UC Irvine students (ABC7) Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else… (Bitdefender) As hacks worsen, SEC turns up the heat on CISOs (TechCrunch) Cybersecurity Startup Funding Hits 5-Year Low, Drops 50% From 2022 (Crunchbase) Amazon Is Selling Products With AI-Generated Names Like "I Cannot Fulfill This Request It Goes Against OpenAI Use Policy" (Futurism) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/01/2435m 48s

Vulnerabilities and security risks.

Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and partner Ben Yelin joins us today to discuss “The Most Critical Elements of the FTC’s Health Breach Rulemaking.” Ben is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and Co-Host of N2K’s Caveat Podcast. Selected Reading Ivanti Connect Secure zero-days now under mass exploitation (Bleeping Computer) Windows SmartScreen flaw exploited to drop Phemedrone malware (Bleeping Computer) Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (Security Affairs) GitLab Fixes Password Reset Bug That Allows Account Takeover (Security Boulevard) Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063 (Malware News) US court docs expose fake antivirus renewal phishing tactics (Bleeping Computer) Hacker spins up 1 million virtual servers to illegally mine crypto (Bleeping Computer) Ransomware gang demands €10 million after attacking Spanish council (The Record) Ransomware: Victim Insights on Harms to Individuals, Organisations and Society (Royal United Services Institute) Cybersecurity incident delays payouts for big Ohio Lottery winners (Beacon Journal) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/01/2432m 50s

Putting a dent in the cybersecurity workforce gap. [Special Edition]

In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/01/2431m 3s

Encore: Examining the current state of security orchestration. [CyberWire-X]

In this encore episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/01/2432m 13s

Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]

Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
14/01/247m 6s

Dual Russian cyber gangs hit 23 companies. [Research Saturday]

Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoting popular business software such as Zoom, Slack, and Adobe. The customers targeted are companies in the manufacturing, software, legal, retail and healthcare industries. The attacking threat actors belong to the Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. The research can be found here: Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads Learn more about your ad choices. Visit megaphone.fm/adchoices
13/01/2418m 58s

Casting a wider hiring net.

The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. Bosch thermostats are vulnerable to some hot firmware. CSAM vendors’ crypto sophistication grows. CISA released ICS advisories. On our Solution Spotlight, N2K’s Simone Petrella speaks with Kim Jones, Director of Intuit's CyberCRAFT team, about the SEC's heightened focus on cybersecurity. And a little listener feedback, Karaoke style. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K’s Simone Petrella discusses a possible hurdle with Kim Jones, Director of Intuit's CyberCRAFT team. They talk about the SEC's heightened focus on cybersecurity. Selected Reading An analysis of cyberattacks against Danish energy infrastructure. Cryptomining campaign targets weak SSH passwords. (CyberWire) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) State Legislators Tighten A.I. Rules to Combat Deceptive Election Ads (New York Times) Info-stealers can steal cookies for permanent access to your Google account (Malwarebytes) Hackers Break into AI Hiring Chatbot, Could Hire and Reject Fast Food Applicants (404 Media) Medusa Ransomware Turning Your Files into Stone (Unit 42 by Palo Alto Networks) Akira ransomware attackers are wiping NAS and tape backups  (Help Net Security) Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise (Infosecurity Magazine) Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks (WIRED) CISA Releases Nine Industrial Control Systems Advisories (CISA) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/01/2435m 14s

Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.

A zero-day hits Ivanti VPN customers. CISA highlights an active MS Sharepoint Server flaw. Cisco patches a critical vulnerability. Atomic Stealer gets updates. Sensitive school emergency planning documents are exposed online. The FCC reports on risky communications equipment. The White House will introduce new cybersecurity requirements for hospitals. Mandiant explains their X-Twitter hack. Our guest is Palo Alto Networks’ Unit 42’s David Moulton, host of the new Threat Vector podcast. And we are shocked - shocked! - to learn that an online sex for money scheme is a scam.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest David Moulton from Palo Alto Networks joins us to talk about Threat Vector. It’s Unit 42’s segment turned podcast on the N2K media network. Selected Reading Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers (The Record) CISA Urges Patching of Exploited SharePoint Server Vulnerability (SecurityWeek) Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) (Help Net Security) Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (The Hacker News) FCC's Reimbursement Program shows progress in removing national security risks from communication networks (Industrial Cyber) After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding (The Messenger) US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak (WIRED) Mandiant’s X Account Was Hacked in Brute-Force Password Attack (Infosecurity Magazine) Believing they would be paid a fortune for having sex with women, hundreds of Indian men scammed out of cash  (Graham Cluely) Threat Vector Links. To get more information on Medusa ransomware, listen to this episode of Threat Vector. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/01/2432m 52s

A pivotal global menace.

The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine’s Blackhit hits Russia’s M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is ​​Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest ​​Tim Eades from Cyber Mentor Fund joins us to discuss the growing prevalence of restoration as a part of incident response.  Selected Reading AI-powered misinformation is the world's biggest short-term threat, Davos report says (AP News) NSA: Benefits of generative AI in cyber security will outweigh the bad (IT Pro) SEC account on X ‘compromised’ and regulator has not approved bitcoin ETFs (MarketWatch) SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post (Cointelegraph) FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data (Federal Trade Commission) Entire population of Brazil possibly exposed in massive data leak (Security Affairs) China says state-backed experts crack Apple's AirDrop (Digital Journal) Fidelity National Financial says hackers stole data on 1.3 million customers (TechCrunch) Water Curupira Hackers Launch Pikabot Malware Attack on Windows Machine (GBHackers On Security) Ukrainian “Blackjack” Hackers Take Out Russian ISP (Infosecurity Magazine) Ukraine is on the front lines of global cyber security (Atlantic Council)  Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report (SecurityWeek) New research paper explores post-quantum cryptography for critical infrastructure cybersecurity (Industrial Cyber) AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure (Wall Street Journal) Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks (Reuters) January Patch Tuesday: New year, more Windows bugs (The Register) Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164 (Uptycs) Hackers can infect network-connected wrenches to install ransomware (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/01/2433m 27s

Swatting on the rise.

Swatting is on the rise. LoanDepot, the Toronto Zoo and the World Council of Churches all confirm ransomware attacks. Iran-linked hackers target Albania. Sea Turtle focuses on espionage and information theft. Fake “security researchers” offer phony ransomware recovery services. Could AI make KYC  EOL? Avast enhances Babuk decryption. Joe Carrigan looks at the human side of email security. And a group of midwives fail to deliver. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan from JHU ISI on the human elements that impact email security  Selected Reading Tanya Chutkan, the judge overseeing Trump's federal election interference case, appears to be victim of 'swatting' Special counsel Jack Smith was targeted by attempted swatting on Christmas Day LoanDepot Takes Systems Offline Following Ransomware Attack Toronto Zoo hit by ransomware attack | Cybernews Rhysida ransomware gang takes responsibility for attack on World Council of Churches Wiper malware found in analysis of Iran-linked attacks on Albanian institutions Turkish espionage campaigns in the Netherlands "Security researcher" offers to delete data stolen by ransomware attackers Gen AI could make KYC effectively useless | TechCrunch  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/01/2430m 59s

A conclusion on the xDedic Marketplace investigation.

The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing.  Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/01/2429m 53s

Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]

Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
07/01/247m 24s

Diving deep into Phobos ransomware. [Research Saturday]

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base’s Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base’s Phobos variant and other Phobos samples that have been observed in the wild since 2019.  In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed.  The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity Learn more about your ad choices. Visit megaphone.fm/adchoices
06/01/2424m 5s

Disruptions to the internet.

BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding Diversity, Equity and Inclusion (DE&I) initiatives. Selected Reading BGP attack disrupts Internet service. Pirated Zeppelin ransomware source code for sale in a C2C souk. BreachForums impresario re-arrested. (CyberWire) Hacker hijacks Orange Spain RIPE account to cause BGP havoc (Bleeping Computer) RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Law firm that handles data breaches was hit by data breach (TechCrunch) UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (The Hacker News) EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY (SecurityAffairs) BreachForums administrator detained after violating parole (The Record) Russian hackers wiped thousands of systems in KyivStar attack (Bleeping Computer) US military’s Cyber National Mission Force gets a new chief (The Record) The Hottest New Dating Site: LinkedIn (Business Insider) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/01/2431m 23s

Russian hackers hide in Ukraine telecoms for months.

Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant’s social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption.  On today’s Threat Vector segment, David Moulton chats with Garrett Boyd,  senior consultant at Palo Alto Networks Unit 42  about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Threat Vector segment with David Moulton features Garrett Boyd, a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainian cell network (reuters) Museum World Hit by Cyberattack on Widely Used Software (The New York Times) The State of Ransomware in the U.S.: Report and Statistics 2023 (Emsisoft) Nearly 1 million affected by ambulance service data breach (The Record) Mandiant’s account on X hacked to push cryptocurrency scam (Bleeping Computer) Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud (Resecurity) 23andMe tells victims it’s their fault that their data was breached (TechCrunch+) The Curious Case of MD5 (katelynsills) Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/01/2432m 0s

A digital disappearance in Utah.

Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce from Accenture talking about the Five Families, the trend of hacker collaboration.  Selected Reading Missing Riverdale foreign exchange student found near Brigham City in case of ‘cyber kidnapping’ (ABC4) What is ‘cyber kidnapping’ and what can you do to stay safe online? (Deseret News) Hospitals ask courts to force cloud storage firm to return stolen data (BleepingComputer) Homeland Threat Assessment (US Department of Homeland Security)  The Mac Malware of 2023 (Objective-See) SBU blocks webcams that ‘flashed’ operation of air defense during missile attack on Kyiv on Jan 2 (Interfax-Ukraine) Ukraine says Russia hacked web cameras to spy on targets in Kyiv (The Record)  Akumin radiology and oncology reports ransomware attack and data breach (beyondmachines) Coop supermarket chain hit by ransomware cyberattack (beyondmachines) When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition (Checkmarx) Accounts in danger: Google recommends enhanced safe browsing and extra care (cybernews) The FTC Voice Cloning Challenge (FTC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/01/2430m 26s

Apple's clickless exploit.

A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts’ AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers’ data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO of Cyberbit, joins us today to share helpful tips to remember those passwords.  Selected Reading 4-year campaign backdoored iPhones using possibly the most advanced exploit ever (Ars Technica)  New malware found in analysis of Russian hacks on Ukraine, Poland (The Record) Russian Military Intelligence Blamed for Blitzkrieg Hacks (GovInfo Security) India targets Apple over its phone hacking notifications (Washington Post) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Cyber attack on Victoria's court system may have exposed recordings of sensitive cases (ABC News)  New Black Basta decryptor exploits ransomware flaw to recover files (Bleeping Computer) Pro-Palestinian operation claims dozens of data breaches against Israeli firms (The Record) Integris Health patients get extortion emails after cyberattack (Bleeping Computer)  AG: Corewell Health reports another data breach; affects 1 million patients (The Oakland Press) LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company (Security Week) Google settles $5 billion consumer privacy lawsuit (Reuters) Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (Security Affairs) U.S. intelligence officials determined the Chinese spy balloon used a U.S. internet provider to communicate (NBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/01/2431m 32s

Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]

Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft’s effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today.    Resources: View Charlie Bell on LinkedIn   View Ann Johnson on LinkedIn     Related Microsoft Podcasts:          Listen to: Uncovering Hidden Risks  Listen to: Security Unlocked   Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.  Learn more about your ad choices. Visit megaphone.fm/adchoices
01/01/2428m 29s

Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]

Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
31/12/236m 36s

Encore: What malicious campaign is lurking under the surface? [Research Saturday]

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used. The research can be found here: Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation Learn more about your ad choices. Visit megaphone.fm/adchoices
30/12/2323m 33s

T-Minus Overview- Space Cybersecurity. [t-minus]

Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode we’re covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our first guest is Renee Wynn, former CIO of NASA. Our second guest is Matthieu Bailly, Vice President of Space at CYSEC, a cybersecurity company based in Lausanne, Switzerland. Our third guest speaking to T-Minus Producer Alice Carruth, is Steve Luczynski, Board Chairman of the Aerospace Village. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/12/2320m 33s

Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]

In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public — and then private again. You'll also learn:  When and how to raise capital, and how to manage meeting the board's expectations.  How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes.  How to view the company's history as a story with chapters and eras, and why it's important to always believe you're at the beginning of the book.  Learn more about your ad choices. Visit megaphone.fm/adchoices
28/12/2345m 11s

NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program. Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture, background, and the trajectory of cybersecurity. Thank you to Fortinet for their sponsorship of the Retail & Hospitality ISAC podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/12/231h 8m

Encore: Active visibility into OT systems. [Control Loop]

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/12/2341m 48s

“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]

Summary Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the “Godmother of the Metaverse.” What You’ll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies  Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more … Episode Notes The web will continue to evolve and change with time, but what’s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations? This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the “Godmother of the Metaverse”  Resources Featured Resource Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era, Cathy Hackl (Bloomsbury, 2023)  Metaverse Marketing [Cathy’s podcast] *Beginner Resources* What Is the Metaverse, Exactly?, Wired (2022) [Article] Web 3.0 Explained In 5 Minutes, YouTube (2022) [5 min. Video] 12 new tech terms you need to understand the future, R. Gray, BBC (2018) *SpyCasts* How Artificial Intelligence is Changing the Spy Game – with Mike Susong (2022) Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 1 of 2) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 2 of 2)  *Wildcard Resource* Watch the world’s first metaverse music video, Snoop Dogg’s “House I Built,” here! Learn more about your ad choices. Visit megaphone.fm/adchoices
26/12/231h 1m

Artificial Intelligence: Insights & Oddities [8th Layer Insights]

On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks (LinkedIn) (Website) Dr. Lynne S. McNeill, Associate Professor at Utah State University (LinkedIn) (Twitter) Dr. John Laudun, Professor at University of Louisiana at Lafayette (LinkedIn) (Twitter) (Website) Lev Gorelov, Research Director at Handshake Consulting (LinkedIn) (Twitter) (Website) Resources Interview with the AI, part one, by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman, by The New York Times The Exciting, Perilous Journey Toward AGI, Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world, by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all..., the Guardian In 2016, Microsoft’s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter—but it also learned values, IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news. Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound. 8Li cover art by Chris Machowski @ https://www.RansomWear.net/. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices
26/12/231h 5m

Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]

This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/12/2319m 52s

The CyberWire: The 12 Days of Malware. [Special Edition]

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/12/237m 28s

Sentenced to hospital detention.

A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump’s Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct)  ‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express)  Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) First American takes IT systems offline after cyberattack (Bleeping Computer) BidenCash darkweb market gives 1.9 million credit cards for free (Bleeping Computer) BidenCash (Searchlight Cyber) Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come [Updated] (Flashpoint) Share your feedback.Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/12/2329m 46s

Kingdom come, kingdom fall.

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don’t expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest Scott Roberts of Interpres joins N2K’s Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository.  Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets (Hack Read) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/12/2327m 44s

Leading the charge in cybercrime take downs.

Interpol leads cybercrime take downs. ALPHV/Blackcat is in a “tug of Tor” with the FBI.  The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today’s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K’s certification page.  Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? (The Record) Senate confirms Biden’s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing (CISA) CryptoGuard: An asymmetric approach to the ransomware battle (Sophos) Notice To Customers of Data Security Incident (Businesswire) Ukraine's Kyivstar says it is fully operational after cyber attack (Reuters) UK and partners form The Tallinn Mechanism for cyber security (Gov.UK) GCHQ Christmas challenge: Agency reveals 2023 codebreaker (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/12/2334m 5s

A dark web take down.

The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today’s Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today’s guest is Lauren Brennan of GuidePoint Security. N2K’s Rick Howard caught up with Lauren recently  at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/12/2335m 6s

14 million customers and stolen data.

A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security’s Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann’s full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network.  Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/12/2329m 18s

Oren Koren: Crossing music and cybersecurity. [Career Notes]

Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that he had a love for music growing up, and wanted to be a musician, saying music was the catalyst to him becoming interested in the cyber field, saying "I believe the music helped me a bit with my career in cybersecurity." We thank Oren for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/12/2310m 2s

Shedding light on fighting Ursa. [Research Saturday]

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
16/12/2322m 27s

Remapping privacy.

Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession.  N2K’s Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K’s Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ‘pig butchering’ scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post)  Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/12/2330m 5s

Taking down the storm.

Microsoft takes down the Storm-1152 cybercrime operation. “GambleForce” is a newly discovered threat actor.  The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules.  In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment with Palo Alto Networks Unit 42’s David Moulton, hear about decoding cyber adversaries. David discusses unveiling intent and behavior in the world of threat hunting with Madeline Sedgwick. Selected Reading Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang (TechCrunch+) New hacker group GambleForce targets government and gambling sites in Asia Pacific using SQL injections (Group-IB) Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (Joint Advisory) Malvertisers zoom in on cryptocurrencies and initial access (MalwareBytes) Russian hacker group claims responsibility for Kyivstar cyberattack (The Kyiv Independent)  New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now (The Hacker News) FCC Adopts Updates to Data Breach Rules, Sets Up Privacy Battle (Bloomberg Law) State Dept.’s Fight Against Disinformation Comes Under Attack (The New York Times) Threat Vector. In this Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a Senior Cyber Research Engineer and Threat Analyst for the Cortex Xpanse team at Palo Alto Networks, shares insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. They discuss the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/12/2330m 59s

The United Kingdom's catastrophic ransomware attack.

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202 with China’s influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202. Tim and Dave discuss China’s influence operations in Taiwan, along with a look back at 2023.  Selected Reading UK at high risk of ‘catastrophic ransomware attack’, report says (The Guardian) Roll Call Vote 118th Congress - 1st Session  (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack  (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/12/2330m 57s

An internet blackout.

A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today’s Industry Voices segment, my conversation with Andre Durand,  CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer’s code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/12/2332m 2s

China sets sights on US critical infrastructure.

China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent  a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. And 23andMe's controversial update to its terms and conditions. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. Kristie is DXC’s Senior Vice President and Chief Information Officer.  Selected Reading China’s cyber army is invading critical US services (Washington Post)  Hackers hit Erris water in stance over Israel (Western People) FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Post Gazette) White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) EU reaches deal on landmark AI bill, racing ahead of US (Washington Post)  Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (Cisco Talos) Sandman APT | China-Based Adversaries Embrace Lua (SentinelOne) 5Ghoul  : Unleashing Chaos on 5G Edge Devices (Singapore University of Technology and Design) MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF (Fortinet)  ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware (Security Intelligence) 23andMe changes terms of service amid legal fallout from data breach (Axios) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2336m 14s

Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]

Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices
10/12/235m 49s

On the hunt for popping up kernel drives. [Research Saturday]

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research can be found here: Hunting Vulnerable Kernel Drivers Learn more about your ad choices. Visit megaphone.fm/adchoices
09/12/2315m 2s

Russia here, Russia there, Russia everywhere.

Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Allan Liska, creator of Green Archer Comics, shares the first installment in a new comic book series: "Yours Truly, Johnny Dollar #1." The series follows the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, as he takes on ransomware attacks, insider threats and more. The series is based on a popular radio serial of the same name that ran from 1949 through 1962, now reimagined for the digital age. Selected Reading Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (CISA) The cyberattacks also allegedly took aim at U.S. energy networks and American spies. (Wall Street Journal) Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (The Guardian) U.S. Takes Action to Further Disrupt Russian Cyber Activities (US Department of State) Rewards for Justice (Rewards for Justice) Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign (US Department of Justice) United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (US Department of Treasury) Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover (DarkReading) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian influence and cyber operations adapt for long haul and exploit war fatigue (Microsoft) State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (Veracode) ESG Report Operationalizing Encryption and Key Management (Fortanix) Russian opposition activists use QR codes to spread anti-Putin messages (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our 5 question survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/12/2332m 5s

New vulnerability packs a punch.

Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan. Todd discusses data resiliency.  In an era where ransomware and malicious attacks are relentless, even the most secure organizations are not immune. These attacks can cripple organizations financially, operationally, and damage their reputation and compliance standing. My guest today is Todd Thorsen, CISO from CrashPlan. In this sponsored Industry Voices segment, we delve into crucial strategies for bolstering data resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/232 Selected Reading Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica)  CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps (CISA)  The Case for Memory Safe Roadmaps (Joint release) HEALTHCARE  SECTOR CYBERSECURITY (US Department of Health and Human Services) HHS releases cybersecurity strategy for health care sector (American Hospital Association) Fake Taylor Swift Quotes Are Being Used to Spread Anti-Ukraine Propaganda (WIRED) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Britain summons Russian ambassador over years-long FSB cyberespionage campaign (Reuters) NCSC exposes Russian cyber attacks on UK political processes (ComputerWeekly) Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns (NCSC) Defending Democracy (NCSC) The State of Supply Chain Defense: Annual Global Insights Report (BlueVoyant) 2023 Holiday Bad Bot Report (Kasada) Facebook and Messenger to automatically encrypt messages (BBC) Your mobile password manager might be exposing your credentials (TechCrunch) Dieselgate, but for trains – some heavyweight hardware hacking (BadCyber) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/12/2334m 3s

Push notifications pushing surveillance.

Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at  Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters)  Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia’s Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/12/2325m 34s

Sleeper malware denied at Sellafield nuclear site.

The UK Government's denial of a cyber incident at Sellafield. There’s been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today’s Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today’s Industry Voices segment, we welcome Matt Radolec. Matt is Vice President of Incident Response and Cloud Operations at Varonis. He talks about the  intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) Deputy Prime Minister annual Resilience Statement (GOV.UK) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/12/2323m 16s

Iran behind attacks on PLCs.

The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. Tune in to Microsoft Security’s Afternoon Cyber Tea podcast every other Tuesday on the N2K Network. You can hear Ann’s full interview with Lynn here.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/229 Selected Reading IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA) Water and Wastewater Cybersecurity (CISA) P2Pinfect - New Variant Targets MIPS Devices (Cado) New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Palo Alto Networks Unit 42) XDSpy hackers attack military-industrial companies in Russia (The Record) Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) Hijackable Go Module Repositories (VulnCheck) Learn more about your ad choices. Visit megaphone.fm/adchoices
04/12/2319m 27s

Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]

Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying "I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, "hey, this was a tough day" to, to, into, "all right, uh, this was a tough day because maybe I didn't commit enough time in this area, or maybe I could have had a bit better conversation with this person." We thank Bernard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/12/2310m 33s

Exploits and vulnerabilities. [Research Saturday]

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can be found here: Building an Exploit for FortiGate Vulnerability CVE-2023-27997 Learn more about your ad choices. Visit megaphone.fm/adchoices
02/12/2318m 48s

Wyden blocks the senate vote.

Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/228 Selected Reading Wyden to block Senate vote on new NSA, Cyber Command lead (Politico) Meaconing, Intrusion, Jamming, and Interference Reporting (Federation of American Scientists) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) GPS Spoofing Traced To Iran (Location Business News) Adversarial Threat Report, Third Quarter 2023 (Meta) EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’ (The Record) Microsoft warns of new ransomware campaign by Twisted Spider group (Computing) Staples confirms cyberattack behind service outages, delivery issues (BleepingComputer) Technical Report: Large Language Models can Strategically Deceive their Users when Put Under Pressure (Cornell University) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/12/2321m 40s

Widespread exploitation of severe vulnerability in ownCloud.

Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war.  On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS’ers are looking for volunteers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner, an XSIAM Consultant at Palo Alto Networks. David and John delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  T-Minus commentary on JAXA’s cyber threat.  Dave is joined by T-Minus Space Daily host, Maria Varmazis, to discuss the significant cyber threat faced by Japan’s Aerospace Exploration Agency, known as JAXA. Listen to yesterday’s episode of T-Minus where they covered the incident.  Selected Reading ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (Ars Technica) Associated Press, ESPN, CBS among top sites serving fake virus alerts (Malwarebytes) VIDAR INFOSTEALER STEALS BOOKING.COM CREDENTIALS IN FRAUD SCAM (Secureworks) Japan space agency hit with cyberattack, rocket and satellite info not accessed (Reuters) Okta October breach affected 134 orgs, biz admits (The Register) October Customer Support Security Incident - Update and Recommended Actions (Okta) Okta Hack Update Shows Challenges in Rapid Cyber Disclosures (Wall Street Journal) US seizes Sinbad crypto mixer used by North Korean Lazarus hackers (Bleeping Computer) Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency (US Department of Treasury) Crypto Country:  North Korea’s Targeting of Cryptocurrency (Recorded Future) New SugarGh0st RAT targets Uzbekistan government and South Korea (Cisco Talos) Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns (Politico) NATO Holds Cyber Defense Exercise as Wartime Hacking Threats Rise (Wall Street Journal) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/11/2326m 51s

Major crackdown on international cybersecurity.

A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site.  In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resumé after a breach. CyberWire Guest We have 2 guests today. First, Dave recently spoke with Eric Goldstein, Executive Assistant Director at CISA, about their new Secure by Design Alerts program that launched today.  And, Tim Starks from the Washington Post’s Cybersecurity 202 stopped by to share some insight into some of the latest trending cybersecurity headlines.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/226 Selected Reading Police dismantle ransomware group behind attacks in 71 countries (Bleeping Computer) Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol (Eurojust) Water and Wastewater Cybersecurity (CISA) (TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Water ISAC) Iran hits Pennsylvania water utility. (CyberWire) North Texas water utility serving 2 million hit with cyberattack (The Record)  DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT (Security Affairs) Slovenian power company hit by ransomware (Help Net Security) Qlik Sense Exploited in Cactus Ransomware Campaign (Arctic Wolf) Qlik Sense Enterprise for Windows - New Security Patches Available Now (Qlik) DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters)  Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk (Dark Reading) Use IAM securely (Google)  Learn more about your ad choices. Visit megaphone.fm/adchoices
29/11/2328m 40s

Hospitals on the hotplate after ransomware attacks.

Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And there’s discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/225 Giving Tuesday Our team offers up some suggestions for Giving Tuesday should you feel inclined to join us in sharing your time, talents or treasures on this day of giving back.  Arizona Cyber Initiative Association for Women in Science BlackGirlsHack Cyber Guild Exceptional Minds G{Code} Girls Who Code Lurie Children's Hospital NFAR Melwood Tech Kids Unlimited WiCyS Women of Cyberjutsu Selected Reading Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states (CNN)  Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Ardent Health Services Reports Information Technology Security Incident (BusinessWire) Vanderbilt University Medical Center investigating cybersecurity incident (The Record) Criminal hacking group breaches data, including Premier Health (WDTN 2 News) Global Threat Intelligence Report (Blackberry) ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER (Check Point Research) Operation Electric Powder – Who is targeting Israel Electric Company? (ClearSky Cyber Security) New Rust-based SysJoker backdoor linked to Hamas hackers (Bleeping Computer) WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne)  Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media (The Register)  Ukraine’s Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Cybercriminals can’t agree on GPTs (Sophos) Learn more about your ad choices. Visit megaphone.fm/adchoices
28/11/2324m 6s

Hacktivists assemble to attack Pennsylvania water utility.

Iranian hacktivists claim an attack on a Pennsylvania water utility. North Korea's increased attention to supply-chains. Rhysida's action against British and Chinese targets. Sandworm activity puts European power utilities on alert. Neanderthals and the Telekopye bot. Mirai-based botnet activity. Our guest is Chris Betz, the new CISO of AWS Security, with insights on the upcoming AWS re:Invent conference. And just how easy is it to track the comings and goings at Mar-a-Lago? CyberWire Guest Our guest today is Chris Betz, the new CISO of AWS Security giving us some insight into what to expect at the AWS re:Invent conference. You can connect with Chris on LinkedIn and find out more about AWS re:Invent on the event website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/224 Selected Reading Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (KDKA News) Iranian-linked cyber army had partial control of Aliquippa water system (Beaver Countian) Cyber Av3ngers Claim Israeli MEKOROT National Water Company Hack (Cyberwarzone) A hack in hand is worth two in the bush (Securelist by Kaspersky) Diamond Sleet supply chain compromise distributes a modified CyberLink installer (Microsoft) UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains (National Cyber Security Centre) Rhysida (SentinelOne) Rhysida, the new ransomware gang behind British Library cyber-attack (The Guardian) RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK (Security Affairs) #StopRansomware: Rhysida Ransomware (CISA) Russia continuing cyberthreats against NATO countries (Defence Industry Europe) Europe’s grid is under a cyberattack deluge, industry warns (Politico) Telekopye: Chamber of Neanderthals’ secrets (ESET) InfectedSlurs Botnet Spreads Mirai via Zero-Days (Akamai) We Spied on Trump’s ‘Southern White House’ From Our Couches (Rolling Stone) Learn more about your ad choices. Visit megaphone.fm/adchoices
27/11/2320m 49s

Chris Hare: Find just three people. [Development] [Career Notes]

This week, we invite our very own Chris Hare, N2K's Project Management Specialist Content Developer, to join and discuss her career. Growing up, Chris shares that she wanted to be a veterinarian, which slowly turned into her becoming a writer for the first part of her career. She shares that she started off writing marketing copy for the technology and E-commerce space, writing for everyone from NASA to adopting the written voice of the comedian, Wayne Brady. She shares that she was able to come up into her career after finding three people that were willing to help her when she needed it. She says "I became what I like to think of as a Pied Piper of seeking out three types of people. First, someone who needed help. Second, a person who served as a mechanism for my self improvement through my jealousy of them. And third, a person who gave me the nudge to continuously improve." We thank Chris for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/11/239m 39s

Encore: Another infection with new malware. [Research Saturday]

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit megaphone.fm/adchoices
25/11/2319m 25s

Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]

This interview from October 20th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, our very own Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/11/2324m 22s

Cops in the catfish game. [Hacking Humans Goes to the Movies]

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Chicago P.D. Rick's clip from the movie: The Imitation Game Learn more about your ad choices. Visit megaphone.fm/adchoices
23/11/2329m 18s

On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.

CISA issues joint Cybersecurity Advisory on Citrix Bleed. Law enforcement takes down "pig butchering" operations. Altman will return to OpenAI. Israeli honeypots deployed during the war. A renaissance in electronic warfare. And a response in the form of countermeasures. Ihab Shraim, Chief Technology Officer at CSC, shares how the growing popularity of AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world. And online safety during the holidays. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/223 Selected reading. CISA issues joint Cybersecurity Advisory on Citrix Bleed. (CyberWire) Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (U.S. Department of Justice) China Rounds Up 31,000 Suspects in Sweeping ‘Pig-Butchering’ Crackdown (Wall Street Journal) OpenAI Says Sam Altman to Return as CEO (Wall Street Journal) Altman Agrees to Internal Investigation Upon Return to OpenAI (Information) Sam Altman, OpenAI Board Open Talks to Negotiate His Possible Return (Bloomberg) Before Altman’s Ouster, OpenAI’s Board Was Divided and Feuding (New York Times) Altman Argued With OpenAI Board Member Toner Before Ouster (Information) The Invisible War in Ukraine Being Fought Over Radio Waves (New York Times) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) Shopping securely on Black Friday (and beyond). (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/11/2323m 4s

Threat actors with mixed motives: from the political to the financial.

OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/222 Selected reading. Company that created ChatGPT is thrown into turmoil after Microsoft hires its ousted CEO (AP News) The Doomed Mission Behind Sam Altman’s Shock Ouster From OpenAI (Bloomberg) Briefing: OpenAI Execs to Continue Discussions With Altman, Board: Memo (The Information) OpenAI in ‘Intense Discussions’ to Quell Potential Staff Mutiny (Bloomberg) Microsoft Wants to Work With Altman, No Matter What, Says CEO (Bloomberg) Briefing: Microsoft CEO Nadella Says Altman Could End Up at Microsoft or OpenAI; Board Governance Should Change (The Information) Sam Altman's AI 'mission continues' at Microsoft, future of OpenAI and ChatGPT uncertain (ZDNET) OpenAI’s Customers Consider Defecting to Anthropic, Microsoft, Google (The Information) OpenAI’s Board Approached Anthropic About Merger (The Information) The Vast Majority of OpenAI Employees Ask the Board to Resign (The Information) Konni Campaign Distributed Via Malicious Document (Fortinet Blog)  Ukraine sacks top cyber defence officials amid graft probe (Reuters) Two top Ukrainian cyber officials dismissed amid embezzlement probe (Record) Ukraine fires top cybersecurity officials (TechCrunch) Ukraine-Russia war: Ukraine sacks 'corrupt' cyber defence chiefs (The Telegraph) Kronos Research halts trading amid $25M API key hack investigation (Cointelegraph) Kronos Research Loses $26 Million in Unauthorized API Access Incident (Bitcoin News) Canadian government discloses data breach after contractor hacks (BleepingComputer) Idaho National Laboratory experiences massive data breach; employee information leaked online (East Idaho News) Detailed data on employees of U.S. national security lab leak online (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/11/2322m 35s

Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.

Leadership turmoil at OpenAI. Citrix Bleed vulnerability implicated in ransomware attacks. QakBot seems to have a successor. The FSB deploys LitterDrifter in cyberespionage against Ukraine. Russian security firm says China and North Korea are the source of most cyberattacks against Russia. Privateers and auxiliaries engage targets of opportunity. Ann Johnson from Afternoon Cyber Tea talks about leading edge cyber innovation with Nadav Zafrir. And alleged war crimes may include cyber operations conducted in support of other, conventional, kinetic war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/221 Selected reading. OpenAI announces leadership transition (OpenAI) A statement from Microsoft Chairman and CEO Satya Nadella (The Official Microsoft Blog) A timeline of Sam Altman’s ouster from OpenAI and Microsoft appointment (Reuters)  Sam Altman leaves OpenAI: Everything you need to know (Computing) OpenAI Employees Threaten to Quit Unless Board Resigns (Wall Street Journal) Sam Altman to Join Microsoft Following OpenAI Ouster (Wall Street Journal) Dozens of Staffers Quit OpenAI After Sutskever Says Altman Won’t Return (The Information) AI to accelerate your security defenses (IBM) OpenAI’s Board Set Back the Promise of Artificial Intelligence (The Information) A New AI Lexicon: Existential Risk (AI Now) Hackers Are Exploiting a Flaw in Citrix Software Despite Fix (Bloomberg) Medusa ransomware gang claims Toyota Financial Services hack (Security Affairs)  CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack (SecurityWeek)  Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks (Record) Are DarkGate and PikaBot the New QakBot? (Cofense) Decrypting Danger: Check Point Research deep-dive into cyber espionage tactics by Russian-origin attackers targeting Ukrainian entities (Check Point Blog) Malware Spotlight - Into the Trash: Analyzing LitterDrifter (Check Point Research)  Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine (Security Affairs)  Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks (The Hacker News)  Remarks by Assistant Secretary Graham Steele at the Federal Insurance Office and NYU Stern Volatility and Risk Institute Conference on Catastrophic Cyber Risk and a Potential Federal Insurance Response (U.S. Department of the Treasury)  Russian analysts point finger at China, North Korea over cyber activity (Record)  How Pro-Ukrainian Hackers Have Undermined Russia's War Every Step Of The Way (WorldCrunch) Ukraine says it has evidence of 109,000 Russian war crimes (POLITICO) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/11/2319m 13s

Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]

Ian Blumenfeld, a Research Director from Two Six Technologies sits down to share his story with us. Ian begins his story by sharing he wanted to be a scientist, slowly he began to figure out and pinpoint more of what he liked about science, which ended up being math. Ian explains how math began to become a passion for him, and he eventually tried to pursue a career in it by teaching. He discovered teaching was not the thing for him and then started to move into the direction he wanted too, taking on more and more challenging roles until he landed where he is today. Ian says "If you're a smart person and you have skills in coding, you can swim. So it's okay to jump. It's okay to jump into the lake, you can swim. Something will get you out. You will have, you will be able to find a job. So, if you see something that looks cool, if you see something that advances you to the next stage of your career, if you have to take a little bit of a risk, it's okay." Ian wants to be someone who helped make the world a little better when it comes to code and wants to shares his desires and passions with the community. We thank Ian for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/11/2310m 44s

Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]

In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi, Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy, VP, Leadership & Business at Skillsoft Lauren Zabierek, Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices
19/11/2350m 46s

The malicious YoroTrooper in disguise. [Research Saturday]

Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focused threat actor, YoroTrooper, to individuals based in Kazakhstan. The research states "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region." They also found that the YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. The research can be found here: Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan Learn more about your ad choices. Visit megaphone.fm/adchoices
18/11/2316m 35s

AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]

Buffy Wajvoda is the Global Leader for Space Solutions Architecture at AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting cybersecurity in the space domain. You can learn more at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS re:Invent The security attendee’s guide to AWS re:Invent 2023- AWS Blog Viasat Deploys Resilient Tactical Edge Capability with AWS- YouTube How We Sent an AWS Snowcone into Orbit- AWS Blog How to improve your security incident response processes with Jupyter notebooks- AWS Blog  Supporting security assessors in the Canadian public sector with AWS and Deloitte- AWS Blog Establishing hybrid connectivity within a Canadian Centre for Cyber Security Medium Cloud reference architecture- AWS Blog   Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC- AWS Blog Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/11/2331m 31s

Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.

Scattered Spider prompts warnings from CISA and the FBI. Phobos ransomware is an affiliate crimeware-as-a-service program. A "hack-for-hire" contractor. “Scama” in the C2C market. Our guest is Lee Clark from the RH-ISAC with a look at Holiday Season Cyber Threat Trends. Tim Eades from Cyber Mentor Fund shares recent trends in cyber venture capital, with tips on finding a good match. And the tempo of cyber operations in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/220 Selected reading. FBI and CISA Release Advisory on Scattered Spider Group (Cybersecurity and Infrastructure Security Agency | CISA)  FBI warns on Scattered Spider hackers, urges victims to come forward (Reuters)  U.S. officials urge more information sharing on prolific cybercrime group (CyberScoop)  A deep dive into Phobos ransomware, recently deployed by 8Base group (Cisco Talos Blog)  Understanding the Phobos affiliate structure and activity (Cisco Talos Blog) Elephant Hunting | Inside an Indian Hack-For-Hire Group (SentinelOne)  How an Indian startup hacked the world (Reuters)  Scama: Uncovering the Dark Marketplace for Phishing Kits (Vade Secure) Ukraine Tracks a Record Number of Cyber Incidents During War (Bank Info Security)  Russia will target other countries for web attacks, Ukraine cyber defence chief warns (The Irish Times)  Sandworm Linked to Attack on Danish Critical Infrastructure (Infosecurity Magazine)  Why cyber war readiness is critical for democracies (Help Net Security)  Learn more about your ad choices. Visit megaphone.fm/adchoices
17/11/2331m 14s

Shopping during wartime? Focus, people.

Cyber safety for the holidays. Using regulatory risk to pressure a ransomware victim. A call for regulatory action against a supply chain threat. Rhysida malware: a warning and a description. Extending local breaches in Google Workspace. Protestware in open-source products. GRU's Sandworm implicated in campaign against Danish electrical power providers. Jason Meller, Founder & CEO of Kolide joins us as part of our sponsored Industry Voices segment to discuss the findings from The Shadow IT Report. In this Threat Vector segment, David Moulton sits down with Sama Manchanda, a consultant at Unit 42 to discuss the fascinating world of social engineering attacks. And donation scams: exploiting sympathy. In this Threat Vector segment, David Moulton engages in an enlightening conversation with Sama Manchanda, a consultant at Unit 42. The duo embarks on an exploration of the fascinating world of social engineering attacks, delving into the distinct characteristics of phishing, smishing, and vishing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/219 Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected reading. New Visa Report Tells Consumers to Stay Alert this Holiday Shopping Season (Business Wire) Ransomware gang files SEC complaint over victim’s undisclosed breach (BleepingComputer) 11-14-2023 EFF Letter to FTC re: Malware on Android TV Set-Top Boxes (EFF) #StopRansomware: Rhysida Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) Investigating the New Rhysida Ransomware (Fortinet Blog) Analyzing Rhysida Ransomware Intrusion (Fortinet Blog) The Chain Reaction: New Methods for Extending Local Breaches in Google Workspace (Bitdefender) Protestware taps npm to call out wars in Ukraine, Gaza (ReversingLabs) Russia's Sandworm Linked to Unprecedented Danish Energy Hack (Bloomberg). Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (The Hacker News) Denmark hit with largest cyberattack on record (Cybernews) Attackers Exploit Crisis for Fraudulent Crypto Donations (Abnormal) Learn more about your ad choices. Visit megaphone.fm/adchoices
16/11/2329m 38s

Examining the current state of security orchestration. [CyberWire-X]

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/11/2332m 13s

A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.

A look back at Patch Tuesday. BlackCat uses malicious Google ads. Social engineering in the third quarter of 2023. Are small businesses in denial about ransomware? Molerats have some new tools. Israel turns to NSO Group's Pegasus to search for hostages taken by Hamas. Tim Starks from the Washington Post examines the potential aftermath of a Russian group hitting a Chinese bank. In our Learning Layer, Sam Meisenberg helps a student understand and create a strategy for the CISSP CAT. And a cyberespionage campaign is attributed to Russia's SVR. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/218 Selected reading. Adobe Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA)  Fortinet Releases Security Updates for FortiClient and FortiGate (Cybersecurity and Infrastructure Security Agency | CISA)  VMware Releases Security Update for Cloud Director Appliance (Cybersecurity and Infrastructure Security Agency | CISA)  CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA)  Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency | CISA)  Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (BleepingComputer) SAP Security Patch Day for November 2023 (Onapsis) The ALPHV/BlackCat Ransomware Gang is Using Google Ads to Conduct… (eSentire) Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage (Kroll)  OpenText Cybersecurity 2023 Global Ransomware Survey: The risk perception gap (OpenText Blogs) TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities (Proofpoint)  Israel's NSO unleashes controversial spyware in Gaza conflict (Axios)  APT29 Attacks Embassies Using CVE-2023-38831 (NCSCC) Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
15/11/2330m 21s

The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.

CISA and the FBI issue an update on Royal Ransomware. A look at Smash-and-grab ransomware attacks as well as Cloud vulnerabilities. A pre-Black Friday look at card skimmers. Fences, and their place in organized cybercrime. DP World Australia restores port operations. Joe Carrigan on scammers taking advantage of the Bitrex crypto market being shut down. In our Industry Voices segment, Usama Houlila from CrossRealms International shares his insights on the pivotal role of AI in cybersecurity. And LockBit may be drawing unwelcome attention to itself.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/217 Selected reading. #StopRansomware: Royal Ransomware (Cybersecurity and Infrastructure Security Agency | CISA)  FBI: Royal ransomware asked 350 victims to pay $275 million (BleepingComputer)  The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners (Sophos) Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation (Illumio Cybersecurity Blog) Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season (PR Newswire)  Credit card skimming on the rise for the holiday shopping season (Malwarebytes) The Fencers: The Lynchpin of Organized Retail Crime Enterprise (Nisos) DP World cyberattack blocks thousands of containers in ports (BleepingComputer) Operations at Major Australian Ports Significantly Disrupted by Cyberattack (SecurityWeek)  Australian Ports Recover From Cyber Incident (Bank Info Security) DP World: Australia sites back online after cyber-attack (BBC News) Australian ports resume some operations after major cyberattack (CNN) Australia Cyberattack Leaves 30,000 Containers Stuck at Ports (Bloomberg)  Hacking Gang Behind Attack on Largest Global Lender Says It Got Ransom Payment (Bloomberg) Gang says ICBC paid ransom over hack that disrupted US Treasury market (Reuters)  After a surprise cyberattack, the world's largest bank had to shuffle a USB stick around Manhattan to do business (PC Gamer) WSJ News Exclusive | ICBC Hackers Used Methods Previously Flagged by U.S. Authorities (Wall Street Journal)  Inside Wall Street's scramble after ICBC hack (Reuters)  Did a ransomware gang mess up by attacking a U.S. arm of China’s biggest bank? (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
14/11/2328m 37s

Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.

Australian ports are recovering from a cyberattack. SysAid is hit by Cl0p user Lace Tempest. Ransomware targets China's largest bank. LockBit doxes Boeing as Boeing hangs tough on paying ransom. Docker Engine for DDoS. Rick Howard looks at the SEC’s targeting of SolarWinds’ CISO. And Anonymous Sudan claims attacks on ChatGPT and Cloudflare. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/216 Selected reading. Freight giant DP World recovers from cyber attack, but warns investigation and remediation is 'ongoing' (ABC) DP World port operations in Australia recovering after cyber-attack (The Loadstar)  Ransomware attack against China's largest bank. (CyberWire) China's biggest lender ICBC hit by ransomware attack (Reuters) Ransomware attack on ICBC disrupts trades in US Treasury market (Financial Times)  Hackers Hit Wall Street Arm of Chinese Banking Giant ICBC (Wall Street Journal) LockBit finally publishes its proof-of-hack as Boeing hangs tough. (CyberWire) SysAid On-Prem Software CVE-2023-47246 Vulnerability (SysAid)  Critical Vulnerability: SysAid CVE-2023-47246 (Huntress) SysAid Zero-Day Vulnerability Exploited By Lace Tempest (Rapid7) SysAid vulnerability exploited. (CyberWire) OracleIV - A Dockerised DDoS Botnet (Cado Security) Anonymous Sudan and OpenAI. (CyberWire) Russia-Linked Hackers Claim Credit for OpenAI Outage This Week (Bloomberg)  Major ChatGPT Outage Caused by DDoS Attack (SecurityWeek)  Anonymous Sudan and Skynet claim Cloudflare DDoS takedown (Cyber Daily) Cloudflare website downed by DDoS attack claimed by Anonymous Sudan (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices
13/11/2327m 37s

Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]

Grace Cassy, and Associate Fellow from Ten Eleven Ventures sits down to share her career path, getting her to where she is now. Grace spent 10 years in the UK Diplomatic Service, working on global security policy in Asia, Europe, and the Americas. Earlier in her career she was an advisor to Prime Minister Tony Blair, specializing in Asia and national security. She also co-founded Epsilon Advisory Partners, a strategy and growth firm working with world-leading global technology companies and investors. Now she is a Co-founder at CyLon and is an Early Stage Investor in cybersecurity companies. She says "I think we probably don't need too many more words, but we definitely need a bit more action." We thank Grace for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2310m 36s

CSO Perspectives Bonus: Veterans Day special.

Rick Howard (The Cyberwire’s Chief Analyst, CSO, and Senior Fellow), and the cast of the entire Cyberwire team, honor our U.S. veterans on this special day. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/11/2317m 34s

Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.

CISA, FEMA, and Shields Ready. Ransomware operators exploit 3rd-party tools. A Bittrex bankruptcy phishing campaign. Spammers abuse Google Forms quizzes. Imperial Kitten in action against Israeli targets. Iranian cyberattacks against Israel are called "reactive and opportunistic." In our sponsored Industry Voices segment, Adam Bateman from Push Security outlines how attackers are targeting cloud identities. Luke Vander Linden from RH-ISAC speaks with Target's Ryan Miller and Leah Schwartzman about the evolving fraud landscape retailers are facing with the holidays approaching. And Sandworm and Ukraine's power grid: 2022 attacks may foreshadow the winter of 2023 and 2024. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/215 Selected reading. Shields Ready | CISA (Cybersecurity and Infrastructure Security Agency CISA)  DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA)  US Urges Critical Infrastructure Firms to Get “Shields Ready” (Infosecurity Magazine)  US launches “Shields Ready” campaign to secure critical infrastructure (CSO Online)  DHS Launches New Critical Infrastructure Security and Resilience Campaign (SecurityWeek)  Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (FBI)  Phishing Attack Driven by Bittrex Bankruptcy (Abnormal)  Spammers abuse Google Forms’ quiz to deliver scams (Cisco Talos Blog) IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations (CrowdStrike) Microsoft shares threat intelligence at CYBERWARCON 2023 (Microsoft Security) Iran and Hamas showed no signs of cyber coordination in run-up to war, researchers say (Washington Post)  Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) Russian spies behind cyber attack on Ukraine power grid in 2022 - researchers (Reuters)  Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption (RadioFreeEurope/RadioLiberty)  Ukraine updates: Russia hacked Kyiv's power grid — report – DW – 11/09/2023 (Deutsche Welle)  Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes (SecurityWeek)  Energy security at forefront of NATO-Ukraine Council meeting (NATO) Learn more about your ad choices. Visit megaphone.fm/adchoices
09/11/2333m 35s

No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.

CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security.  Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/214 Selected reading. CISA Sees Smooth Election Day Operations, No ‘Credible’ Threats (Meritalk)  The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft)  Singapore’s Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Chinese APT Targeting Cambodian Government (Unit 42)  Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post)  Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) Learn more about your ad choices. Visit megaphone.fm/adchoices
08/11/2327m 9s

Cybercriminals at the service of the state, and an array of new underworld tools.

Data brokers offer information on active US military personnel. Current BlueNoroff activity. A new Gootloader variant is active in the wild. Atlassian vulnerabilities actively exploited. The prevalence of breaches. Update on a Barracuda vulnerability. Hacktivism and the cyber course of the Hamas-Israel war. Bot-hunting in Ukraine. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Sharon Barber, Chief Information Officer at Lloyds Banking Group, about cyber trends in financial services. Ben Yelin looks at the ease of purchasing US military personnel data from data brokers And election security is in the news–an off-year election is an election nonetheless. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/213 Selected reading. Researchers find sensitive personal data of US military personnel is for sale online (CNN) How foreigners can buy data on US military members, for the right price (POLITICO) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) BlueNoroff strikes again with new macOS malware (Jamf) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 (Rapid7)  Armis Research Finds One-Third of Global Organizations Experienced Multiple Security Breaches in Last 12 Months (Armis) Technical analysis: Barracuda Email Security Gateway by Quentin Olagne (Vectra)  Maccabi Tel Aviv basketball team website comes under cyber attack (The Jerusalem Post)  The Digital Frontline of the Israel-Hamas Conflict Could Extend Long After the War (Inkstick)  Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war (SC Media)  Israel’s cyber defense chief tells CNN he is concerned Iran could increase severity of its cyberattacks (CNN) SBU blocks 76 bot farms with 3 mln fake accounts since start of full-scale war (Interfax-Ukraine)  On Election Day, CISA and Partners Coordinate on Security Operations (Cybersecurity and Infrastructure Security Agency) Cerby Releases “Threat Briefing: Social Media Security and Elections Volume II,” Providing a Detailed Analysis of Security Gaps in Social Media Platforms (Cerby) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/11/2328m 16s

Precautions, preparations, and resilience against cybercrime and hacktivism.

A precautionary shutdown at a major US mortgage lender. Call centers as targets. A push to decouple data and identity. The cyber front in the Hamas-Israeli war. Hacktivism and state-sponsored cyberattacks against Israel. The instructive case of TASS and managing influence operations. Deepen Desai from Zscaler talking about the TOITOIN Trojan. Our guest is Joe Nocera, of PwC sharing their latest Global Digital Trust Insights survey and the impact of the SEC's new cybersecurity disclosure rules. And cybercrime on the side of Ukraine (or at least, cybercrime against Russia). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/212 Selected reading. Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack (SecurityWeek) TransUnion Report Shows Fraud Attacks on Financial Industry Call Centers Rising (Transunion) A Bold New Plan to Make Cloud Computing More Secure (IEEE Spectrum)  The Cyberwarfare Front of the Israel-Gaza War (The National Interest) Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors (Unit 42) GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel (Uptycs)  Kremlin Sacks TASS Chief for Wagner Mutiny Coverage (The Moscow Times)  Russia's 2nd-Largest Insurer Rosgosstrakh Hacked; 400GB of Data Sold Online (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Learn more about your ad choices. Visit megaphone.fm/adchoices
06/11/2330m 56s

CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]

As we progress in this technological age, both cybersecurity and critical infrastructure continue to be at the forefront of prevention, protection, mitigation, and recovery conversation topics. From a frontline worker to the top of the C-Suite, security is something we all should be aware of and concerned about. The CyberCon event began in 2018 and provides an opportunity to learn more about cybersecurity and critical infrastructure as well as collaborate with fellow security professionals.  Dave Bittner recently spoke at CyberCon 2023 at Bismarck State College in North Dakota. While there, he had the opportunity to interview 4 members of the conference planning committee (all past or current chairs of the event) for a better understanding of the event, its focus on a mix of critical infrastructure and cybersecurity, and how the event has evolved over the years. Dave speaks with: Troy Walker, Director of Sales and Marketing at Dakota Carrier Network & 2023 conference chair, sharing the history of CyberCon its unique focus on critical infrastructure and cybersecurity. Tony Aukland, Technology Outreach Manager for the State of North Dakota IT & previous conference chair, giving us the truth about CyberCon and its origin story. Bill Heinzen, Information Security Team Lead at National Information Solutions Cooperative and previous event chair, talking about developing the cybersecurity candidate pool in North Dakota. John Nagel, CEO and Founder of CYBERNET SECURITY and past event chair, discussing sustainability of the CyberCon and its critical infrastructure focus. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/11/2344m 5s

Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]

Jeffrey Wheatman, Cyber Risk Evangelist, from Black Kite joins to share his amazing story. As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremost as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs. In his current role as Cyber Risk Evangelist at Black Kite, Jeffrey works to get the message out about the business impact of third-party risk and solutions to treat those risks. Jeffrey shared his career, along with is passion for cyber by explaining some of the roles he did moving up into his role today. He says as a leader we all need to be aware of the fact that "We make mistakes and I I'm a, I'm a big believer in sharing those mistakes and I think it's important to open the raincoat as it were, and let people understand that we're not perfect, we all need help and then that way they feel comfortable coming to you and asking for help" We thank Jeffrey for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/11/2310m 44s

Sandman doesn't slow malware down. [Research Saturday]

Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman. The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, they call this malware "LuaDream," which exfiltrates system and user information, paving the way for further precision attacks. The research can be found here: Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit Learn more about your ad choices. Visit megaphone.fm/adchoices
04/11/2322m 58s

In the offense-defense see-saw, the defense seems to be rising.

An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evidence of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a lesson from Russia's war: cyber defense now has the advantage over cyber offense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/211 Selected reading. Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware (SecurityWeek)  HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (BleepingComputer)  Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 (Huntress)  Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 (Rapid7)  HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation (U.S. Department of Health and Human Services) AP news site hit by apparent denial-of-service attack (AP News)  Associated Press hit by Anonymous Sudan DDoS attack? (Tech Monitor) Satellites and social media offer hints about Israel's ground war strategy in Gaza (NPR)  Revisiting the Gaza Hospital Explosion (New York Times) Microsoft Vows to Revamp Security Products After Repeated Hacks (Bloomberg)  A new world of security: Microsoft’s Secure Future Initiative (Microsoft On the Issues)  Announcing Microsoft Secure Future Initiative to advance security engineering (Microsoft Security)  Ukraine at D+617: Advantage defense. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
03/11/2333m 27s

The beginning of an international consensus on AI governance may be emerging from Bletchley Park.

Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SEC’s case against Solar Winds. In today’s Threat Vector segment David Moulton from Unit 42 is joined by Matt Kraning of the Cortex Expanse Team for a look at Attack Surface Management. And Venomous Bear rolls out some new tools. On the Threat Vector segment, David Moulton, Director of Thought Leadership for Unit 42, is joined by Matt Kraning, CTO of the Cortex Expanse Team. They dive into the latest Attack Surface Management Report. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/210 Threat Vector Read the Attack Surface Management Report. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected reading. The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (GOV.UK) US Vice President Harris calls for action on "full spectrum" of AI risks (Reuters)  Elastic catches DPRK passing out KANDYKORN (Elastic Security Labs) North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware (The Hacker News) Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic (Cointelegraph)  An info-stealer campaign is now targeting Facebook users with revealing photos (Record) Mass Exploitation of 'Citrix Bleed' Vulnerability Underway (SecurityWeek) MuddyWater eN-Able spear-phishing with new TTPs | Deep Instinct Blog (Deep Instinct)  Centre's Cyber Watchdog CERT-In To Probe iPhone "Hacking" Attempt Charges (NDTV.com) Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) (Unit 42) Learn more about your ad choices. Visit megaphone.fm/adchoices
02/11/2331m 12s

Hacktivism in two hybrid wars (with an excursus on gastropods).

The Hamas-Israel war continues to be marked by hacktivism. Arid Viper's exploitation of Arabic speaker's Android devices. Iran shows improved cyberespionage capabilities. A URL shortener in the C2C market. Taking down the Mozi botnet. Ransomware in healthcare. Two are Russians arrested on treason charges, accused of hacking for Ukraine. In our sponsored Industry Voices segment, Anna Belak from Sysdig shares a new threat framework for the cloud. Rick Howard previews his new online course on cyber security first principles. And no, Russia hasn’t really replaced its currency with Arctic Ocean gastropods. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/209 Selected reading. ‘Hacktivists’ join the front lines in Israel-Hamas war (C4ISRNet)  The global cyber divide between Gaza and Israel - IT-Online (IT-Online) Arid Viper disguising mobile spyware as updates for non-malicious Android applications (Cisco Talos Blog) In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities (New York Times) FBI ‘keeping a close eye’ on Iranian hackers as Israel-Hamas war intensifies (Record) Why Iran Is Gambling on Hamas (Foreign Affairs) To Aid and Abet: Prolific Puma Helps Cybercriminals Evade Detection (Infoblox Blog) Who killed Mozi? Finally putting the IoT zombie botnet in its grave (ESET) The State of Ransomware in Healthcare 2023 (Sophos) Russian security service detains two hackers allegedly working for Ukraine (Record)  Pro-Ukraine group says it breached Russian card payment system (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices
01/11/2328m 25s

What would it take to get you kids into a nice, late-model malware mealkit?

Malicious packages are found attached to NuGet. Russia will establish its own substitute for VirusTotal. Commodity tools empower low-grade Russian cybercriminals. Malware mealkits, and other notes from the cyber underground. Insights from a Cybersecurity workforce study. Mr Security Answer Person John Pescatore looks at MFA. Drew Rose from Living Security on the very scary human side of cyber attacks. And more details from President Biden’s Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/208 Selected reading. IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations (ReversingLabs)  Russia to launch its own version of VirusTotal due to US snooping fears (Record). Russian hacking tool floods social networks with bots, researchers say (Record)  How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime (Trend Micro) HP Wolf Security Threat Insights Report Q3 2023 (HP Wolf Security) How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce (ISC2) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (The White House) Learn more about your ad choices. Visit megaphone.fm/adchoices
31/10/2326m 8s

Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)

The Hive ransomware gang may be back, and rebranded. Coinminers exploit AWS IAM credentials. LockBit claims to have obtained sensitive information from Boeing. Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory, while internet and telecoms are down in Gaza. Deepfakes have an effect even when they're not used. Joe Carrigan explains executive impersonations on social media. Our guest is David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security firm, ForAllSecure, discussing spooky zero days and vulnerabilities. And President Biden releases a US Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/207 Selected reading. New Hunters International ransomware possible rebrand of Hive (BleepingComputer)  CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys (Palo Alto Networks Unit 42) Boeing assessing Lockbit hacking gang threat of sensitive data leak (Reuters) Ukrainian hackers disrupt internet providers in Russia-occupied territories (Record)  Israel steps up air and ground attacks in Gaza and cuts off the territory's communications (AP News)  The Destruction of Gaza’s Internet Is Complete (WIRED) Rocket Alert Apps Warn Israelis of Incoming Attacks While Gaza Is Left in the Dark (WIRED). Elon Musk’s Starlink to help Gaza amid internet blackout (Record) Families of Hostages Kidnapped by Hamas Turn to Phone Pings for Proof of Life (WIRED) Israel Taps Blacklisted Pegasus Maker to Track Hostages in Gaza (Bloomberg) A.I. Muddies Israel-Hamas War in Unexpected Way (New York Times)  FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (The White House) Administration Actions on AI (AI.gov)  The US Executive Order on artificial intelligence is out. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
30/10/2328m 16s

The Malware Mash! [Bonus]

Enjoy this CyberWire classic. They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices
30/10/233m 5s

Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]

Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique insights on embracing the responsibility of serving as a role model to women aspiring to contribute to the cybersecurity field, and the importance of building a diverse team. She says "Really, it's about building community in your organization and outside your organization of strong women or strong friends that you have that you can lean on when you know you're the only person in the room." We thank Nicole for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/10/2310m 24s

No rest for the wicked HiatusRAT. [Research Saturday]

Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware called HiatusRAT that targeted business-grade routers. The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observed reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations." This shift in information gathering and targeting preference exhibited in the latest campaign is synonymous with the strategic interest of the People’s Republic of China according to the 2023 ODNI threat assessment. The research can be found here: No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action Learn more about your ad choices. Visit megaphone.fm/adchoices
28/10/2323m 1s

Social engineering as a blunt instrument–almost like swatting without the middleman.

Eastern European gangs overcome their reservations about working with anglophone criminals. Mirth Connect is vulnerable to a critical flaw. A look at a mercenary spyware strain. “PepsiCo” as phishbait. Ben Yelin explains the FCC’s renewed interest in Net Neutrality. Our guest is Wade Baker from the Cyentia Institute with insights on measuring risk. And Europol thinks police should take a good look at quantum computing and law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/206 Selected reading. Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction (Microsoft Security) MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (Record) Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data (SecurityWeek)  Examining Predator Mercenary Spyware (HYAS) Fresh Phish: The Case of the PepsiCo Procurement Ploy (INKY)  U.S. Tries New Tack on Russian Disinformation: Pre-Empting It (New York Times)  ESET APT Activity Report Q2–Q3 2023 (We Live Security)  Russian hackers claim takedown of WA’s Transperth transport agency with DDoS attack (Cyber Daily)  The Second Quantum Revolution: The impact of quantum computing and quantum technologies on law enforcement (Europol Innovation Lab)  Learn more about your ad choices. Visit megaphone.fm/adchoices
27/10/2328m 18s

Some intelligence services understand the value of being underestimated.

StripedFly gets reclassified. YoroTrooper is interested in the Commonwealth of Independent States. The current state of DDoS attacks. Ukrainian hacktivists deface Russian artists' Spotify pages. Trolls amplify a Musky meme. In our Industry Voices segment, Matt Howard from Virtru explains securing data at the employee edge. Our guest is Seth Blank from Valimail, to discuss email security and DMARC. And while trolls might like Mr.Musk, the crooks heart Mr. Gosling. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/205 Selected reading. Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner (Zeroday) Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan (Cisco Talos Blog) DDoS threat report for 2023 Q3 (The Cloudflare Blog)  Russian artists’ Spotify accounts defaced by pro-Ukraine hackers (Record)  Elon Musk Mocked Ukraine, and Russian Trolls Went Wild (WIRED) Ryan Gosling Tops McAfee’s 2023 Hacker Celebrity Hot List (Business Wire) Learn more about your ad choices. Visit megaphone.fm/adchoices
26/10/2330m 22s

AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.

Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And Winter Vivern exploits a mail service 0-day. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/204 Selected reading. AI vs. human deceit: Unravelling the new age of phishing tactics (Security Intelligence) Ransomware attacks on US healthcare organizations cost $20.8bn in 2020 (Comparitech)  Cyberattack at 5 southwestern Ontario hospitals leaves patients awaiting care (CBC News)  State of Security for Financial Services (Swimlane) Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services (Business Wire) Hamas’ online infrastructure reveals ties to Iran APT, researchers say (CSO Online)  Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future (Recorded Future) Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities (Record)  Bloomberg: Russia steps up cyberattacks to disrupt Ukraine’s key services (Euromaidan)  Pro-Russia group behind today’s mass cyberattack against Czech institutions (Expats.cz) Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers (We Live Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
25/10/2330m 19s

Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.

DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank. How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexity. And hey, Marianne–don’t let the bedbugs bite.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/203 Selected reading. Cyber attacks in the Israel-Hamas war (The Cloudflare Blog) China's crackdown on cyber scams in Southeast Asia ensnares thousands but leaves the networks intact (AP News)  12 people arrested for bank malware scam, youngest being just 17 (The Independent Singapore News)  Spain arrests 34 cybercriminals who stole data of 4 million people (BleepingComputer)  Police Disrupt Ragnar Locker Ransomware Group (Infosecurity Magazine)  Ragnar Locker Ransomware Boss Arrested in Paris (Dark Reading)  E-Root marketplace credential-selling admin extradited to US (Register) Ukraine security services involved in hack of Russia’s largest private bank (Record) NordVPN study: Privacy policy awareness (NordVPN) Russia spread bedbug panic in France, intelligence services suspect (The Telegraph)  Learn more about your ad choices. Visit megaphone.fm/adchoices
24/10/2328m 6s

How people get over on the content moderators.

Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for the next Super BowI. And the International Criminal Court confirms that it’s sustained a cyberespionage incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/202 Selected reading. Okta says hackers used stolen credentials to view customer files (Record) Cisco discloses new IOS XE zero-day exploited to deploy malware implant (BleepingComputer) Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers (IC3) A stern glance from all Five Eyes. (CyberWire)  DarkGate malware campaign (WithSecure)  The Fraud Next Door: First-Party Fraud Runs Rampant in America (PR Newswire) Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups (Wall Street Journal)  Israel's burial society website comes under cyberattack (Jerusalem Post)  Sheba Medical Center Hit by Cyber Attack (Jewish Press)  Health Ministry disconnects the remote connection of several hospitals following cyber attack (Jerusalem Post) EU asks Meta, TikTok to account for their response to Israel-Hamas disinformation (Record)  Pro-Palestinian creators use secret spellings, code words to evade social media algorithms (Washington Post)  Web Summit CEO resigns after comments on Israel-Hamas conflict (Reuters)  YouTube is Autogenerating Videos for Songs Advocating the Expulsion of Muslims from India (bellingcat)  Palestinians Claim Social Media 'Censorship' Is Endangering Lives (WIRED)  International Criminal Court says cyberattack was attempted espionage (TechCrunch)  War crimes tribunal says September cyberattack was act of espionage (Record)  International Criminal Court investigating “unprecedented” cyberattack (Cybernews)  Learn more about your ad choices. Visit megaphone.fm/adchoices
23/10/2330m 24s

Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]

This week, we welcome Jennifer Reed, a Principal Solutions Architect at Amazon Web Services (AWS) to sit down and share her amazing story. After Jennifer graduated high school, she immediately went into Marine Corps training, which she shared was a shock to her because she was the only woman when she got out into the fleet and every single place that she went. She eventually moved on from the military after learning some programming tools, and went into the financial services industry doing systems engineering. She got called back to active duty, and then afterwards landed at AWS. She shares that being a woman in this industry can be challenging at time, but she says "I do feel, um, good about the things I've overcome, but I also don't want it to be so hard for the next person, if that makes sense. I don't want them to have to have those same struggles to kind of overcome any perceptions that someone might have due to their their gender or their background." We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/10/2310m 11s

AMBERSQUID hides in the depths. [Research Saturday]

Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation." Attackers are targeting what are typically considered secure AWS services, like AWS Fargate and Amazon SageMaker. This means that defenders generally aren’t as concerned with their security from end-to-end. The research states "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances." This poses additional challenges targeting multiple services since it requires finding and killing all miners in each exploited service. The research can be found here: AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation Learn more about your ad choices. Visit megaphone.fm/adchoices
21/10/2317m 37s

Disinformation and its often overlooked potential for denial-of-services.

Hacktivism and influence operations in the Hamas-Israel war. An OilRig cyberespionage campaign prospects a Middle Eastern government. Emailed bomb threats in the Baltic. Darkweb advertising yields insight into ExelaStealer malware. Casio discloses breach of customer data. The FCC proposes a return to net neutrality, while Consumer Financial Protection Bureau proposes data-handling rules under Dodd-Frank. Deepen Desai from ZScaler shares insights on MOVEit transfer vulnerabilities. Our own Simone Petrella speaks with Google’s Tatyana Bolton about the challenges of bridging the cyber talent gap. And RagnarLocker has been taken down by international law enforcement.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/201 Selected reading. Intel, defense officials tell senators that Israel did not strike hospital  (The Hill) Early U.S. and Israeli Intelligence Says Palestinian Group Caused Hospital Blast. Cyberattacks linked to Israel-Hamas war are soaring (Fast Company)  NSO, Israeli cyber firms help track missing Israelis and hostages (Haaretz)  Lithuanian interior minister says emailed bomb threats are coordinated regional cyber-attack (Baltic Times) Another InfoStealer Enters the Field, ExelaStealer (Fortinet Blog) Q3 Report: Email Threat Trends Latest edition: PDF Popularity, Callback Phishing and Redline Malware (VIPRE) Casio Issues Apology and Notice Concerning Personal Information Leak Due to Unauthorized Access to Server | CASIO (CASIO Official Website)  Human Error: Casio ClassPad Data Breach Impacting 148 Countries (Hackread)  Casio data breach 2023 caused worldwide panic (Dataconomy) Casio discloses data breach impacting customers in 149 countries (BleepingComputer)  FCC Revives ‘Net Neutrality,’ Proposes New Regulations for Internet Service (Wall Street Journal)  FCC begins second quest for net neutrality (TechCrunch) CFPB Proposes Rule to Jumpstart Competition and Accelerate Shift to Open Banking (Consumer Financial Protection Bureau) RagnarLocker ransomware dark web site seized in international sting (TechCrunch)  Ragnar Locker ransomware site taken down by FBI, Europol (Record)  One of the most destructive ransomware gangs is being taken down by law enforcement (Axios) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/10/2332m 1s

Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.

Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On today’s Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick Howard talks with Jen Miller Osborn about the 10th anniversary of ATT&CKcon. And the epistemology of open source intelligence: tweets, TikToks, Instagrams–they’re not necessarily ground truth. Threat Vector To delve further into this topic, check out this upcoming webinar by Palo Alto's Unit 42 team on November 9, 2023, "The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations." Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/200 Selected reading. Government-backed actors exploiting WinRAR vulnerability (Google)  The forgotten malvertising campaign (Malwarebytes) Hacker leaks millions of new 23andMe genetic data profiles (BleepingComputer)  Exploring The Malicious Usage of QR Codes (SlashNext |)  How to Protect Against Evolving Phishing Attacks (National Security Agency/Central Security Service) GuidePoint Research and Intelligence Team’s (GRIT) 2023 Q3 Ransomware Report Examines the Continued Surge of Ransomware Activity (GuidePoint) Ukrainian activists hack Trigona ransomware gang, wipe servers (BleepingComputer)  Navigating the Mis- and Disinformation Minefield in the Current Israel-Hamas War (ZeroFox) War Tests Israeli Cyber Defenses as Hack Attempts Soar (Bloomberg) U.S. says Israel ‘not responsible’ for Gaza hospital blast; Biden announces ‘unprecedented’ aid package in speech (Washington Post) Three clues the Ahli Arab Hospital strike came from Gaza (The Telegraph)  Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know What’s Real (WIRED)  ‘Verified’ OSINT Accounts Are Destroying the Israel-Palestine Information Ecosystem (404 Media) Learn more about your ad choices. Visit megaphone.fm/adchoices
19/10/2331m 52s

Hacktivist discipline is inversely correlated with sincerity of commitment.

Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator’s ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's Sam Meisenberg is joined by Phil, an N2K client who leads Talent Development at a large telecommunication company. They discuss the challenges and best practices of rolling out a large-scale corporate re-skilling program, including increasing learner engagement, accountability, and the importance of internal talent development and recognition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/199 Selected reading. Blast kills hundreds at Gaza hospital; Hamas and Israel trade blame, as Biden heads to Mideast (AP News) In deadly day for Gaza, hospital strike kills hundreds (Reuters)  Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine (ComputerWeekly.com)  Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine)  Israel-Hamas war illuminates trouble with political hacking groups (Axios)  ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE (CYFIRMA)  Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation (New York Times)  Hamas Hijacked Victims’ Social Media Accounts to Spread Terror (New York Times) TV advertising sales giant affected by ransomware attack (Record) Chilean government warns of Black Basta ransomware attacks after customs incident (Record) Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks (Cado Security) DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future (DigiCert)  SpyNote Android malware spreads via fake volcano eruption alerts (BleepingComputer)  Learn more about your ad choices. Visit megaphone.fm/adchoices
18/10/2335m 7s

Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.

A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measuring human risk. And, as always, criminals see misery as opportunity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/198 Selected reading. Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information (The Cloudflare Blog) Disclosing the BLOODALCHEMY backdoor (Elastic Security Labs)  BLOODALCHEMY provides backdoor to ASEAN secrets (Register)  Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos Blog) Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica) Cisco warns of actively exploited zero-day in IOS XE software (Computing)  Widespread Cisco IOS XE Implants in the Wild (VulnCheck) Steam enforces SMS verification to curb malware-ridden updates (BleepingComputer) Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA)  CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide (Cybersecurity and Infrastructure Security Agency)  CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (The Hacker News)  CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations (Cluster25)  Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (The Hacker News)  Cyberattack targets Belgian public service websites for second time in a week (Brussels Times)  Spam trends of the week: Spammers piggyback on the Israel-Gaza war to plunder donations (Hot for Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
17/10/2330m 27s

Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.

Hacktivism and disinformation in the war between Hamas and Israel. LockBit claims an attack on CDW. Shadow PC's breach. Void Rabisu deploys a lightweight RomCom backdoor against the Brussels conference. Rick Howard describes Radical Asymmetric Distribution. Our guest is Jason Birmingham from Broadridge Financial Solutions with a look at asset management. And coin mining as a potential front for espionage or a staging area for sabotage. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/197 Selected reading. How hackers piled onto the Israeli-Hamas conflict (POLITICO)  Israel-Gaza War Now Includes Accompanying Cyber Warfare (Channel Futures)  How Cyberattacks Could Affect the Israel-Hamas War (Bank Info Security)  Medical aid for Palestinians website under cyber attack affecting relief efforts (mint)  Rumors of a ‘Global Day of Jihad’ Have Unleashed a Dangerous Wave of Disinformation (WIRED)  Hamas in rare English ‘press conference’ as it tries to counter global condemnation (The Telegraph)  In Israel-Hamas conflict, social media become tools of propaganda and disinformation (DFRLab)   A flood of misinformation is shaping how panicked citizens, global public view the war (Washington Post)  How Israel-Hamas War Misinformation Is Spreading Online (TIME) Misinformation Is Warfare (TIME)  Meta responds to EU misinformation concerns regarding Israel-Hamas conflict (Engadget)  Briefing: Meta Details Efforts to Remove War-Related Disinformation (The Information) Cloud gaming firm Shadow says hackers stole customers' personal data (TechCrunch)  PC streaming service Shadow discloses security breach (The Verge)  Shadow silent on data breach as hacked data appears genuine (TechCrunch)  530K people's info stolen from cloud PC gaming's Shadow (Register)  CDW investigating ransomware gang claims of data theft (Record)  Lockbit ransomware gang demanded an 80 million ransom to CDW (Security Affairs)  Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (Trend Micro) Women Political Leaders Summit targeted in RomCom malware phishing (BleepingComputer)  Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (New York Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
16/10/2330m 56s

Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]

Susan Hinrichs, Chief Scientist at Aviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and academic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect at Cisco where she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for eight years at the University of Illinois at Urbana-Champaign (UIUC) where she developed a hands-on Security Lab introduction course for students in her first year, and later in her tenure, along with two colleagues, created a malware analysis course designed for senior students. With all of the amazing things she's done in her career, she shares the advice to new comers into the field, saying "I think also as you're trying to get that next job either as a student or as a professional trying to change direction a little bit, if you're coming into interviews being able to talk about a project that you worked on, even if it's not a project that really anyone uses, but if it's something that's interesting that you have in depth understanding of, uh, I think is super valuable to get you noticed." We thank Susan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/10/239m 32s

Unwanted guests harvest your information. [Research Saturday]

Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat research team identified a new threat referred to as QwixxRAT. The Uptycs team discovered this tool being widely distributed by the threat actor through Telegram and Discord platforms. The research states "QwixxRAT is meticulously designed to harvest an expansive range of information from browser histories and credit card details, to keylogging insights." This newly found tool poses a risk to both businesses and individual users Unwanted Guests: Mitigating Remote Access Trojan Infection Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
14/10/2317m 21s

Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.

Hacktivism and nation-state involvement in the cyber phases of war in the Middle East, and the use of Telegram. Russian groups squabble online. Healthcare cybersecurity and its implications for patient care. The Looting of FTX on the day of its bankruptcy. Joe Carrigan shares research from the Johns Hopkins University Information Security Institute. Our guest is Mike Walters from Action1, marking the 20th anniversary of Patch Tuesday. And CISA releases two new resources against ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/196 Selected reading. Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) Israel Sees Cyber Incursions Across Digital Systems (Wall Street Journal)  Hackers infiltrated Israeli smart billboards to post pro-Hamas messages, reports say (Business Insider)  THE HAMAS ISRAEL : CONFLICT EXPLAINER - CYFIRMA (CYFIRMA) The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram (Flashpoint)  Cyber Aggression Rises Following the October 2023 Israel-Hamas Conflict (Radware)  EU opens probe into X over Israel-Hamas war misinformation (Financial Times)  EU opens formal investigation into illegal content on X (Computing)  X removes hundreds of Hamas-affiliated accounts since attack, CEO says (Reuters)  US cyber agencies in 'very close contact' with Israel after unprecedented Hamas attacks (Nextgov.com)  Five threats security pros everywhere need to focus on as the Middle East war escalates (SC Media)  Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023 (Proofpoint)  New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers (WIRED)  CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware | CISA (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
13/10/2328m 36s

Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.

Hacktivists join both sides of Hamas's renewed war. Disinformation and content control in social media. Storm-0062 exploits an Atlassian 0-day. Curl and Libcurl vulnerabilities. Betsy Carmelite from Booz Allen on how to expand and diversify the Cyber Talent Pool. Our guest is Kuldip Mohanty, CIO of North Dakota. And some further reflections on hacktivism and the laws of war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/195 Selected reading. False Alarm of Hezbollah Aircraft Infiltration Underlines Israeli Concern of Multi-Front War (FDD) Israel-Hamas conflict extends to cyberspace (CSO Online) Hamas-Israel Cyber War Escalates: What We Know So Far (Technopedia)  Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal)  X promises 'highest level' response on posts about Israel-Hamas war. Misinformation still flourishes (AP News)  Europe gives Mark Zuckerberg 24 hours to respond about Israel-Hamas conflict and election misinformation (CNBC) Elon Musk Is Shitposting His Way Through the Israel-Hamas War (WIRED) Facebook video of Biden prompts probe into Meta content policy (Financial Times)  MIDDLE EAST : A CYBER ARMS RACE (CYFIRMA)  Storm0062 exploits Atlassian 0-day. (CyberWire) Curl and Libcurl vulnerabilities. (CyberWire) Ukraine at D+595: Sabotage in the Baltic Sea. (CyberWire) A Hacktivist Code of Conduct May Be Too Little Too Late (OODA Loop) Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2333m 5s

Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.

Cyber operations in Hamas's war, Cryptocurrency as a source of funding, and Russian hacktivist auxiliaries shifting their focus. Not all influence operations involve disinformation. Rapid Reset is a Novel DDoS attack. A resurgent credential phishing campaign. Ann Johnson from Afternoon Cyber Tea speaks with Ram Shankar Siva Kumar and Dr. Hyrum Anderson about the promise, peril, and impact of AI. Our own Rick Howard talks cyber intelligence in the medical vertical with Taylor Lehmann of Google. And a quick look back at Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/194 Selected reading. Hackers make their mark in Israel-Hamas conflict (Axios)  Hacktivists take sides in Israel-Palestinian war (Record)  Cyberattacks Targeting Israel Are Rising After Hamas Assault (Time)  Hacktivists stoke Israel-Gaza conflict online (Reuters)  Hackers, some tied to Russia, target Israeli media and government websites (MSN)  Hamas Militants Behind Israel Attack Raised Millions in Crypto (Wall Street Journal)  Cryptocurrency fueled Hamas' war machine (Quartz)  The Israeli police cyber unit, Lahav 433, has frozen the cryptocurrency accounts of Hamas (Odessa Journal)  U.S. surging cyber support to Israel (POLITICO Pro)  Savvy Israel-linked hacking group reemerges amid Gaza fighting (CyberScoop)  Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal)  Hamas Seeds Violent Videos on Sites With Little Moderation (New York Times)  Social media platforms foment disinformation about war in Israel (Record)  Hamas terrorists post murder of Israeli grandmother on her Facebook page (The Telegraph)  How to limit graphic social media images from the Israel-Hamas war (Washington Post)  Briefing: EU Commissioner Asks Musk for Information on “Illegal Content and Disinformation” Spreading on X (The Information) EU warns Elon Musk of 'penalties' for disinformation circulating on X amid Israel-Hamas war (CNN)  Hamas Got Around Israel’s Surveillance Prowess by Going Dark (Bloomberg)  ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History (SecurityWeek) New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records (BleepingComputer)  The largest cyberattack of its kind recently happened. Here’s how. (Washington Post)  New technique leads to largest DDoS attacks ever, Google and Amazon say (Record)  HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 (Cybersecurity and Infrastructure Security Agency CISA) LinkedIn Smart Links Fuel Credential Phishing Campaign (Cofense) Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business (SecurityWeek)  Microsoft's October Patch Tuesday update resolves three zero-days (Computing)  Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA)  Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop (SecurityWeek)  Citrix Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2327m 31s

The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.

Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheon’s Jon Check about supporting and shaping the next generation of the cyber workforce. Grady Summers from SailPoint outlines the importance of organizations managing and protecting access to critical data. And a look at CISOs willingness to pay ransom.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/193 Selected reading. The Israel-Hamas War Is Drowning X in Disinformation (WIRED)  As false war information spreads on X, Musk promotes unvetted accounts (Washington Post)  Elon Musk’s X Cut Disinformation-Fighting Tool Ahead of Israel-Hamas Conflict (The Information)  US opinion divided amid battle for narrative over Hamas attack on Israel (the Guardian) Zelensky Compares Assault by Hamas on Israel to Moscow’s Invasion of Ukraine (New York Times)  Russia cites ‘concern’ but does not condemn Hamas attack on Israel (Washington Post)  The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape (ReliaQuest)  Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App  Hacktivism erupts in Middle East as Israel declares war (Register)  The Israel-Hamas War Erupts in Digital Chaos (WIRED)  Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews)  Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks  (SecurityWeek) Israel’s government, media websites hit with cyberattacks (Cybernews)  Website of Jerusalem Post crashes after multiple cyberattacks (OpIndia)  Ukraine cyber-conflict: Hacking gangs vow to de-escalate (BBC News)  North Korea Suspected in Massive Hack of DeFi Project Mixin (OODA Loop)  Assessed Cyber Structure and Alignments of North Korea in 2023 (Mandiant)  Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan (Symantec) The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages (Akamai)  Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service (Hack Read)  23andMe user data breached in credential-stuffing attack (Engadget)  ‘Your DNA is for sale on the black market’: 23andMe data breach exposes customers (The Daily Dot)  23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (WIRED)  23andMe data breach affects a million users with Jewish heritage (Dataconomy) D.C. voter records for sale in cybercrime forum (CyberScoop)  Hackers access voter information in DC Board of Elections data breach (WTOP News)  DC Board of Elections investigates voter data breach (NBC4 Washington)  The CISO Report (Splunk) October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty (Help Net Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
10/10/2332m 27s

Solution spotlight: Paths to cybersecurity. [Interview Select]

Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. You can view the video of this interview here. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/10/2321m 0s

Susie Squier: You're never alone. [President] [Career Notes]

Susie Squier, President of the Retail and Hospitality ISAC, or Information Sharing and Analysis Center, sits down to share her incredible story starting to get her into the cyber community. She first started getting into PR through an internship she did in college, then moved around a few times gaining experience everywhere she went. Susie shares some wise advice, discussing not only her managing style, but also how she handles situations, along with how she deals with adversity. She says "I also have realized over time that I'm never in this alone, whether that's your personal life or your work life and even here, uh, in addition to a great team, all great team." She hopes people will jump in to the world of cyber with an open mind, and though it may be frightening at first, she says you just need to dive in anyway and not be afraid to try new things. We thank Susie for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/10/239m 46s

Targets from DuckTail. [Research Saturday]

Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collection operation to decode DuckTail’s maneuvers. Through an intensive three-month period of monitoring, Zscaler was able obtain unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. The research states "DuckTail threat actors primarily target users working in the digital marketing and advertising space. Unfortunately, the tech layoffs occurring in 2022 and 2023 introduced more eager candidates into the digital market - meaning more prime targets for DuckTail." The research can be found here: A Look Into DuckTail Learn more about your ad choices. Visit megaphone.fm/adchoices
07/10/2315m 28s

Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.

NSA and CISA release a list of the ten most common misconfigurations along with Identity and access management guidelines. The Predator Files. Cyber cooperation between Russia and North Korea. Hacktivist auxiliaries hit Australia. Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law. The direction of Russian cyber operations. Dave Bittner speaks with Andrea Little Limbago from Interos to talk about geopolitics, cyber and the C-suite. Rick Howard talks with John Hultquist, Chief Analyst at Mandiant, at the mWISE 2023 Cybersecurity Conference about cyber threat intelligence. And, finally, adventures in catphishing: “LoveGPT.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/192 Selected reading. NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations (Cybersecurity and Infrastructure Security Agency CISA) CISA and NSA Release New Guidance on Identity and Access Management (Cybersecurity and Infrastructure Security Agency CISA) Microsoft Digital Defense Report 2023 (Microsoft) Predator Files | EIC (European Investigative Collaborations) Meet the ‘Predator Files,’ the latest investigative project looking into spyware (Washington Post) NORTH KOREA–RUSSIA SUMMIT : A NEW ALLIANCE IN CYBERSPACE? - CYFIRMA (CYFIRMA)  Australia’s home affairs department hit by DDoS attack claimed by pro-Russia hackers (the Guardian)  Pro-Russia hacktivist group targets Australian government agencies over support for Ukraine (Cyberdaily.au)  Home Affairs, Administrative Appeals Tribunal websites hit by cyber attacks (SBS News)  ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines (Record)  Espionage fuels global cyberattacks (Microsoft On the Issues)  LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT (Avast Threat Labs) Learn more about your ad choices. Visit megaphone.fm/adchoices
06/10/2330m 7s

Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.

Apple patches actively exploited iOS 17 vulnerability. Qakbot's survival of a major takedown. BADBOX puts malware into the device supply chain. LoonyTunables and a privilege-escalation risk. Scattered Spider believed responsible for cyberattack against Clorox. Sony discloses information on its data breach. In today’s Threat Vector segment, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. Dave Bittner sits down with Eric Goldstein, Executive Assistant Director at CISA, to discuss shared progress against the ransomware threat. And the Kremlin tightens control over the Russian information space. On this segment of Threat Vector, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/191 Selected reading. Apple emergency update fixes new zero-day used to hack iPhones (BleepingComputer) Apple releases iOS 17.0.3 to address iPhone 15 overheating issues (Computing)  Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day (SecurityWeek)  Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (Cisco Talos Blog) HUMAN Disrupts Digital Supply Chain Threat Actor Scheme Originating from China (HUMAN) Trojans All the Way Down: BADBOX and PEACHPIT (Human) 'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover (Dark Reading) Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions (The Hacker News)  Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)  Clorox Warns of a Sales Mess After Cyberattack (Wall Street Journal) Sony confirms data breach impacting thousands in the U.S. (BleepingComputer) Sony sent data breach notifications to about 6,800 individuals (Security Affairs)  Russian Offensive Campaign Assessment, October 4, 2023 (Institute for the Study of War) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/10/2325m 27s

A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.

EvilProxy phishes for executives. Typosquatting to deliver a rootkit. Stream-jacking on YouTube. A global look at risk management. Assistance from a diverse set of international partners. In our Solution Spotlight segment, Simone Petrella speaks with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. Dave Bittner previews the 3rd annual SOC Analyst Appreciation Day with Kayla Williams of Devo. And some guidelines for hacktivists engaged in hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/190 Selected reading. EvilProxy Phishing Attack Strikes Indeed (Menlo Security) Typosquatting campaign delivers r77 rootkit via npm (ReversingLabs) A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular (Bitdefender Labs)  The C-suite playbook: Putting security at the epicenter of innovation (PwC) European Peace Foundation (EPF) opens cyber classroom for Ukrainian Armed Forces - EU NEIGHBOURS east (EU NEIGHBOURS east)  Rethinking Security When So Many Threats Are Invisible (New York Times) 8 rules for “civilian hackers” during war, and 4 obligations for states to restrain them (EJIL: Talk!) Learn more about your ad choices. Visit megaphone.fm/adchoices
04/10/2325m 50s

Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.

Nearly 100,000 ICS services exposed to the Internet. BunnyLoader in the C2C market. Phantom Hacker scams. API risks. Cybersecurity attitudes and behaviors. Homeland Security IG finds flaws in TSA pipeline security programs, and privacy issues with CBP, ICE, and USSS use of commercial telemetry. Kyiv prepares for Russian attacks on Ukraine's power grid. Ben Yelin on the Department of Commerce placing guardrails on semi-conductor companies. As part of our sponsored Industry Voices segment, Dave Bittner sits down with Nick Ascoli, Founder and CTO at Foretrace, to discuss the last year in data leaks. And Russian disinformation is expected to aim at undermining US support for Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/189 Selected reading. Bitsight identifies nearly 100,000 exposed industrial control systems (Bitsight)  New BunnyLoader threat emerges as a feature-rich malware-as-a-service (BleepingComputer)  "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings (FBI) FBI warns of surge in 'phantom hacker' scams impacting elderly (BleepingComputer) APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (Hacker News) Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 (National Cybersecurity Alliance) Watchdog says pipeline security regulations, data collection safeguards not up to snuff at DHS (Washington Post)  Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED) (Office of Inspector General, Department of Homeland Security)  CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data (REDACTED) (Office of Inspector General, Department of Homeland Security)  Ukraine prepares for winter again as Russia targets its power grid (The Economist)  Putin’s Next Target: U.S. Support for Ukraine, Officials Say (New York Times Learn more about your ad choices. Visit megaphone.fm/adchoices
03/10/2325m 42s

Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.

Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrust is a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors targeting macOS. And Cybersecurity Awareness Month begins this week. Learn more about the Blu Ventures Conference here: https://www.bluventureinvestors.com/cyber-venture-forum For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/188 Selected reading. Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI)  FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher)  A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs)  New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News) APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology)  APT34 Deploys Phishing Attack With New Malware (Trend Micro)  Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News)  Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record)  North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop) Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread) North Korean Lazarus targeted a Spanish aerospace company (Security Affairs) Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (BleepingComputer) Ukraine at D+585: Trench fighting in the south. (CyberWire) Royal Family's official website targeted in cyber attack (Sky News) Royal family website hit by cyber attack (The Independent) The country ‘dodged a bullet’ after shutdown avoided, but the cyber threat still hovers (Washington Post) US Federal shutdown averted (or postponed): effects on cybersecurity. (CyberWire) Cybersecurity Awareness Month: perspectives from the cyber sector. (CyberWire) Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series (NIST)  Learn more about your ad choices. Visit megaphone.fm/adchoices
02/10/2328m 12s

Ted Wagner: Get that hands on experience. [CISO] [Career Notes]

This week, we are joined by Ted Wagner, Chief Information Security Officer at SAP National Security Services, or SAP NS2. Ted sits down to share his story on how he got introduced into the industry and why he chose this as a career path. He went straight into the Armyas a second lieutenant in the artillery field after high school, which after his time was up he decided to move on and started working for a company that allowed him to do a management training program. After that he found himself working on IT projects which got him interested in the field. Ted shares that one thing that has helped him throughout his career is teaching about very technical terms and turning it into more operational or business like terms for his students at MIT. He shares that people getting into this field should get as much hands on experience as they can, saying "I think those are all things that can really help someone who may not have all the experience, but this is a pathway to, to learn." We thank Ted for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/10/2310m 36s

Downloading cracked software. [Research Saturday]

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was not published by Cisco Talos' team. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/09/2317m 29s

Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served inside Bing's AI chatbot (Malwarebytes) Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress)  Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media)  A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica)  Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security)  Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) CL0P Seeds ^_- Gotta Catch Em All! (Unit 42)  A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post)  2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense) NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) NSA starts AI security center with eye on China and Russia (Fortune)  NSA is creating a hub for AI security, Nakasone says (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
29/09/2326m 46s

Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.

The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs) Johnson Controls reports data breach after severe ransomware attack (BeyondMachines)  Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board)  Split privacy board urges big changes to Section 702 surveillance law (Washington Post) Democrats fear cyberattacks as government shutdown looms (Nextgov.com)  Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)  Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters)  Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information) Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
28/09/2328m 54s

What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.

A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency)  Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer)  Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web)  Suspicious New Ransomware Group Claims Sony Hack (Dark Reading)  Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer)  Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek)  Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission)  Ukraine: Russian hackers infiltrating software supply chains (Computing) Russian hacking operations target Ukrainian law enforcement (CyberScoop)  Ukraine accuses Russian spies of hacking law enforcement (Register)  Russian hackers target Ukrainian government systems involved in war crimes investigations (Record)  Ukraine Cyber Defenders Prepare for Winter (Bank Info Security)  Learn more about your ad choices. Visit megaphone.fm/adchoices
27/09/2333m 28s

Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.

An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense)  ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint)  More MOVEit-related data breaches are disclosed. (CyberWire) Mixin Network suspends deposits and withdrawals. (CyberWire) OpenSea NFT market warns of third-party risk to its API. (CyberWire) Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix)  Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News)  British Army general says UK now conducting ‘hunt forward’ operations (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
26/09/2323m 10s

Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity)  From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon)  New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer)  Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News)  0-days exploited by commercial surveillance vendor in Egypt (Google). PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab)  New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News)  Egyptian presidential hopeful targeted by Predator spyware (Washington Post) Russian news outlet in Latvia believes European state behind phone hack (the Guardian)  Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters). Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (Ukrinform). Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent)  NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading)  Learn more about your ad choices. Visit megaphone.fm/adchoices
25/09/2330m 50s

Threat intelligence discussion with Chris Krebs. [Special Edition]

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your ad choices. Visit megaphone.fm/adchoices
25/09/2315m 46s

Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]

This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS’ largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served as Lead Cyber Advisor to the Federal Communications Commission. Merritt shares some amazing advice for up and comers into the field, saying "my personal philosophy is that no one has to go down for you to go up. I'm always encouraging my colleagues, um, and other executives to be thinking about how we can, you know, steal, sharpen, steal, how we can be good for each other, how we can collaborate, how we can, um, create more strengths in one another." We thank Merritt for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/09/239m 7s

Behind the Google shopping ad masks. [Research Saturday]

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server.  The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad choices. Visit megaphone.fm/adchoices
23/09/2314m 32s

Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.

A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer)  Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/09/2332m 16s

Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.

CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2K’s Simone Petrella sits down with Chris Krebs at the mWise conference. In today’s Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Unit 42. And MGM Resorts says it’s well on the way to recovery. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/181 Threat Vector links. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected reading. #StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) 2023 .Phishing Trends (ZeroFox) Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire)  2023 Cyber Claims Report: Mid-year Update (Coalition)  Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone (Comparitech) Canada blames border checkpoint outages on cyberattack (Record) Cyberattack hits International Criminal Court (SC Media) International Criminal Court hacked amid Russia probe (Register) International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) Our hotels and casinos are operating normally. (FAQ - MGM Resorts) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News - 09-20-2023) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/09/2330m 32s

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.

The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks (and related social engineering capers). In our Learning Layer segment, Sam Meisenberg drops into a CISSP tutoring session and offers some test-taking tips. Our guest is Aaron Brazelton, Dean of Admissions and Advancement at the Alabama School of Cyber Technology and Engineering. And the Clorox incident shows how one company navigates unfamiliar new SEC rules. Join Sam Meisenberg as he drops into a CISSP tutoring session talking about the difference between due diligence and due care along with some test-taking tips. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/180 Learning Layer. Learning about the CISSP certification from (ISC)² Selected reading. War crimes tribunal ICC says it has been hacked (Reuters) International Criminal Court says cybersecurity incident affected its information systems last week (AP News)  Hackers breached International Criminal Court’s systems last week (BleepingComputer) New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint)  Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack)  MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post)  Caesars reports cyberattack but did not go offline (Top Class Actions)  What Las Vegas tourists need to know about casino hacks (Washington Post)  MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (Dark Reading) Clorox Cyberattack Brings Early Test of New SEC Cyber Rules (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/09/2331m 38s

Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.

Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And there’s talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack -Petro (Reuters)  Colombia Mulls Legal Action Against US Firm Targeted In Cyber Attack (Barron's) Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (Microsoft Security Response Center) Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages (SecurityWeek) Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (Trend Micro)  Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) The Clorox Company FORM 8-K (US Securities and Exchange Commission)  Clorox Warns of Product Shortages Following Cyberattack (Wall Street Journal) Clorox warns of product shortages, profit hit from August cyberattack (The Street)  Can't find the right Clorox product? A recent cyberattack is causing some shortages (USA Today)  Clorox warns of product shortages after cyberattack (Fox Business)  As flu season looms, hackers force a shortage of Clorox products (Fortune) New Research Finds Cyberattacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% (Business Wire) Death By a Billion Bots (Netacea) Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (EconoTimes)  Learn more about your ad choices. Visit megaphone.fm/adchoices
19/09/2327m 16s

A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.

Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains the policies, tools and safeguards in place to enable the safe use of generative AI. And more details emerge in the Las Vegas casinos’ ransomware incidents. Danny Ocean, call your office. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/178 Selected reading. Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness (Microsoft Security Compliance and Identity) Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say (Record)  CoinEx invites hackers to negotiate after suffering data breach (The Times of India BlackCat ransomware hits Azure Storage with Sphynx encryptor (BleepingComputer) MGM websites up, but reservation systems still affected by hack (Las Vegas Review-Journal) The chaotic and cinematic MGM casino hack, explained (Vox) Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water commission confirms 'cybersecurity incident' (Register)  Ukraine's Fusion of Cyber and Kinetic Warfare: Illia Vitiuk's Stand Against Russian Cyber Operations (AFCEA International) Learn more about your ad choices. Visit megaphone.fm/adchoices
18/09/2327m 16s

Karl Mattson: Defer gratification. (CISO) [Career Notes]

Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring gratification as long as possible" when building your career. He says, "People early in their career, looking at government service, those positions don't, you know, make anybody rich overnight, but they are amazing career cornerstones to build on." He closes sharing the importance of relationships. We thank Karl for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/09/239m 43s

A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]

Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Saïd Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk. Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list – with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents. Even the largest and most technologically advanced companies are not immune. CEOs must formally answer to regulators, shareholders and board members for their organisation’s cybersecurity. Yet the majority (72%) of CEOs we interviewed as part of our research said they were not comfortable making cybersecurity-related decisions. The research and associated article can be found here: Research: The CEO Report on Cyber Resilience Article: Make Cybersecurity a Strategic Asset Learn more about your ad choices. Visit megaphone.fm/adchoices
16/09/2340m 15s

Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.

"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/177 Selected reading. Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft) Hackers Backed by Iran Caught in Apparent Global Spy Campaign (The Messenger) BNamericas - Colombia cyberattack hits government, corpor... (BNamericas.com) Colombia's judicial branch thrown offline in major cyber attack (Colombia Reports)  Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down (AP News) Casino Operators Caesars and MGM Still Reeling From Cyber Attacks (Kiplinger.com)  Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs (CyberScoop)  MGM still responding to wide-ranging cyberattack as rumors run rampant (Record) Ransomware in the casinos. (CyberWire) MGM Resorts shuts down some systems. (CyberWire) Manchester police officers’ data stolen following ransomware attack on supplier (Record) Contractor Data Breach Impacts 8k Greater Manchester Police Officers (Hackread)  A Second Major British Police Force Suffers a Cyberattack in Less Than a Month (SecurityWeek)  Who is behind the latest wave of UK ransomware attacks? (the Guardian)  Learn more about your ad choices. Visit megaphone.fm/adchoices
15/09/2331m 16s

Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.

The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading. Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg)  Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal)  The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal)  Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal)  ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters)  MGM Resorts says cyberattack could have material effect on company (NBC News)  MGM Resorts cybersecurity breach could cost millions, expert says (KLAS)  MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire) macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek)  “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence)  Unit 42 Attack Surface Threat Report (Palo Alto Networks) The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal)  Learn more about your ad choices. Visit megaphone.fm/adchoices
14/09/2325m 39s

How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.

An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/175 Selected reading. Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security)  3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec) Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security) Contextualizing Deepfake Threats to Organizations (US Department of Defense)  Bipartisan push to ban deceptive AI-generated ads in US elections (Reuters) DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) New DOD cyber strategy notes limits of digital deterrence (DefenseScoop) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)  September 2023 Security Updates (Microsoft Security Response Center)  Microsoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA)  Zero Day Summer: Microsoft Warns of Fresh New Software Exploits (SecurityWeek) Microsoft Patch Tuesday: Two zero-days addressed in September update (Computing)  Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) (Help Net Security)  Adobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs)  Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer)  Apple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA)  SAP Security Patch Day for September 2023 (Onapsis)  Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (The Hacker News)  Critical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading) Zero-day affecting Chrome, Firefox and Thunderbird patched (Computer)  Learn more about your ad choices. Visit megaphone.fm/adchoices
13/09/2326m 7s

Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”

Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter. And MGM Resorts are dealing with a “cybersecurity issue.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/174 Selected reading. Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET)  Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News)  Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading)  Iranian hackers break into networks of more than 30 companies in Israel (ynetnews)  “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer)  Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News)  Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) Sales and Purchases of Vulnerability Exploits (Flashpoint) Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek) MGM Resorts shuts down some computer systems after cyber attack (Reuters)  Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News)  MGM Resorts shuts down IT systems after cyberattack (BleepingComputer) MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business)  MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News)  MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch)  FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV)  MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg)  Learn more about your ad choices. Visit megaphone.fm/adchoices
12/09/2332m 6s

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book, “Irreducibly Complex Systems: An Introduction to Continuous Security Testing.” In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/173 Selected reading. Ransomware, extortion and the cyber crime ecosystem (NCSC) HijackLoader (Zscaler) New HijackLoader malware is rapidly growing in popularity (Security Affairs) New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (Hacker News) Spyware Telegram mod distributed via Google Play (Secure List) Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (The Hacker News) 'Evil Telegram' Android apps on Google Play infected 60K with spyware (BleepingComputer) Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life (Financial Times) Russia warns "all-out war" with US could erupt over worsening cyber clashes (Newsweek) New strategy for global cybersecurity cooperation coming soon: State cyber ambassador (Breaking Defense)  Learn more about your ad choices. Visit megaphone.fm/adchoices
11/09/2331m 11s

Caroline Wong: A passion for teaching. [CSO] [Career Notes]

Caroline Wong, Chief Strategy Officer from Cobalt sits down to share her story of her 15+ years in cybersecurity leadership, including practitioner, product, and consulting roles. As well as being a member of our very own Hash Table, Caroline also authored the popular textbook, Security Metrics: A Beginner's Guide and teachers cybersecurity courses on LinkedIn Learning as well as hosts the Humans of InfoSec podcast. Caroline's father pushed her to start her career in engineering, she went to UC Berkeley and got accepted into their Electrical Engineering and Computer Sciences program. As a college student, she was looking for an internship and found eBay, where she says she worked an entry level position available on the information security team, and says the rest is history. She shares that she loves to teach her peers, and how she would like to be remembered for being a good teacher, saying "I think that my favorite part of the work that I get to do is teaching. Um, and in particular, um, being able to communicate about cybersecurity concepts to a wide audience. I have such tremendous gratitude." We thank Caroline for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/09/2310m 14s

No honor in being a criminal. [Research Saturday]

This week, our guest is Reece Baldwin from Kasada discussing their work on "No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign." The Kasada Threat Intelligence team has recently identified a malware campaign targeting users of OpenBullet, a tool popular within criminal communities to conduct credential stuffing attacks. This malware campaign was first uncovered when the team was digging around in a Telegram channel setup to share OpenBullet configurations. Reading through a few of the configurations they identified a function, ostensibly designed to bypass Google’s reCAPTCHA anti-bot solution. Th research states "While the versatility of OpenBullet’s configuration files enable complex attacks, they can also make it difficult for inexperienced attackers to fully understand what requests are being created and what data is being retrieved." The research can be found here: No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
09/09/2317m 18s

Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.

Apple issues emergency patches. "Multiple nation-state actors" target the aerospace sector. The DPRK targets security researchers. SpaceX interrupted service to block a Ukrainian attack against Russian naval units last year. The International Criminal Court will prosecute cyber war crimes. Operation KleptoCapture extends to professional service providers. Malek Ben Salem of Accenture ponders the long-term reliability of LLM-powered applications. Our guest is Elliott Champion from CSC on how cybercriminals are taking advantage of the Threads platform. And congratulations to the SINET 16. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/172 Selected reading. BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (The Citizen Lab)  Apple issues software updates after spyware discoveries (Washington Post) Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) (Help Net Security) CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA (Cybersecurity and Infrastructure Security Agency CISA) Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Cybersecurity and Infrastructure Security Agency CISA)  AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Tenable®)  CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities (The Hacker News) Active North Korean campaign targeting security researchers (Google) Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers (SecurityWeek) Musk 'switched off Starlink in Ukraine over nuclear fears' (Computing) CNN Exclusive: 'How am I in this war?': New Musk biography offers fresh details about the billionaire's Ukraine dilemma | CNN Politics (CNN)  Ukraine, US Intelligence Suggest Russia Cyber Efforts Evolving, Growing (Voice of America) The International Criminal Court Will Now Prosecute Cyberwar Crimes (WIRED) Technology Will Not Exceed Our Humanity (Digital Front Lines)  Justice Department’s Oligarch Hunters Widen Scope to Include Facilitators (Wall Street Journal)  Apple issues emergency patches. APTs target aerospace sector. DPRK targets security researchers. New BEC phishing kit. Notes from the hybrid war. ICC will prosecute cyber war crimes. SINET 16 announced. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
08/09/2330m 35s

Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.

Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cyber threats. On this segment of Threat Vector, Chris Brewer, a Director at Unit 42 and expert in digital forensics and incident response, joins host David Moulton discussing Mastering IR Sniping: A Deliberate Approach to Cybersecurity Investigations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/171 Threat Vector links. Sniper Incident Response from Cactus Con on GitHub Sniper Incident Response presentation by Chris Brewer on YouTube Selected reading. Results of Major Technical Investigations for Storm-0558 Key Acquisition (Microsoft Security Response Center) Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained (Bitdefender) Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks (Bitdefender)  MITRE and CISA release Caldera for OT attack emulation (Security Affairs)  MITRE Caldera for OT now available as extension to open-source platform (Help Net Security) Silverfort and Osterman Research Report Exposes Critical Gaps in Identity Threat Protection (Silverfort)  United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang (US Department of the Treasury) Estonian PM: cyberspace is Ukraine war frontline (Euromaidan Press) Cyberwar and Conventional Warfare in Ukraine (19FortyFive) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/09/2327m 8s

Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.

There’s a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/170 Selected reading. New Agent Tesla Variant Being Spread by Crafted Excel Document (Fortinet Blog)  World's Largest Cryptocurrency Casino Stake Hacked for $41 Million (Hackread)  Crypto casino Stake.com loses $41 million to hot wallet hackers (BleepingComputer)  Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (KrebsOnSecurity)  Global DevSecOps Report on AI Shows Cybersecurity and Privacy Concerns Create an Adoption Dilemma (GitLab) APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469) (CERT-UA) Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure (The Hacker News) Ukraine says an energy facility disrupted a Fancy Bear intrusion (Record) What's in a NoName? Researchers see a lone-wolf DDoS group (Record)  New Research from TechTarget’s Enterprise Strategy Group and the ISSA Reveals Continuous Struggles within Cybersecurity Professional Workforce - ISSA International (ISSA International)  Life and Times 2023 Download Landing Page (ISSA International)  E-book: The Life and Times of Cybersecurity Professionals Volume VI (ESG Global)  Layoffs list extended by Malwarebytes, Fortinet, Veriff, SecureWorks (Cybernews)  Learn more about your ad choices. Visit megaphone.fm/adchoices
06/09/2331m 23s

In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.

A New variant of Chae$ malware is described. A "Smishing Triad" impersonates postal services. A MinIO storage exploit reported. Okta warns of attackers seeking senior admin privileges. LockBit compromises a UK security contractor. DDoS takes down a German financial regulator's site. Infamous Chisel as GRU combat support. Joe Carrigan on Meta uncovering a Chinese influence effort. Our guest is Connie Stack, CEO of Next DLP, discussing data breach notification procedure. And please -PLEASE- remember to change your default passwords. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/169 Selected reading. Threat Profile: Chae$ 4 Malware (Morphisec) "Smishing Triad" Targeted USPS and US Citizens for Data Theft (Resecurity)  'Smishing Triad' Targeted USPS and US Citizens for Data Theft (Security Affairs)  New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services (Security Joes) Hackers exploit MinIO storage system to breach corporate networks (BleepingComputer)  Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (The Hacker News)  More Okta customers trapped in Scattered Spider's web (Register)  Cross-Tenant Impersonation: Prevention and Detection (Okta Security) Breaking: UK MoD attacked by LockBit (Computing) German financial agency site disrupted by DDoS attack since Friday (BleepingComputer)  LogicMonitor customers hacked in reported ransomware attacks (BleepingComputer) LogicMonitor customers hit by hackers, because of default passwords (TechCrunch) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/09/2328m 34s

Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]

This interview from August 25th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Jeff Welgan, Chief Learning Officer at N2K Networks, to expand on the NICE framework in strategic workforce intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/09/2312m 0s

Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]

This week's guest is Rick Doten, the VP of Information Security at Centene Corporation, he sits down to share his story and provide wise words of wisdom after conquering this industry for 30 years. Rick, like many others in the field started off not knowing what he wanted to do, so he tried out a few things, including doing in-user training and desktop support, eventually evolving to do systems analysis work and designing software. Rick shares that his main day to day roles are spending time helping out the corporate global CISO, CTO, and head of platform within the organization, he shares that his nickname is the neighborhood cat because he's everywhere. Rick shares advice for people getting into the industry for the first time, saying "There is a rainbow of different roles in cyber security, and I feel like I've done all of them in the last 30 years. So there are different things that, that you, the thing that like appeal to you the most because you're going to excel and want to hyper focus on the thing that you really, really are interested in and not the thing that you're not" We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/09/239m 59s

Thwarting Muddled Libra. [Research Saturday]

Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. Posing threats to organizations in the software automation, BPO, telecommunications and technology industries, Muddled Libra is a threat group that favors targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. The research can be found here: Threat Group Assessment: Muddled Libra Learn more about your ad choices. Visit megaphone.fm/adchoices
02/09/2330m 5s

DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.

A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marré from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is released for Key Group ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/168 Selected reading. VMConnect supply chain attack continues, evidence points to North Korea (ReversingLabs)  Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware (Securonix) Montreal electricity organization latest victim in LockBit ransomware spree (Record) LockBit ransomware gang targets electrical infrastructure organization in Montreal (teiss) [Analyst Report] SANS 2023 DevSecOps Survey (Synopsys) SANS 2023 DevSecOps Survey (Application Security Blog) Government Agencies Report New Russian Malware Targets Ukrainian Military (National Security Agency/Central Security Service) Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say (CNN) Ukraine: The First Cyber Lessons (AFCEA International) The Return of Hacktivism: A Temporary Reprise or Here for Good? (ReliaQuest) Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang (EclecticIQ) Learn more about your ad choices. Visit megaphone.fm/adchoices
01/09/2331m 33s

GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.

China deploys tools used against Uyghurs in broader espionage. The Five Eyes call out a GRU cyberespionage campaign. Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter. A Spring-Kafka zero-day is discovered. Deepen Desai from Zscaler explains RedEnergy Stealer-as-a-Ransomware attacks. Luke Nelson of UHY Consulting on ransomware’s impact on schools. And, hey, go Wolverines: the University of Michigan overcomes a cyberattack that delayed the academic year. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/167 Selected reading. BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live Security)  Earth Estries Targets Government, Tech for Cyberespionage (Trend Micro)  Infamous Chisel Malware Analysis Report (Cybersecurity and Infrastructure Security Agency CISA) UK and allies support Ukraine calling out Russia's GRU for new malware campaign (NCSC)  Hackers Attack Czech Banks, Demanding End of Support For Ukraine (Brno Daily)  More Russian attacks on Czech banks: Hackers call for end of support to Ukraine (Expats.cz) Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink (BBC News)  Contrast Assess uncovers Spring-Kafka deserialization zero day (Contrast Security) U. Michigan restores campus internet after cyberattack disrupts first week of classes (EdScoop) Internet restored on University of Michigan campus, ongoing issues still expected (mlive) University of Michigan isn't disclosing details of internet outage cyberattack (Detroit Free Press) Expert weighs in on school cyberattacks as University of Michigan makes progress on internet outages (CBS News) Learn more about your ad choices. Visit megaphone.fm/adchoices
31/08/2327m 21s

An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.

An international operation takes down Qakbot. Chinese threat actors anticipated Barracuda remediations. A look at adversary-in-the-middle attacks, making phishbait more effective and the emergence of a new ransomware threat. Narrative themes in Russian influence operations. My conversation with Natasha Eastman from (CISA), Bill Newhouse from (NIST), and Troy Lange from (NSA) to discuss their recent joint advisory on post-quantum readiness. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Cyber Threat Alliance President and CEO Michael Daniel about the current state of cybercrime. And when toilet bowls are outlawed, only outlaws will have toilet bowls. Listen to the full conversation with Natasha Eastman, Bill Newhouse, and Troy Lange here: A joint advisory on post-quantum readiness. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/165 Selected reading. Operation Duck Hunt bags Qakbot. (CyberWire) FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown (Federal Bureau of Investigation) Qakbot Malware Disrupted in International Cyber Takedown (US Department of Justice) Law Enforcement Takes Down Qakbot (Secureworks) Qakbot: Takedown Operation Dismantles Botnet Infrastructure (Symantec)  Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack (SecurityWeek)  Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (The Hacker News) The Lure of Subject Lines in Phishing Emails - How Threat Actors Utilize Dates to Trick Victims (Cofense) The Emergence of Ransomed: An Uncertain Cyber Threat in the Making (Flashpoint) Cancelled flights: Air traffic disruption caused by flight data issue (BBC News) Russian Offensive Campaign Assessment, August 29, 2023 (Institute for the Study of War) Learn more about your ad choices. Visit megaphone.fm/adchoices
30/08/2329m 47s

A joint advisory on post-quantum readiness. [Special Edition]

In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography. You can find the joint advisory here: Quantum-Readiness: Migration to Post-Quantum Cryptography Quantum computing: A threat to asymmetric encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/08/2322m 42s

Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.

Name collision as a DNS risk. A LockBit derivative is active against targets in Spain. QR codes as phishbait. Cybersecurity trends in Healthcare. A Russian hacktivist auxiliary hits Polish organizations, while investigation of railroad incidents in Poland continues. Ben Yelin looks at the SEC cracking down on NFTs. Mr. Security Answer Person John Pescatore opens up the listener mail bag. And a look at a probably accidental glitch affecting air travel in the UK. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/164 Selected reading. What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS (Cisco Talos)  Spain warns of LockBit Locker ransomware phishing attacks (BleepingComputer)  Think Before You Scan: The Rise of QR Codes in Phishing (Trustwave SpiderLabs) 78% of Healthcare Organizations Experienced Cyber Incidents in Past Year, 60% of Which Impacted Patient Care (Claroty)  Polish stock exchange, banks knocked offline by pro-Russian hackers (Cybernews)  Two Men Arrested Following Poland Railway Hacking (SecurityWeek)  Century-old technology hack brought 20 trains to a halt in Poland (Cybernews)  Poland investigates train mishaps for possible Russian connection (Washington Post)  Flight chaos ‘to last for days’ after air traffic control failure (The Telegraph)  UK flight chaos could last for days, airline passengers warned (the Guardian)  Government can’t rule out cyber attack caused air traffic chaos (MSN) Learn more about your ad choices. Visit megaphone.fm/adchoices
29/08/2325m 54s

DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.

The DPRK's Lazarus Group exploits ManageEngine issues. A Data breach at Kroll is traced to SIM swapping. Unusually destructive ransomware hits CloudNordic. Spawn of LockBit. Polish trains are disrupted by hacktivists. Rick Howard looks at the MITRE attack framework. Our guests are Andrew Hammond and Erin Dietrick from the International Spy Museum. And Influence laundering as a long-term disinformation tactic. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/163 Selected reading. North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw (SecurityWeek) Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure (Help Net Security) Cyber scams keep North Korean missiles flying (Radio Free Asia) Claimant Data Breached in Genesis, FTX and BlockFi Bankruptcy Cases (Wall Street Journal) Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (BleepingComputer) Crypto investor data exposed by a SIM swapping attack against a Kroll employee (Security Affairs) Kroll Employee SIM-Swapped for Crypto Investor Data (KrebsOnSecurity) Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (The Hacker News) FTX bankruptcy handler Kroll discloses data breach (The Stack) CloudNordic Faces Severe Data Loss After Ransomware Attack (Hackread)  CloudNordic loses most customer data after ransomware attack | TechTarget (Security)  Lockbit leak, research opportunities on tools leaked from TAs (SecureList) LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (The Hacker News) Poland investigates cyber-attack on rail network (BBC News) Poland investigates hacking attack on state railway network (Reuters) Hackers bring down Poland’s train network in massive cyber attack (Ticker News)  The Cheap Radio Hack That Disrupted Poland's Railway System (WIRED) Russia Pushes Long-Term Influence Operations Aimed at the U.S. and Europe (New York Times) Newly declassified US intel claims Russia is laundering propaganda through unwitting Westerners (CNN Politics) Learn more about your ad choices. Visit megaphone.fm/adchoices
28/08/2327m 50s

Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]

This week, we welcome Dina Haines, an Industry Partnership Manager with the National Security Agency's Cybersecurity Collaboration Center. Dina found from a young age, she was always interested in the field, taking after her father who worked in the space industry, paving the way for her to fall in love with the field. She worked in the private sector for a bit, moving around every now and again, eventually landing the position she works now. Dina says her day to day job is helping the NSA to bend and protect cyberspace by bringing in private industry. She says "I try to spend a lot of time listening and seeing where people, where they're coming from, where they're at, you know, potentially in their career, where they're at in their job that day, and then try to, um, support them and bring them up and, and float the entire boat." We thank Dina for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/08/239m 18s

Google's not being ghosted from vulnerabilities. [Research Saturday]

Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users. The research states "The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim’s Google account infected with a trojan app forever." Google issued a patch to this vulnerability in April of this year, but researchers explain why this can be severe. The research can be found here: GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts Learn more about your ad choices. Visit megaphone.fm/adchoices
26/08/2317m 7s

Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.

Telekopye and the rise of commodified phishing kits. Lazarus Group fields new malware. Implications of China's campaign against vulnerable Barracuda appliances. Abhubllka ransomware's targeting and low extortion demands. Malek Ben Salem of Accenture outlines generative AI Implications to spam detection. Jeff Welgan, Chief Learning Officer at N2K Networks, unpacks the NICE framework and strategic workforce intelligence. And a new hacktivist group emerges, and takes a particular interest in NATO members. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/162 Selected reading. eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (Dark Reading) Telekopye: Hunting Mammoths using Telegram bot (ESET) Lazarus Group's infrastructure reuse leads to discovery of new malware (Cisco Talos Blog)  FBI fingers China for attacks on Barracuda email appliances (Register) Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) (FBI) Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants (Netenrich) Ransomware ecosystem targeting individuals, small firms remains robust (Record)  Ransomware With an Identity Crisis Targets Small Businesses, Individuals (Dark Reading)  Hacking group KittenSec claims to 'pwn anything we see' to expose corruption (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices
25/08/2326m 48s

Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.

There’s a new sophistication in BEC campaigns. Trends in brand impersonation–crooks still like to pretend they’re from Redmond. The future of Russian influence operations in the post-Prigozhin era. Andrea Little Limbago from Interos shares insights on the new cyber workforce strategy. In our latest Threat Vector segment David Moulton of Palo Alto Networks is joined by Stephanie Ragan, Senior Consultant at Unit 42 to discuss Muddled Libra. And more on the doxing of a deputy Duma chair, who seems to have been selling hot iPhones as a side hustle (maybe). And the growing problem of Synthetic identity fraud. On this segment of Threat Vector, Stephanie Ragan, Senior Consultant at Unit 42, joins host David Moulton to discuss Muddled Libra. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/162 Selected reading. BEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge (Trustwave) Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations (Kroll) Microsoft Impersonated Most in Phishing Attacks Among Nearly 350 Brands (Abnormal Security) TransUnion Analysis Finds Synthetic Identity Fraud Growing to Record Levels (TransUnion) Ukraine at D+546: Yevgeny Prigozhin dies in a plane crash. (CyberWire) Without Prigozhin, expect some changes around the edges on Russian influence operations (Washington Post) 2023 H1 Global Threat Analysis Report (Radware) Lapsus$: Court finds teenagers carried out hacking spree (BBC News) British court convicts two teen Lapsus$ members of hacking tech firms (Record)  Treasury Designates Roman Semenov, Co-Founder of Sanctioned Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury)  Tornado Cash Founders Charged With Money Laundering And Sanctions Violations (U.S. Attorney for the Southern District of New York)  Russian Duma leader’s emails hacked and leaked (Cybernews) Ukrainian hackers expose money laundering and sanction evasion by senior Russian politician (teiss)  Learn more about your ad choices. Visit megaphone.fm/adchoices
24/08/2327m 26s

A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.

The Smoke Loader botnet has a creepy new payload. Ransomware gets faster. How AI has evolved in malicious directions. The Snatch ransomware gang threatens to snitch. The FSB continues to use both USBs and phishing emails as attack vectors. A ransomware attack shutters Belgian social service offices. Tim Starks from the Washington Post explains a Biden administration win in a DC court. Our guest Ben Sebree of CivicPlus describes how the public sector could combat cybercrime during cloud adoption. And the deadline for comment on US cybersecurity regulations? It’s been extended. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/161 Selected reading. Smoke Loader Drops Whiffy Recon Wi-Fi Scanning and Geolocation Malware (SecureWorks)  Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders (Sophos News)  HP Wolf Security Threat Insights Report Q2 2023 | HP Wolf Security (HP Wolf Security)  Barracuda XDR Insights: How AI learns your patterns to protect you (Barracuda) Deep Instinct Study Finds Significant Increase in Cybersecurity Attacks Fueled by Generative AI (Deep Instinct)  Cyberattack on Belgian social service centers forces them to close (Record) Ukraine’s Military Hacked by Russian Backed USB Malware (Ophtek) Request for Information on Cyber Regulatory Harmonization; Request for Information: Opportunities for and Obstacles To Harmonizing Cybersecurity Regulations (Federal Register) Learn more about your ad choices. Visit megaphone.fm/adchoices
23/08/2329m 27s

A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.

HiatusRAT shifts its targets. Ecuador's difficulties with voting is attributed to cyberattacks. Carderbee is an APT targeting Hong Kong. auDA (OOO-duh) turns out not to have been breached. Ukrainian hacktivists claim to dox a senior member of Russia's Duma. Russian influence operations take aim at NATO's July summit. Joe Carrigan describes attacks on LinkedIn accounts. Our guest is John Hernandez from Quest to discuss why he believes the MOVEit flaw is a wakeup call for CISOs. Security, not by obscurity, but by typo. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/160 Selected reading. HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack (The Hacker News)  New HiatusRAT campaign targets Taiwan and U.S. military procurement system (Security Affairs) HiatusRAT Returns after a Hiatus in a Fresh Wave of Attacks (Cyware Labs) No rest for the wicked: HiatusRAT takes little time off in a return to action (Lumen) Ecuador’s national election agency says cyberattacks caused absentee voting issues (Record) Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong Resolution of cyber incident (auDA)  Ukrainian hackers claim to leak emails of Russian parliament deputy chief (Record)  Summit Old, Summit New (Graphika) Summit Old, Summit New: Russia-Linked Actors Leverage New and Old Tactics in Influence Operations Targeting Online Conversations About NATO Summit (Graphika) The simple typo that stopped bank robbers from stealing $1 billion (LAD Bible) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/08/2329m 34s

DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.

The DPRK's Kimsuky attempts to hit joint military exercises. Australian domain administrator auDA (OW-duh) may have been breached. WoofLocker's version of a tech support scam. The US Intelligence Community warns of cyber threats to space systems. Rick Howard looks at forecasting cyber risk. Deepen Desai from Zscaler shares ransomware trends. And more wartime disinformation out of Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/159 Selected reading. Suspected N. Korean Hackers Target S. Korea-US Drills (SecurityWeek) N. Korean Kimsuky APT targets S. Korea-US military exercises (Security Affairs)  North Korean hackers target US-South Korea military drills, police say (The Economic Times Cyber incident update (auDA)  Australia’s .au domain administrator denies data breach after ransomware posting (Record)  Hackers claim to have breached auDA (iTnews) Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams (Malwarebytes)  WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams (The Hacker News) US warns space companies about foreign spying (Reuters)  Intelligence Agencies Warn Foreign Spies Are Targeting U.S. Space Companies (New York Times)  US Warns Space Industry of Growing Risks of Spying and Satellite Attacks (Bloomberg)  Foreign countries targeting tech from US space companies, intel agencies warn (The HIll)  Pentagon urges US space companies to stay vigilant against foreign intelligence (TechCrunch)  Safeguarding the US Space Industry: Keeping Your Intellectual Property in Orbit (DNI)  What To Do About The U.S. Intelligence Community Warning on Safeguarding The Space Industry (OODA Loop)  Countering disinformation with facts - Russian invasion of Ukraine (Government of Canada) Sergey Lavrov: Throwing Russia off balance is ultimate aim (TASS) Moscow says US unwillingness to end Ukraine conflict (Merh News Agency) Russian invaders sending threats to Kherson region’s residents via social media - watchdog (Ukrinform) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/08/2323m 6s

Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]

This week, our guest is Luke Vander Linden, Vice President of Membership & Marketing from RH-ISAC and host of the RH-ISAC podcast here at the CyberWire. Luke sits down to share his story all the way back to when he was a very young age where he was a child model and actor to where he is now working in the cyber industry. Luke fell into the marketing field after his time as a child actor, where he really started to find his passion. After finding his passion, he decided to branch out to different areas in the field, working in public libraries and advocacy groups, this is where he started to really enjoy the prospect of working with individuals who support organizations, which got him started in the RH-ISAC world. Luke shares that he wears many hats these days, working in the podcast business while also working on the leadership team at RH-ISAC. His advice for people getting into this industry is "I think with age comes this knowledge, but also with experiences. So, I mean, to that point, don't be afraid to go out there and fail, give it a shot." We thank Luke for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/08/238m 56s

Politicians targeted by RomCom. [Research Saturday]

Dmitry Bestuzhev from Blackberry joins to discuss their work on "RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine." Research suggests that the RomCom threat team has been tracked carefully following the geopolitical events surrounding the war in Ukraine, and are now targeting politicians in Ukraine who are working closely with Western countries. This group is different from others in that their focus is more on secrets or information which can be useful in geopolitics and specifically the war in Ukraine, instead of financial gain. The research says "Although it is unclear at this point what initial infection vector was used to kick off the execution chain, previous RomCom attacks used targeted phishing emails to point a victim to a cloned website hosting Trojanized versions of popular software." The research can be found here: RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine Learn more about your ad choices. Visit megaphone.fm/adchoices
19/08/2322m 48s

Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.

Phishing for Zimbra credentials. PlayCrypt ransomware described. The Cuba ransomware group adopts new tools. #NoFilter. Cyber criminals threaten security researchers. Our guest is Kevin Paige from Uptycs with thoughts on the Blackhat conference. Eric Goldstein, Executive Assistant Director at CISA joins us discussing next steps on the Secure by Design journey. And Russian disinformation takes on "Anglo-Saxonia." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/158 Selected reading. Mass-spreading campaign targeting Zimbra users (We Live Security) PlayCrypt Ransomware Group Wreaks Havoc in Campaign Against Managed Service Providers (Adlumin SaaS Security) Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America (BlackBerry) NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security (The Hacker News) Cyber security researchers become target of criminal hackers (Financial Times) Britain plotting to assassinate pro-Russian leaders in Africa, says Moscow (The Telegraph)  Ukraine at D+540: Russification and disinformation. (CyberWire)  Learn more about your ad choices. Visit megaphone.fm/adchoices
18/08/2329m 35s

A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.

Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it’s never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/157 Selected reading. ProxyNation: The dark nexus between proxy apps and malware (AT&T Alien Labs)  Massive 400,000 proxy botnet built with stealthy malware infections (BleepingComputer)  PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (Aqua Security)  Clorox Operations Disrupted By Cyber-Attack (Infosecurity Magazine)  Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (IC3)  FBI warns about scams that lure you in as a mobile beta-tester (Naked Security) Incident response lessons learned from the Russian attack on Viasat (CSO Online) Recent Intel Report Reveals New Starlink Vulnerabilities, Increasing Concerns About the Future of Global Satellite Internet (Debrief) Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps (Graham Cluley)  Learn more about your ad choices. Visit megaphone.fm/adchoices
17/08/2331m 10s

China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.

China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K’s Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET)  China teases imminent exposé of seismic US spying scheme (Register)  2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability (SecurityWeek)  Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) LinkedIn Accounts Under Attack (Cyberint) LinkedIn faces surge of account hijacking (Computing) LinkedIn accounts hacked in widespread hijacking campaign (BleepingComputer) Raccoon Stealer malware returns with new stealthier version (BleepingComputer) FBI warns of increasing cryptocurrency recovery scams (BleepingComputer)  Russia slaps Reddit, Wikipedia with fines (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
16/08/2330m 58s

Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.

New targets of Chinese cyberespionage are uncovered. Monti ransomware is back. An evasive phishing campaign exposed. A Realtors' network taken down by cyberattack. A closer look at NoName057(16). Perspective on cyberwar - remember Pearl Harbor, but don’t see it everywhere. Ben Yelin on the Consumer Financial Protection Bureau’s plans to regulate surveillance tech. Microsoft’s Ann Johnson and Charlie Bell ponder the future of security. And scammers are targeting kids playing Fortnite and Roblox. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/155 Selected reading. Chinese spies who read State Dept. email also hacked GOP congressman (Washington Post)  Binary Ballet: China’s Espionage Tango with Microsoft (SecurityHQ) Microsoft Exchange hack to be investigated by US Cyber Safety Board (Computing) Monti ransomware targets VMware ESXi servers with new Linux locker (BleepingComputer)  Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (Netskope) Cyberattack on Bay area vendor cripples real estate industry (The Real Deal) Intel insiders go undercover revealing fresh details into NoName hacktivist operations (Cybernews)  Why the US Military Wants You To Rethink the Idea of 'Cyber War' (The Messenger)  A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight (WIRED) Learn more about your ad choices. Visit megaphone.fm/adchoices
15/08/2327m 33s

Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.

An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases of cyberespionage against Exchange. Watch the full video of Simone and Camille here: Solution Spotlight: Simone Petrella and Camille Stewart Gloster For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/154 Selected reading. DroxiDat-Cobalt Strike Duo Targets Power Generator Network (Infosecurity Magazine) New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News) Power Generator in South Africa hit with DroxiDat and Cobalt Strike (Security Affairs)  Southern African power generator targeted with DroxiDat malware (Record)  Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky ICS CERT) APT31 Linked to Recent Industrial Attacks in Eastern Europe (Infosecurity Magazine)  Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (The Hacker News)  LOLEKHosted admin arrested for aiding Netwalker ransomware gang (BleepingComputer) Russian spy agencies targeting Starlink with custom malware, Ukraine warns (The Telegraph) Russia Bans iPhones And iPads For Official Use: Report (BW Businessworld) Microsoft Suspends Extending Licenses For Companies in Russia (RadioFreeEurope/RadioLiberty)  Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security (US Department of Homeland Security) Microsoft Exchange hack is focus of cyber board’s next review (Record)  Microsoft is under scrutiny after a recent attack by suspected Chinese hackers (Windows Central)  The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts (Security Affairs) Microsoft's role in data breach by Chinese hackers to be part of US cyber inquiry (Firstpost) Learn more about your ad choices. Visit megaphone.fm/adchoices
14/08/2327m 15s

Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]

Dr. Georgianna Shea, the Chief Technologist at the Transformative Cyber Innovation Lab at the Foundations for Defensive Democracies (FDD) sits down to share her incredible story, moving around to different roles and how that has lead her to where she is today. Her careers have taken her to many different states throughout the years, as she has learned and grew into the roles she took on, from Hawaii to D.C., Dr. Shea has done it all. Sharing some advice, Dr. Shea says "My words of wisdom are take advantage of every opportunity and don't wait for anybody. I try to mentor people and I talk to young people a lot, you know, trying to get into the field and, and I see a lot of waiting on other people." She explains that you are able to work on your own to become an expert, and taking that initiative will be the thing to get you to where you want to be. We thank Dr. Georgianna Shea for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/08/2310m 27s

It's raining credentials. [Research Saturday]

Alex Delamotte from SentinelLabs joins Dave to discuss their work on "Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP." As actors find more ways to profit from compromising services, SentinelLabs finds that cloud service credentials are becoming increasingly targeted. The lack of threats explicitly targeting Azure and GCP credentials up to this point means there are likely many fresh targets. The research states "These campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew. However, attribution remains challenging with script-based tools, as anyone can adapt the code for their own use." The research can be found here: Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP Learn more about your ad choices. Visit megaphone.fm/adchoices
12/08/2318m 10s

Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.

Charming Kitten collects against Iranian expatriate dissidents. The Cyber Safety Review Board reports on Lapsus$. A Call for comment on open-source, memory-safe standards. How NSA is coping with the cyber labor market. Yandex is restructuring. The Washington Post’s Tim Starks joins us with the latest cyber security efforts from the DOD. Our guest is Dan L. Dodson, CEO of Fortified Health Security with insights on protecting patient data. And How Viasat was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/153 Selected reading. Germany says Charming Kitten hackers target Iran dissidents (Deutsche Welle) Cyber Safety Review Board Releases Report on Activities of Global Extortion-Focused Hacker Group Lapsus$ (US Department of Homeland Security)  Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report (Cybersecurity and Infrastructure Security Agency CISA) Fact Sheet: Office of the National Cyber Director Requests Public Comment on Open-Source Software Security and Memory Safe Programming Languages (ONCD | The White House)  Amid historic hiring surge, NSA considers hybrid, unclassified work options (Federal News Network) Exclusive: Fear of tech 'brain drain' prevents Russia from seizing Yandex for now, sources say (Reuters) Yandex co-founder Volozh slams Russia's 'barbaric' invasion of Ukraine (Reuters)  Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices
11/08/2331m 7s

A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.

A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity. On this segment of Threat Vector, Kristopher Russo, Senior Threat Researcher for Unit 42, joins host David Moulton to discuss part one of two Muddled Libra. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/152 Threat Vector links. Threat Group Assessment: Muddled Libra Guest: Kristopher Russo: From practitioner to researcher Kristopher Russo has spent years entrenched in various specializations of cybersecurity. As a researcher focused on ransomware and cybercrime he brings a from the trenches perspective to cyber threat intelligence. Selected reading. Xurum: New Magento Campaign Discovered (Akamai) Gootloader: Why your Legal Document Search May End in Misery (Trustwave) Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks) New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingCompute Panasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED)  MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security)  Belarus hackers target foreign diplomats with help of local ISPs, researchers say (TechCrunch)  Pro-Russian hackers claim attacks on French, Dutch websites (Record)  Zhora: Russia's cyber 'war crimes' will outlast invasion (Register) The Power of Resilience (Cybersecurity and Infrastructure Security Agency CISA) Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software (The White House) AIxCC (AIxCC) The Biden administration wants to put AI to the test for cybersecurity (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
10/08/2331m 23s

Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.

Reports of a Wide-ranging cyberespionage campaign by China's Ministry of State Security. EvilProxy phishing tool targets executives, and defeats multifactor authentication. Vulnerabilities in CPUs. Yashma ransomware targets a wide range of countries. MacOS threat trends. Is there a Russian attempt to disrupt British elections? Rob Boyce from Accenture checks in from the Blackhat conference. Maria Varmazis talking with Black Hat Aerospace Village's Kaylin Trychon and Steve Luczynski. Ukraine claims to have stopped a Russian spyware campaign. And Patch Tuesday has come and gone, but the vulnerabilities remain–unless, of course, you’ve applied the patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/151 Selected reading. Chinese hackers targeted at least 17 countries across Asia, Europe and North America (Record) RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale (Recorded Future) Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint)  ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk  (CyberScoop)  New Inception attack leaks sensitive data from all AMD Zen CPUs (BleepingComputer) New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (The Hacker News)  Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware (Record) Black Hat USA 2023 – Bitdefender macOS Threat Report Reveals Key Dangers for Mac Users (Bitdefender)  Russia ‘tops list of suspects’ in cyber attack which exposed data of 40m UK voters (The Telegraph) Electoral Commission hack: Five things you need to know (Computing) ‘Hostile actors’ hacked British voter registry, electoral agency says (Washington Post) Electoral Commission apologises for security breach involving UK voters’ data (the Guardian)  Ukraine says it prevented Russian hacking of armed forces combat system (Reuters)  Ukraine says it thwarted attempt to breach military tablets (Record) Russian secret services try to penetrate operation planning electronic system of Ukraine's army (Ukrainska Pravda) Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns (SecurityWeek)  Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days (SecurityWeek) Microsoft Releases August 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Fortinet Releases Security Update for FortiOS (Cybersecurity and Infrastructure Security Agency CISA) Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA)  Patch Tuesday review: August 2023. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
09/08/2329m 45s

Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.

Reports on a 2020 Chinese penetration of Japan's defense networks. MOVEit-connected supply chain issues aren't over. Akamai looks at the current state of ransomware. Mallox ransomware continues its evolution. Machine identities and shadow access. Ukrainian hacktivist auxiliaries hit Russian websites. Joe Carrigan unpacks statistics recently released by CISA. Our guest is Jeffrey Wheatman from Black Kite discussing the market shift from SRS to cyber risk intelligence. And radiation sensor reports from Chernobyl may have been manipulated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/150 Selected reading. China hacked Japan’s sensitive defense networks, officials say (Washington Post)  Japan says cannot confirm leakage after report says China hacked defence networks (Reuters) MOVEit hack spawned around 600 breaches but isn't done yet - cyber analysts (Reuters) Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (Dark Reading) TargetCompany Ransomware Abuses FUD Obfuscator Packers (Trend Micro) New IAM Research by Stack Identity Finds Machine Identities Dominate Shadow Access in the Cloud, Revealing Easy Attack Vector for Hackers (Business Wire) Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau (RadioFreeEurope/RadioLiberty) Ukraine-linked group claims it hacked Moscow property registration bureau website – RFE/RL (Euromaidan Press) Pro-Ukrainian hackers breach Moscow engineering service website (New Voice of Ukraine) Ukrainian state agencies targeted with open-source malware MerlinAgent (Record) The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED)  Learn more about your ad choices. Visit megaphone.fm/adchoices
08/08/2328m 55s

Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.

North Korean cyberespionage against a Russian aerospace firm. The Reptile rootkit is used against South Korean systems. An update on Cloudzy. Cl0p is using torrents to move data stolen in MOVEit exploitation. Andrea Little Limbago from Interos wonders about the dangers of jumping head first into new technologies? Rick Howard ponders quantum computing. And Meduza is back on Apple Podcasts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/149 Selected reading. Exclusive: North Korean hackers breached top Russian missile maker (Reuters) North Korean hackers stole secrets of Russian hypersonic missile maker (Euractiv)  Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company (SentinelOne) Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News)  UPDATE: Cloudzy Command and Control Provider Report (Halcyon) Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News) Clop ransomware now uses torrents to leak data and evade takedowns (BleepingComputer) Ukraine may be winning ‘world’s first cyberwar’ (The Kyiv Independent) Apple has removed Meduza’s flagship news podcast ‘What Happened’ from Apple Podcasts, without explaining the reason (Meduza) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/08/2328m 24s

Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]

Manuel Hepfer a cybersecurity researcher from ISTARI sits down to share his story with us. Manuel shares as a kid he was very interested in STEM, and in school he remembered a programming class that he fell in love which made him want to pursue a career in cyber. Studying at the University of Oxford he began working towards acquiring a degree in Cybersecurity and Strategic Management. He found research to be a passion and wanted to share his passion, he decided he wanted to publish, so Manuel published an article in MIT Sloan management review that's titled "Make Cybersecurity a Strategic Asset." He shares that finding a passion, like he did, is the key to working in cyber, saying "I think what I learned at the time is the value of discipline and self motivation. And now you can always come up with a lot of discipline and self motivation, but you'll run out of steam at some point if you're not very passionate about some of the things that you're doing." We thank Manuel for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/08/238m 53s

Who is that stealing my credentials? [Research Saturday]

Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence." Researchers have been tracking the North Korean APT group Kimsuky and their attempt at a social engineering campaign targeting experts in North Korean affairs. The research states "The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware." Kimsuky has been tracked engaging in extensive email correspondence using spoofed URLs and extensive email correspondence, along with Office documents weaponized with the ReconShark malware. The research can be found here: Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence Learn more about your ad choices. Visit megaphone.fm/adchoices
05/08/2316m 26s

2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.

The Five Eyes warn against top exploited vulnerabilities. The Rilide info stealer in the wild. Malicious PyPI packages. Valerie Abend, Global Cyber Strategy Lead from Accenture, unpacks the Securities and Exchange Commission’s recently announced cyber regulations. In our Solution spotlight: Our own Simone Patrella speaks with Microsoft’s Ann Johnson on how Microsoft is attracting and retaining top cyber talent. And cyber attacks continue to gutter on both sides of Russia's war against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/148 Selected reading. CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vu (National Security Agency/Central Security Service) New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3 (Trustwave) Tunnel Vision: CloudflareD AbuseD in the WilD (GuidePoint Security)  VMConnect: Malicious PyPI packages imitate popular open source modules (ReversingLabs)  Bilyana Lilly on how cybersecurity assistance to Ukraine has helped thwart Russian cyberattacks (CyberScoop) Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks (Reuters) Ukraine's invisible battle to jam Russian weapons (BBC News) How Ukraine’s cyberwarriors are upending everyday life in Russia (Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
04/08/2327m 4s

Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.

Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (that’s Russia’s FSB) shakes up its infrastructure. Midnight Blizzard (and that’s Russia’s SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White House’s national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/147 Selected reading. No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada) “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… (Medium) Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer) Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing)  Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record)  Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security)  Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware) Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch)  NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service) Cisco Firepower Hardening Guide (US National Security Agency) Learn more about your ad choices. Visit megaphone.fm/adchoices
03/08/2329m 2s

An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.

An illicit market in account restoration. Resilience and the cyber workforce. New post-exploitation techniques in Amazon Web Services. Incursions into Norwegian government networks went on for four months. Rob Boyce from Accenture Security describes a “Perfect Storm” in the Dark Web threat landscape. Carole Theriault shares mental health social media warnings for teens. And the Russian legislation seeks to reduce or eliminate online privacy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/146 Selected reading. Amazon employees leak secret info that marketplace sellers can buy on Telegram (CNBC) Cyber Workforce Benchmark Report (Immersive Labs) Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan (Mitiga) Cado Security Labs 2023 Threat Findings Report (Cado Security) Cyberattack on Norway Ministries Lasted at Least Four Months (Bloomberg) CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities (Cybersecurity and Infrastructure Security Agency) Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime (TorrentFreak) Russia Is Returning to Its Totalitarian Past (Foreign Policy) Learn more about your ad choices. Visit megaphone.fm/adchoices
02/08/2324m 34s

Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.

C2-as-a-service with APTs as the customers. Cyberespionage activity by Indian APTs. Gamers under attack. StarLink limits Ukrainian access to its systems. The EU levies new sanctions against “digital information manipulation.” Ukraine's Security Service takes down money-laundering exchanges. Ben Yelin unpacks fediverse security risks. Our guests are Mike Marty, CEO of The Retired Investigators Guild, & Tom Brennan, executive director of CREST, discussing their efforts on cybercrime investigation and cold case resolution. And Nozomi's OT IoT security report, sees a lot of opportunistic, low-grade whacking at industrial organizations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/145 Selected reading. Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) (Halcyon)  APT Bahamut Targets Individuals with Android Malware Using Spear Messaging - CYFIRMA (CYFIRMA)  Hackers steal Signal, WhatsApp user data with fake Android chat app (BleepingComputer) Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (The Hacker News) Hackers exploit BleedingPipe RCE to target Minecraft servers, players (BleepingComputer)  Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies (Dark Reading)  Call of Duty worm malware used to hack players exploits years-old bug  (TechCrunch)  Elon Musk 'refuses to turn on Starlink' for Crimea drone attack (The Telegraph) How Elon Musk Was Able to Exert Control in Ukraine War (The Street) EU strikes Russia again as digital infowar rages on (Cybernews)  Ukraine Cracks Down on Illicit Financing Network (Gov Info Security)  Unpacking the OT & IoT Threat Landscape with Unique Telemetry Data (Nozomi Networks)  China's Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure (Dark Reading) Learn more about your ad choices. Visit megaphone.fm/adchoices
01/08/2329m 11s

The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.

The US issues a National Cyber Workforce and Education strategy. Hunting Chinese malware staged in US networks. CISA warns of Barracuda backdoor. WikiLoader malware is discovered. P2Pinfect is a malware botnet targeting publicly-accessible Redis servers. Johannes Ullrich from SANS describes attacks against YouTube content creators. Rick Howard previews his conversation with AWS Ciso CJ Moses. And Russia’s SVR continues cyberespionage against Ukrainian and European diplomatic services. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/144 Selected reading. FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent (The White House)  National Cyber Workforce and Education Strategy: Unleashing America’s Cyber Talent (The White House) The White House releases the US National Cyber Workforce and Education Strategy. (CyberWire) US hunts Chinese malware staged to interfere with US military operations. (CyberWire) U.S. Hunts Chinese Malware That Could Disrupt American Military Operations (New York Times) CISA Releases Malware Analysis Reports on Barracuda Backdoors (Cybersecurity and Infrastructure Security Agency CISA)CISA: New Submarine malware found on hacked Barracuda ESG appliances (BleepingComputer)  Out of the Sandbox: WikiLoader Digs Sophisticated Evasion (Proofpoint)  Cado Security Labs Encounter Novel Malware, Redis P2Pinfect (Cado Security)  P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm (Unit 42) BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware (Recorded Future) BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware (Recorded Future Insikt Group)  BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (The Hacker News) Learn more about your ad choices. Visit megaphone.fm/adchoices
31/07/2326m 44s

Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]

Morgan Adamski from the National Security Agency (NSA) sits down to talk about her path to getting into cybersecurity. Remembering back to when she was a kid, she recalls using old technology to chat with friends online, that's where it all began for Morgan. She shares how in high school she fell in love with the concept of debating and being on a team. During her high school career, 9/11 occurred, and she became fascinated with who was behind the biggest attack America had seen in the 21st century, driving her to pursue a degree in National Security. Coming out of college, she was able to get a job in the DIA, after working there for two years, she found herself at the NSA, where she is now. Morgan shares how her leadership style helps her to not only connect dots on problems, but also see around corners, saying "it's not just about connecting the dots, it's about seeing around the corners and so that helps me better predict, um, how do I build an organization that's successful three to five years down the road." We thank Morgan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/07/238m 18s

Phishing for leeches. [Research Saturday]

Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks." Researchers recently discovered over a dozen malicious packages published to the npm open source repository. These packages are targeting Microsoft 365 users and appear to target application end users while also supporting email phishing campaigns. Research supports that the malicious campaign encompassed more than a dozen files designed to steal sensitive user credentials. The research states "This most recent campaign caught our attention because of a number of features and characteristics in related npm packages that correlate with malicious intent." The research can be found here: Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks Learn more about your ad choices. Visit megaphone.fm/adchoices
29/07/2319m 30s

A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.

A joint warning on IDOR vulnerabilities. IcedID’s BackConnect protocol evolves over one year. Cl0p claims to have accessed data from another Big Four accounting firm. Ransomware victims increased significantly in 2023. Cyberattacks support influence operations. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger joins us to discuss the Biden Administration's recent cyber initiatives. Eric Goldstein, Executive Assistant Director at CISA, looks at cybersecurity performance goals. And spelling counts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/143 Selected reading. Preventing Web Application Access Control Abuse (Joint Cybersecurity Advisory: ACSC, NSA, CISA)  Inside the IcedID BackConnect Protocol (Part 2) (Team Cymru)  Deloitte denies Cl0p data breach impacted client data in wake of MOVEit attack (ITPro)  Ransomware Report: Q2 2023 (ReliaQuest) Kenya ICT minister admits cyber-attack on eCitizen portal, insists data secure (The East African) Anonymous Sudan: the group behind recent anti-Kenya cyberattacks (TechCabal)  Kenya President Ruto to skip Russia-Africa Summit (The East African) UK accidentally sent military emails meant for US to Russian ally (POLITICO) Learn more about your ad choices. Visit megaphone.fm/adchoices
28/07/2331m 24s

Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites

The Mirai botnet afflicts Tomcat. CardioComm services are downed by cyberattack. Uptycs calls infostealers “organization killers" as related security incidents double in a year. Legacy third-party risk management practices meet with dissatisfaction. Cyber skill gaps reported in the UK's workforce. Our guest is George Prichici of OPSWAT with a look at a Microsoft Teams vulnerability. Our new Threat Vector segment features a conversation with David Moulton and Michael Sikorski on the potential threats from LLMs and AI. And SiegedSec hits NATO sites. On this first segment of Threat Vector, Michael "Siko" Sikorski, CTO & VP of Engineering for Unit 42, joins host David Moulton to discuss LLMs & AI and the impacts to expect on social engineering, phishing, and more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/142 Threat Vector links. Palo Alto Networks Unit 42 Selected reading. Tomcat Under Attack: Exploring Mirai Malware and Beyond (Aquasec) CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services (TechCrunch)  Detecting the Silent Threat: 'Stealers are Organization Killers' (Uptycs) Cyber security skills in the UK labour market 2023 (DSIT) NATO investigates alleged data theft by SiegedSec hackers (BleepingComputer) NATO investigating apparent breach of unclassified information sharing platform (CyberScoop)  SiegedSec Compromise NATO (Cyberint) Learn more about your ad choices. Visit megaphone.fm/adchoices
27/07/2328m 35s

A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.

FraudGPT is a chatbot with malign intent. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. Tim Starks from Washington Post's Cybersecurity 202 on the White House’s new National Cyber Director nominee. Maria Varmazis speaks with David Luber, Deputy Director of NSA's Cybersecurity Directorate, on space systems as critical infrastructure. And a kinetic strike against a cyber target: Ukrainian drones may have hit Fancy Bear’s Moscow digs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/141 Selected reading. FraudGPT: The Villain Avatar of ChatGPT (Netenrich)  Stealer Logs & Corporate Access (Flare) Over 400,000 corporate credentials stolen by info-stealing malware (BleepingComputer) The Alarming Rise of Infostealers: How to Detect this Silent Threat (The Hacker News) Conti and Akira: Chained Together (Arctic Wolf) Ukraine-Russia war: Ukraine vows further drone strikes on Moscow and Crimea (The Telegraph)  Learn more about your ad choices. Visit megaphone.fm/adchoices
26/07/2326m 55s

Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.

A zero-day attack of undetermined origin targets government offices in Norway. Russia accuses the US of cyber aggression. Data breaches exact a rising cost. 74% of survey respondents say their company would pay ransom to recover stolen or encrypted data. Executives and security teams differ in their perception of cyber threat readiness. Mr. Security Answer Person John Pescatore looks at risk metrics. Joe Carrigan on a new dark market AI tool called Worm GPT. And Apple issues urgent patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/140 Selected reading. Norway says Ivanti zero-day was used to hack govt IT systems (BleepingComputer) Norway investigates cyberattack affecting 12 government ministries (Record) Norwegian government IT systems hacked using zero-day flaw (BleepingComputer) Putin ally accuses US of planning cyberattacks on Russian critical infrastructure (Al Arabiya English)  Cost of a Data Breach Report 2023 (IBM Security) Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments (Coveware)  2023 Cyber Threat Readiness Report (Swimlane)  Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Apple fixes 16 security flaws with iOS 16.6, two actively exploited (9to5Mac) Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs (The Hacker News) Apple fixes new zero-day used in attacks against iPhones, Macs (BleepingComputer)  iOS 16.6: Apple Suddenly Releases Key iPhone Update With Urgent Fixes (Forbes)  Learn more about your ad choices. Visit megaphone.fm/adchoices
25/07/2325m 57s

DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.

North Korea's increasingly supple cyber offensives. A look at Cl0p. The NetSupport RAT's fake update vectors. HotRat is a Trojan that accompanies illegally pirated software and games. Crackable radio encryption standard: a bug or a feature? Chris Novak from Verizon discusses ransomware through the lens of the DBIR. Carole Theriault describes a ransomware attack that hit close to home. And an alleged money-laundering crypto-rapper is back in the news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/139 Selected reading. North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant (Mandiant) Ransomware Roundup - Cl0p (Fortinet Blog) FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT (Malwarebytes) Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (Vice)  Unmasking HotRat: The hidden dangers in your software downloads (Avast) Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (Vice)  Crypto rapper 'Razzlekhan,' husband reach plea deal over Bitfinex hack laundering (Reuters) Learn more about your ad choices. Visit megaphone.fm/adchoices
24/07/2324m 34s

Don Welch: Being a good leader. [CIO] [Career Notes]

Don Welch, Chief Information Officer from New York University sits down to share his exciting start into his cyber career. Much like many other people who started in this industry, Don went into the military, which is where it all started for him. He was told he needed to take two specialties, and so along with mechanical engineering, he decided to go into computer science as well. After taking his two crafts, he decided to leave the Army and go into the civilian world where he took a couple jobs in cyber. He landed a few jobs at different prestigious universities, including Penn State University, University of Michigan, and now New York University. He shares that being a good leader will take you far in life, saying "I will say that if you are a great leader, ultimately, you sit in your office and do nothing because you have developed your team and empowered them, and they're making all the decisions, everything runs like clockwork and you have nothing to do." We thank Don for sharing is story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/07/2310m 24s

Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]

With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat. In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud’s Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/07/2330m 49s

Welcome to New York, it's been waitin' for you. [Research Saturday]

Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review." Proofpoint shares it's findings and what you can expect from the threat group. The research can be found here: Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware Learn more about your ad choices. Visit megaphone.fm/adchoices
22/07/2318m 32s

Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).

The Lazarus Group targets developers. Threat actors target the banking sector with fake LinkedIn profiles and open source supply chain attacks. Vulnerabilities reported in OpenMeetings. HTML smuggling is sold in the C2C market. Johannes Ullrich from SANS describes attacks against niche web apps. Our guest is Damir Brecic of Inversion6 discussing the privacy and security concerns of Meta's new Threads app. And Romania's SVR reports a pattern of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/138 Selected reading. GitHub warns of Lazarus hackers targeting devs with malicious projects (BleepingComputer) Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says (Record) Security alert: social engineering campaign targets technology industry employees (The GitHub Blog) First Known Targeted OSS Supply Chain Attacks Against the Banking Sector (Checkmarx) A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State (Sonar)  Fresh Phish: HTML Smuggling Made Easy, Thanks to a New Dark Web Phish Kit (INKY)  KillNet Showcases New Capabilities While Repeating Older Tactics (Mandiant). Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. (CyberScoop). Anonymous Sudan DDoS strikes dominate attacks by KillNet collective (SC Media) Romanian Intelligence General: All Russian secret services attempted cyber attacks against Romania (ACTMedia) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/07/2323m 0s

Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.

Sophos analyzes malvertising through purchased Google Ads. The MOVEit vulnerability is remediated faster than most. The DeliveryCheck backdoor is used against Ukrainian targets. SORM is under stress. Ukrainian police roll up another bot farm working in support of Russian influence operations. AJ Nash from ZeroFox provides insights on the White House cybersecurity labeling program. David Moulton from Palo Alto Networks Unit 42 introduces his new segment "Threat Vector." And we bid farewell to Kevin Mitnick. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/137 Selected reading. Bad ad fad leads to IcedID, Gozi infections (Sophos News) New research reveals rapid remediation of MOVEit Transfer vulnerabilities (Bitsight)  GRIT Ransomware Report-2023-Q2 (Guidepoint Security)  Russia’s Turla hackers target Ukraine’s defense with spyware (Record)  Russian Hackers Probe Ukrainian Defense Sector With Backdoor (Bank Info Security)  Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says (Record)  Ukraine’s cyber police dismantled a massive bot farm spreading propaganda (Security Affairs) Kevin David Mitnick, August 6, 1963 - July 16, 2023. (Dignity Memorial) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/07/2328m 35s

Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.

Vulnerabilities are identified and patched in Citrix Netscaler products and Adobe Coldfusion. The banking sector should be monitoring the dark web for leaked credentials and insider threats. Spyware vendors are added to the US Entity List. WhatsApp accounts may be at risk. Verizon’s Chris Novak shares insights on Log4j from this year’s DBIR. Our guest is Candid Wüest of Acronis discussing the findings of their Year-end Cyberthreats Report. Skirmishes in the cyber phases of Russia's war. And how do you demobilize cyber forces (especially the auxiliaries) once the war is over? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/136 Selected reading. Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns  New critical Citrix ADC and Gateway flaw exploited as zero-day (BleepingComputer)  Citrix alerts users to critical vulnerability in Citrix ADC and Gateway (Computing) Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA (Record) Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities (Rapid7) Dark Web Threats Against The Banking Sector › Searchlight Cyber (Searchlight Cyber) WhatsApp Remote Deactivation Warning For 2 Billion Users (Forbes) The United States Adds Foreign Companies to Entity List for Malicious Cyber Activities - United States Department of State (United States Department of State)  Commerce Adds Four Entities to Entity List for Trafficking in Cyber Exploits (Bureau of Industry and Security)  Russian hackers may be behind 'DDoS' attack on NZ Parliament website (Stuff)  Russian medical lab suspends some services after ransomware attack (Record)  If you want peace, prepare for… cyberwar - Friends of Europe (Friends of Europe)  Learn more about your ad choices. Visit megaphone.fm/adchoices
19/07/2329m 23s

Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).

The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) Free Tools for Cloud Environments (CISA) NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget)  Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record) JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer) JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing)  JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch) JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica) [Security Update] Incident Details - JumpCloud (JumpCloud) July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud) FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom) RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices
18/07/2330m 28s

Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.

WormGPT is a new AI threat. TeamTNT seems to be back. Chinese intelligence services actively pursue British MPs. Gamaredon's quick info theft. Russia’s FSB bans Apple devices. The troll farmers of the Internet Research Agency may not yet be down for the count. Anonymous Sudan claims a "demonstration" attack against PayPal, with more to come. Carole Theriault looks at popular email lures. My conversation with N2K president Simone Petrella on the White House’s National Cybersecurity Strategy Implementation Plan. And, friends, don’t take this typo to Timbuktu. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/134 Selected reading. WormGPT, an "ethics-free" text generator. (CyberWire) TeamTNT (or someone a lot like them) may be preparing a major campaign. (CyberWire) Chinese government hackers ‘frequently’ targeting MPs, warns new report (Record)  Gamaredon hackers start stealing data 30 minutes after a breach (BleepingComputer)  Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise (Security Affairs) Armageddon in Ukraine – how one Russia-backed hacking group operates (CyberSecurity Connect) Russian hacking group Armageddon increasingly targets Ukrainian state services (Record) Russia bans officials from using iPhones in U.S. spying row (Apple Insider) Prigozhin's Media Companies May Resume Work As Mutiny Fallout Dissipates, FT Reports (Radio Free Europe | Radio Liberty) Anonymous Sudan claims it hit PayPal with 'warning' DDoS cyberattack (Tech Monitor)  Typo leaks millions of US military emails to Mali web operator (Financial Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
17/07/2325m 5s

Jennifer Addie: Finding creative solutions. [COO] [Career Notes]

Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up Jennifer always loved the human side of things, and learning that she had a knack for computers helped her to realize what type of field she wanted to pursue as an adult. She started working jobs dealing in programming, database administration, product development, and it was there in the design of those products where she felt the deep need for security, emerging as critical in her consciousness. She shares how she likes to be on a personal level with the people she works with, always wondering where people came from and why they are passionate, being a very interactive leader. Jennifer also says that she believes bringing creativity into the field is what helps her solve any form of problem the best stating "I absolutely agree with the idea that, that creativity is far more than artistic capability. It is very much centered on problem solving and in fact, the master's degree that I received in creativity focuses on creative problem solving as a process." We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/07/239m 46s

SCARLETEEL zaps back again. [Research Saturday]

Michael Clark from Sysdig joins with Dave to discuss their research on SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. New research from Sysdig threat researchers found that the group continues to thrive with improved tactics. Most recently, they gained access to AWS Fargate, a more sophisticated environment to breach, thanks to their upgraded attack tools. The research states "In their most recent activities, we saw a similar strategy to what was reported in the previous blog: compromise AWS accounts through exploiting vulnerable compute services, gain persistence, and attempt to make money using cryptominers." Had Sysdig not thwarted SCARLETEEL's attack, they estimated that they would have mined $4,000 per day until they were stopped. The research can be found here: SCARLETEEL 2.0: Fargate,Kubernetes, and Crypto Learn more about your ad choices. Visit megaphone.fm/adchoices
15/07/2317m 22s

Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.

Developments in the case of China's cyberespionage against government Exchange users. Industrial controller vulnerabilities pose a risk to critical infrastructure. USB attacks have risen three-fold in the first half of 2023. CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog. Ghostwriter's continued activity focuses on Poland and Ukraine. Hacktivist auxiliaries swap DDoS attacks. Awais Rashid from University of Bristol shares insights on threat modeling. Our guest is Chris Cochran from Huntress on the challenges small and medium sized businesses face with cyber security. And lessons learned from cyber warfare in Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/133 Selected reading. UK says it's working with Microsoft to understand impact of Chinese email hack (Reuters)  What we know (and don’t know) about the government email breach (Washington Post) Yet Another MS CVE: Don’t Get Caught In The Storm! (Cynet) China Hacking Was Undetectable for Some Who Had Less Expensive Microsoft Services (Wall Street Journal) Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure (SecurityWeek) Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks (The Hacker News)  USB drive malware attacks spiking again in first half of 2023 (BleepingComputer) CISA Adds Two Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) Malicious campaigns target government, military and civilian entities in Ukraine, Poland (Cisco Talos Blog) Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says (Record) Crowdsourced Cyber Warfare: Russia and Ukraine Launch Fresh DDoS Offensives (CEPA). Cyber Operations during the Russo-Ukrainian War (CSIS) Learn more about your ad choices. Visit megaphone.fm/adchoices
14/07/2330m 52s

Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.

CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/132 Selected reading. CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom (WIRED) Chinese hackers breached U.S. and European government email through Microsoft bug (Record) FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan | The White House (The White House) National Cybersecurity Strategy Implementation Plan (White House) LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros (Fortinet Blog) New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware (Uptycs) Russia Is Trying to Leave the Internet and Build Its Own (Scientific American) The GRU's Disruptive Playbook (Mandiant)  Hack Blamed on Wagner Group Had Another Culprit, Experts Say (Bloomberg)  Learn more about your ad choices. Visit megaphone.fm/adchoices
13/07/2332m 18s

Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.

A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsoft’s recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/131 Selected reading. Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues) Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center) Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post)  U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal) Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (Cisco Talos Blog) Storm-0978 attacks reveal financial and espionage motives (Microsoft Security)  Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer)  Diplomats Beware: Cloaked Ursa Phishing With a Twist (Unit 42) Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW (Reuters) Threat spotlight: Extortion attacks (Barracuda) The SpyCloud Malware Readiness And Defense Report (SpyCloud) July 2023 Security Updates (Security Update Guide - Microsoft Security Response Center) Microsoft Releases July 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA)  Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws (BleepingComputer)  Fortinet Releases Security Update for FortiOS and FortiProxy (Cybersecurity and Infrastructure Security Agency CISA) Adobe Releases Security Updates for ColdFusion and InDesign (Cybersecurity and Infrastructure Security Agency CISA)  Apple's Rapid Security Response Patches Causing Website Access Issues (SecurityWeek)  SAP Security Patch Day – July 2023 (SAP) Return of the ICMAD Critical Vulnerabilities in 2023 (Onapsis) Learn more about your ad choices. Visit megaphone.fm/adchoices
12/07/2332m 33s

Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.

NATO considers Article 5 in cyberspace, while Cyberattacks conducted in the Russian interest target the NATO summit. Anonymous Sudan remains a nuisance-level irritant. Cl0p's surprising use of MOVEit exploits. Asylum Ambuscade is a case study in privateering. There are reports of a breach at Razer. An indictment in a cyber incident at a California water treatment facility. Genesis Market's fire sale. Carole Theriault on the data Amazon customers provide with some suggestions on curbing it. Our guest is Dmitry Bestuzhev, senior director in Cyber Threat Intelligence for Blackberry. And Amazon Prime Day is upon us–the crooks have noticed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/130 Selected reading. A Cybersecurity Wish List Ahead of NATO Summit (SecurityWeek) NATO’s Christian-Marc Lifländer on how the alliance can take a ‘proactive’ cyber stance (Record) Ukraine has set the standard on software power (POLITICO) RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit (BlackBerry) Threat group testing more sophisticated DDoS hacks, authorities warn (Cybersecurity Dive) Move It on Over: Reflecting on the MOVEit Exploitation (Huntress) Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day (SC Media)  Asylum Ambuscade: crimeware or cyberespionage? (WeLiveSecurity) Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage (Infosecurity Magazine) Razer investigates data breach claims, resets user sessions (BleepingComputer)  Razer Data Breach: Alleged Database and Backend Access Sold for $100k (HackRead) Alleged Razer data breach: Hacker demands US$100K in crypto in exchange for stolen data (Vulcan Post) Razer gets pwned as hackers steal source code (Cyber Security Connect)  Razer Cyber Attack: Gaming Hardware Giant Faces Data Breach (The Cyber Express)  Amazon Prime Day: Buyers Beware of Phishing Campaigns Targeting Online Shoppers (Veriti) Tracy Resident Charged With Computer Attack On Discovery Bay Water Treatment Facility (US Attorney for the Northern District of California) Tracy man indicted for illegally accessing water treatment network (CBS News) Technician Indicted for Hacking California Water Treatment Facility (HackRead) Tracy Man Charged With Computer Attack On Discovery Bay Water Treatment Facility (Contra Costa News)  Genesis Market gang tries to sell platform after FBI disruption (Record)  Amazon Prime Day: Buyers Beware of Phishing Campaigns Targeting Online Shoppers (Veriti)  Learn more about your ad choices. Visit megaphone.fm/adchoices
11/07/2327m 19s

New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.

New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit patches. The FBI’s Deputy Assistant Director for Cyber Cynthia Kaiser joins us with examples of the agency’s technical disruption operations. Our guest is Scott Piper Principal Cloud Security Researcher at Wiz sharing findings of their State of the Cloud 2023 report. And Telegram's role in news about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/129 Selected reading. M365 Phishing Email Analysis – eevilcorp (Vade Secure) New Phishing Attack Spoofs Microsoft 365 Authentication System (HackRead) Tailing Big Head Ransomware’s Variants, Tactics, and Impact (Trend Micro) New ‘Big Head’ ransomware displays fake Windows update alert (BleepingComputer) Unfolding Cybersecurity Crisis: Aptos Network and Multichain Face Cyber-Attacks (CryptoMode) More than $125 million taken from crypto platform Multichain (Record) Exploit of Fantom, Moonriver and Dogechain Crypto Bridges Confirmed by Multichain Team (CoinDesk) CISA Adds One Known Vulnerability to Catalog (CISA) Google patches 43 Android Vulnerabilities Including 3 actively exploited zero-days (Cyber Security News)  Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities (CISA) After Zero-Day Attacks, MOVEit Turns to Security Service Packs (SecurityWeek) Killnet as a private military hacking company? For now, it's probably just a dream (Record) Telegram has become a window into war (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices
10/07/2331m 15s

Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]

Eric Tillman, Chief Intelligence Officer at N2K Networks sits down and shares his incredibly creative journey. Eric loved being creative from a young age. When he started to think about a career he wanted to incorporate his love of creativity into his love for tech and turn it into an intelligence career. Eric started by joining the Navy, which set him on this path to work in cyber where he shared his talents with several big companies, including, Booz Allen Hamilton, Lockheed Martin, and Okta, eventually ending up at our very own N2K Networks. Eric shares the advice that there is something for everyone in this field, and even though he wanted to start his journey in a creative way, he found that combining his love for tech and art helped him to pave the way to where he is now. He says " A lot of people get here from a very technical background and um, it really almost doesn't matter um, where you came from, there is something in cybersecurity that takes advantage of the skills that you bring to the table and, um, either way, there's plenty of room here for everyone." We thank Eric for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/07/2311m 24s

Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]

Moez Kamel, Threat Management Specialist at IBM Security, joins us on T-Minus Deep Space for a special edition all about the cybersecurity ecosystem in the New Space industry. You can follow Moez on LinkedIn and his work at IBM’s Security Intelligence blog. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on Twitter and LinkedIn. Selected Reading Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in the New Space Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space  Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges     Audience Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/07/2332m 36s

Creating PANDA-monium. [Research Saturday]

Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA.  With CISA’s advisory on VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrike’s blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review in detail. Falcon Complete responded to a detection that was triggered by suspicious reconnaissance commands executed under an Apache Tomcat web server running ManageEngine ADSelfService Plus." The research can be found here: Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft Learn more about your ad choices. Visit megaphone.fm/adchoices
08/07/2317m 3s

Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.

US and Canadian agencies warn of Truebot. A look at "Operation Brainleaches." Jumpcloud resets API keys. An update on the MOVEit vulnerability exploitation. Andrea Little Limbago from Interos shares insights on rising geopolitical instability. Our guest is Mike Hamilton from Critical Insight discussing what you need to know about NIST 2.0. OSCE trains Ukrainian students in cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/128 Selected reading. CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA) Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA)  Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks (ReversingLabs) Mandatory JumpCloud API Key Rotation (JumpCloud) JumpCloud resets admin API keys amid ‘ongoing incident’ (BleepingComputer) JumpCloud Says All API Keys Invalidated to Protect Customers (SecurityWeek) More organizations confirm MOVEit-related breaches as hackers claim to publish stolen data (TechCrunch) Important information about MOVEit Transfer cyber security incident | Shell Global (Shell Global) Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data (SecurityWeek) OSCE helps future generation of Ukraine’s law enforcers and emergency personnel build skills for safe work in cyberspace (OSCE) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/07/2330m 22s

The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.

LockBit 3.0 claims responsibility for Nagoya ransomware attack. Charming Kitten sighting. Spyware infested apps found in Google Play. Threats and risks to electric vehicle charging stations. Solar panels and cyberattacks. Dave Bittner speaks with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, to talk about CISA’s effort for companies to build safety into tech products.Rick Howard sits down with Clarke Rodgers of AWS to discuss the mechanics of CISO roundtables. And Hacktivist auxiliaries remain active in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/127 Selected reading. Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times)  Port of Nagoya resumes operations later than planned after Russian hack (The Japan Times)  Ransomware Halts Operations at Japan's Port of Nagoya (Dark Reading)  Nagoya Port Faces Disruption After Ransomware Attack (Infosecurity Magazine)  Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware | Proofpoint US (Proofpoint) Two spyware tied with China found hiding on the Google Play Store (Pradeo) EV Charger Hacking Poses a ‘Catastrophic’ Risk (WIRED)  Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek) The Continued Expansion of Cyber Incidents by Non-State Actors in the War in Europe (OODA Loop).   Russian railway site allegedly taken down by Ukrainian hackers (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
06/07/2326m 53s

Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.

Chinese cyberespionage campaign against European governments. The Port of Nagoya closes over ransomware attack. BlackCat and SEO poisoning. LockBit seeks to extort a semiconductor manufacturer. Professionals in the cyber underworld. CISA issued a DDoS alert for US companies and government agencies. Microsoft debunks claims of data theft by Anonymous Sudan. Matt O'Neill from the US Secret Service speaks with Dave Bittner about sextortion. Rick Howard sits down with Michael Fuller of AWS to talk about the kill chain. And Avast releases a free decryptor for Akira. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/126 Selected reading. Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research (Check Point Research) Hackers target European government entities in SmugX campaign (BleepingComputer) Chinese hackers target European embassies with HTML smuggling technique (Record) Japan’s largest port stops operations after ransomware attack (BleepingComputer)  BlackCat ransomware pushes Cobalt Strike via WinSCP search ads (BleepingComputer) BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (The Hacker News) TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant (SecurityWeek) TSMC confirms data breach after LockBit cyberattack on third-party supplier (TechCrunch) Taiwan Semiconductor Denies LockBit's $70M Hack Claim (Bank Info Security) Semiconductor giant says IT supplier was attacked; LockBit makes related claims (Record) DoS and DDoS Attacks against Multiple Sectors (Cybersecurity and Infrastructure Security Agency CISA) CISA issues DDoS warning after attacks hit multiple US orgs (BleepingComputer) Microsoft denies data breach, theft of 30 million customer accounts (BleepingComputer) Microsoft Denies Major 30 Million Customer-Breach (Infosecurity Magazine) Decrypted: Akira Ransomware (Avast Threat Labs) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/07/2325m 11s

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy Learn more about your ad choices. Visit megaphone.fm/adchoices
04/07/2335m 3s

Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.

This interview from June 16th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Will Markow, VP of Applied Research from Lightcast, to discuss how to use data to make strategic workforce decisions. You can also view the video of the full interview here: Simone Petrella and Will Markow discuss workforce management. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/07/2326m 56s

Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]

Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to step out of the agency into US cyber command to help take up a management position for the architecture and engineering division. From there, she continued her cybersecurity journey first as the exploration director before moving into where she is now. Liji shares that there were barriers along the way that she had to endure and hop over to get to the right path. She says "So there are challenges and barriers that come across constantly with our work. Um, one just has to pause and reflect on how we can work with it, around it, or influence like our stakeholders and jointly create a vision around it." We thank Liji for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/07/239m 52s

The power behind artificial intelligence. [Research Saturday]

Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT and unmanaged devices. Using ChatGPT, Forescout’s research team converted an existing OT exploit developed in Python to run on Windows to demonstrate how easy it is to create an AI-assisted attack that converts the original exploit into alternative programming languages. The research states "our goal was to convert an existing OT exploit developed in Python to run on Windows to the Go language using ChatGPT." This would then allow it to run faster on Windows and run easily on a variety of embedded devices. The research can be found here: AI-Assisted Attacks Are Coming to OT and Unmanaged Devices – the Time to Prepare Is Now Learn more about your ad choices. Visit megaphone.fm/adchoices
01/07/2318m 54s

CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.

US Federal Government working to secure management interfaces. NoName057(16)’s DDoSia campaign grows, and targets Wagner, post-insurrection. Update: Unidentified hackers attack Russian satellite communications company, claiming to be Wagner. The role of OSINT in tracking Russia's war. Manoj Sharma of Symantec discusses trends he's hearing about generative AI. Becky Weiss from AWS talks with Rick Howard about the math behind their security. Cyber awareness over a holiday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/125 Selected reading. CISA Wants Exposed Government Devices Remediated In 14 Days (Dark Reading) 50 US Agencies Using Unsecured Devices, Violating Policy (Bank Info Security) CISA working with agencies to pull exposed network tools from public internet (Record) Following NoName057(16) DDoSia Project’s Targets (Sekoia.io Blog) Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (BleepingComputer) Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group (CyberScoop) Hackers claim to take down Russian satellite communications provider (Record) Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism (Flashpoint)  Preparing for cyber threats over the Fourth of July. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
30/06/2331m 51s

Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.

8base ransomware is overlooked and spiking. GuLoader targets law firms. Akira ransomware for Linux systems targets VMs. Kaspersky tracks the Lazarus group: typos and mistakes indicating an active human operator. Charming Kitten goes spearphishing. Securing continuous integration/continuous delivery operations. No emojis for the SEC, please.Unconfirmed reports say the Wagner Group hacked a Russian satellite communications provider. Our guest is Hanan Hibshi from Carnegie Mellon's picoCTF team. Chris Novak from Verizon discusses their 2023 Data Breach Investigations Report (DBIR). And Anonymous Sudan wants you to know that they’re not just a bunch of deniable Russian crooks–where’s the love, man? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/124 Selected reading. 8Base Ransomware: A Heavy Hitting Player (VMware Security Blog)  GuLoader Campaign Targets Law Firms in the US (Morphisec)  Akira Ransomware Extends Reach to Linux Platform (Cyble)  Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign (Infosecurity Magazine) Charming Kitten Updates POWERSTAR with an InterPlanetary Twist (Volexity) CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments (National Security Agency/Central Security Service) Wall Street Regulators’ New Target: Emojis (Wall Street Journal)  Russian satellite telecom Dozor allegedly hit by hackers (Cybernews) Hacking Group Says It Attacked Microsoft for Sudan. Experts Say Russia’s Behind It (Bloomberg)  ‘Hactivists’ who targeted Microsoft claim they’re working for Sudan (Fortune) Learn more about your ad choices. Visit megaphone.fm/adchoices
29/06/2329m 13s

Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.

JokerSpy afflicts Macs. ThirdEye (not so blind). Mockingjay process injection as proof-of-concept. Switzerland expects Russia to increase cyberespionage as agent networks are disrupted. The fracturing of Conti, and the rise of its successors. The Washington Post’s Tim Starks explains the security of undersea cables. Our guest is ​​Brian Johnson of Armorblox to discuss Social Security Administration impersonation scams. And the "UserSec Collective" says it's recruiting hacktivists for the Russian cause.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/123 Selected reading. JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider)  Prominent cryptocurrency exchange infected with previously unseen Mac malware (Ars Technica) New Fast-Developing ThirdEye Infostealer Pries Open System Information (Fortinet Blog) Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution (Security Joes) New Mockingjay Process Injection Technique Could Let Malware Evade Detection (The Hacker News) New Mockingjay process injection technique evades EDR detection (BleepingComputer) Ukraine war made Switzerland hub for Chinese, Russian spies: Swiss intelligence (South China Morning Post)  Swiss intelligence warns of fallout in cyberspace as West clamps down on spies (Record)  The rise and fall of the Conti ransomware group (Global Initiative)  The Trickbot/Conti Crypters: Where Are They Now? (Security Intelligence)                                                                                                                        Ukraine at D+489: An influence contest, post-mutiny. (CyberWire)  Learn more about your ad choices. Visit megaphone.fm/adchoices
28/06/2328m 22s

Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.

Anatsa Trojan reveals new capabilities. Airlines report employee data stolen in a third-party breach. Canadian energy company SUNCOR reports a cyberattack. What of the Internet Research Agency? Microsoft warns of a rising threat to infrastructure. Joe Carrigan describes an ill-advised phishing simulation. Mr. Security Answer Person John Pescatore takes on zero days. And DDoS grows more sophisticated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/122 Selected reading. Anatsa banking Trojan hits UK, US and DACH with new campaign (TreatFabric)  Anatsa Android trojan now steals banking info from users in US, UK (BleepingComputer)  Thousands of American Airlines and Southwest pilots impacted by third-party data breach (Bitdefender) American Airlines, Southwest Airlines disclose data breaches affecting pilots (BleepingComputer)  American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider (SecurityWeek) Recruitment portal exposes data of US pilot candidates (Register)  Suncor Energy says it experienced a cybersecurity incident (Reuters) Suncor Energy cyberattack impacts Petro-Canada gas stations (BleepingComputer)  Canadian oil giant Suncor confirms cyberattack after countrywide outages (Record)  Wagner and the troll factories (POLITICO) Cyber risks to critical infrastructure are on the rise (CEE Multi-Country News Center) The lowly DDoS attack is showing signs of being anything but (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
27/06/2327m 46s

Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.

Russian ISPs blocked Google News as tension with the Wagner Group mounted Friday. Ukrainian hacktivist auxiliaries break into Russian radio broadcasts. New EU sanctions are directed against Russian IT firms. Transparent Tribe resurfaces against Indian military and academic targets. Unauthorized access is the leading cause of data breaches for the fifth year in a row. Trojanized Super Mario Brothers game spreads SupremeBot malware. Today, guests discuss the cybersecurity skills gap. Paul Rebasti of Lockheed Martin shares what they are doing to fill cybersecurity skills gap. Jenny Brinkley joins us from AWS Re:Inforce discusses opportunities from the cybersecurity skills gap. And law enforcement agencies seize BreachForums' web domain.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/121 Selected reading. Ukraine at D+487: After the march on Moscow. (CyberWire) Ukraine at D+486: The march on Moscow is over. (CyberWire) Ukraine at D+485: “We are dying for the Russian people.” (CyberWire) U.S. spies learned in mid-June Prigozhin was planning armed action in Russia (Washington Post)  Google News Blocked in Russia as Feud With Mercenary Leader Intensifies (New York Times) Air War: Pro-Ukraine Hackers Increasingly Breaking Into Russian Broadcasts With Anti-Kremlin Messages (RadioFreeEurope/RadioLiberty) Fresh EU sanctions hit Russian IT firms (Computing) Pakistan based hackers target Indian Army, education sector in new cyber attack (Telangana Today) Pakistan-based hackers target Indian Army, education sector in new cyber attack (PGURUS) ‘Transparent Tribe’ comes out of hiding (Pune Times Mirror)  2023 ForgeRock Identity Breach Report (ForgeRock) Trojanized Super Mario Game Installer Spreads SupremeBot Malware (Cyble) Trojanized Super Mario game used to install Windows malware (BleepingComputer) FBI seizes BreachForums after arresting its owner Pompompurin in March (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices
26/06/2330m 53s

Slavik Markovich: Time is of the essence. [CEO] [Career Notes]

Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry, which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to where he is now in his career. He shares that as a CEO and found of multiple companies he values time and hard workers. He says " I think we really stress the importance of, uh, of responsibility. So if, if you kinda take something, you, you make sure to finish it and on time, if you promise to do something, you do that. And so that's really important for us." We thank Slavik for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/06/237m 56s

Unleashing the crypto gold rush. [Research Saturday]

Ian Ahl from Permiso's PØ Labs joins Dave to discuss their research on "Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor." First observing the group in 2021, they discovered GUI-vil is a financially motivated threat group primarily focused on unauthorized cryptocurrency mining activities. The research states "the group has been observed exploiting Amazon Web Services (AWS) EC2 instances to facilitate their illicit crypto mining operations." This group is dangerous because unlike many groups focused on crypto mining, GUI-Vil apply a personal touch when establishing a foothold in an environment. The research can be found here: Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor Learn more about your ad choices. Visit megaphone.fm/adchoices
24/06/2323m 39s

Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.

An update on Barracuda ESG exploitation. Camaro Dragon’s current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives (Check Point Research) Chinese malware accidentally infects networked storage (Register) Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware (Akamai). Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (BleepingComputer)  Neuberger: Ukraine experiencing a ‘surge’ in cyberattacks as it executes counteroffensive (Record)  Microsoft warns of rising NOBELIUM credential attacks on defense sector (HackRead). Anonymous Sudan: neither anonymous nor Sudanese (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
23/06/2334m 1s

Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.

North Korea's APT37 deploys FadeStealer to steal information from its targets. Apple patches vulnerabilities under active exploitation. Access to a US satellite is being hawked in a Russophone cybercrime forum. Russian hacktivist auxiliaries say they’ve disrupted IFC.org. Unmasking pig-butchering scams. Social engineering as a method of account takeover. Fraudsters seen abusing generative AI. Sergey Medved from Quest Software describes the “Great Cloud Repatriation”. Mark Ryland of AWS speaks with Rick Howard about software defined perimeters. And embedded URLs in malware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/119 Selected reading. RedEyes Group Wiretapping Individuals (APT37) (Ahn Lab) Apple fixes iPhone software flaws used in widespread hacks of Russians (The Washington Post) Apple issues emergency patch to address alleged spyware vulnerability (Cyberscoop) Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! (Sophos) Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead) Well done. Russian hackers shut down the IMF (Dzen.ru) Why Malware Crypting Services Deserve More Scrutiny (KrebsOnSecurity) Unmasking Pig-Butchering Scams And Protecting Your Financial Future (Trend Micro) Classic Account Takeover via the Direct Deposit Change (Avanan) Q2 2023 Digital Trust & Safety Index (Sift) Compromised Domains account for over 50% of Embedded URLs in Malware Phishing Campaigns (Cofense) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/06/2331m 49s

A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.

The Flea APT sets its sights on diplomatic targets. An update on the Cl0p gang’s exploitation of a MOVEit vulnerability. Unpatched TP-Link Archer routers are meeting their match in the Condi botnet. The Muddled Libra threat group compromises companies in a variety of industries. A look into passwordless authentication. Derek Manky of Fortinet describes the Global Threat Landscape. Rick Howard speaks with Rod Wallace from AWS about data lakes. And Fancy Bear noses its way into Ukrainian servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/118 Selected reading. Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries (Symantec) Ke3chang (MITRE) Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (The Record) PwC and EY impacted by MOVEit cyber attack (Cybersecurity Hub) Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack (SecurityWeek) MOVEit hack: Gang claims not to have BBC, BA and Boots data (BBC) US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 (Fortinet) CVE-2023-1389 Detail (NIST) Download for Archer AX21 V3 (TP-Link) Threat Group Assessment: Muddled Libra (Unit 42) Axiad and ESG Survey: 82% of Respondents Indicate Passwordless Authentication is a Top Five Priority (PR Newswire) APT28 group used three Roundcube exploits (CVE-2020-35730, CVE-2021-44026, CVE-2020-12641) during another espionage campaign (CERT-UA#6805) (CERT-UA) BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities (The Record) CVE-2020-35730 Detail (NIST) CVE-2023-23397 Detail (NIST) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/06/2328m 22s

Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.

The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomware gang. KillNet, REvil, and Anonymous Sudan form a "DARKNET Parliament" and “sanction” the European banking system. The British Government commits £25 million in cybersecurity aid to Ukraine. Ben Yelin explains cyber disclosure rules proposed by the SEC. Rick Howard speaks with Nancy Wang of AWS about the importance of backups and restores. And what researchers are turning up in cloud honeypots. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/117 Selected reading. Reddit: Hackers demand $4.5 million and API policy changes (Computing) Mystic Stealer – Evolving “stealth” Malware (Cyfirma) Mystic Stealer: The New Kid on the Block (Zscaler) Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (Bitdefender) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) CVE-2023-35708 Detail (NIST) U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims (Reuters) US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks (SecurityWeek) A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations (CyberCX) Anonymous Sudan: Religious Hacktivists or Russian Front Group? (Trustwave) UK to give Ukraine major boost to mount counteroffensive (UK Government) 2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes (Orca Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/06/2328m 57s

Lorna Mahlock: Build bridges. [Combat support] [Career Notes]

Major General Lorna Mahlock, Deputy Director for Combat Support from the National Security Agency (NSA) sits down with Dave to discuss her long and impressive career leading up to he working for one of the most prestigious security agencies. Originally born in Kingston, Jamaica, Lorna immigrated to Brooklyn, New York and enlisted in the United States Marine Corps as a field radio operator. She shares how eye opening the military was for her, moving through ranks, and eventually landing into working at the Pentagon for the Chairman of the Joint Chiefs of staff. She moved around widening her array of paths, landing in her current role. Lorna shares some wisdom, mentioning how she likes to talk about ladders and how useful creating ladders in life can be, she says "I think about ladders in terms of horizontal component, in that you can create bridges, right? And, um, ways over obstacles, uh, for, for not only, uh, for yourself, but for others and an entire organization." We thank Lorna for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/06/239m 30s

Managing machine learning risks. [Research Saturday]

Our guest, Johannes Ullrich from SANS Institute, joins Dave to discuss their research on "Machine Learning Risks: Attacks Against Apache NiFi." Using their honeypot network, researchers were able to collect some interesting data about a threat actor who is currently going after exposed Apache NiFi servers. Researchers state “On May 19th, our distributed sensor network detected a notable spike in requests for ‘/nifi.’” Investigating further, they instructed a subset of their sensors to forward requests to an actual Apache NiFi instance and within a couple of hours the honeypot was completely compromised. The research can be found here: Machine Learning Risks: Attacks Against Apache NiFi Learn more about your ad choices. Visit megaphone.fm/adchoices
17/06/2318m 34s

The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.

The US Government discloses exploitations of MOVEit vulnerabilities, and the Department of Energy is targeted by the Cl0p gang. CISA releases an updated advisory for Telerik vulnerabilities affecting Government servers. Shampoo malware emerges with multiple persistence mechanisms. How the IT Army of Ukraine can exemplify a cyber auxiliary. Russophone gamers are being targeted with ransomware. An alleged LockBit operator has been arrested. The FBI’s Deputy Assistant Director for cyber Cynthia Kaiser joins us with cybercriminal trends and recent successes. Our guest is Will Markow from Lightcast, speaking with Simone Petrella about data-driven strategic workforce decisions. And a federal grand jury indicts the alleged Discord Papers leaker. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/116 Selected reading. US government hit by Russia's Clop in MOVEit mass attack (The Register) Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network) Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers (CISA) CVE-2019-18935 Detail (NIST) CVE-2017-9248 Detail (NIST) Cryptographic Weakness (Telerik) Shampoo: A New ChromeLoader Campaign (HP) Cyber attacks on Rotterdam and Groningen websites (World Cargo News) The Dynamics of the Ukrainian IT Army’s Campaign in Russia (Lawfare) Watch: Why early failures in Ukraine's counter-offensive aren't Russian victories (The Telegraph) Russian War Report: Anti-Ukrainian counteroffensive narratives fail to go viral (Atlantic Council) Threat Actor Targets Russian Gaming Community With WannaCry-Imitator (Cyble) Hackers infect Russian-speaking gamers with fake WannaCry ransomware (The Record) Russian national arrested in Arizona, charged for alleged role in LockBit ransomware attacks (CyberScoop) Suspected LockBit ransomware affiliate arrested, charged in US (BleepingComputer) Russian national arrested in US for deploying LockBit ransomware (The Record) Guardsman indicted on charges of disclosing classified national defense information (AP News) Charges Against Alleged Pentagon Leaker Jack Teixeira Explained (Newsweek) Jack Teixeira, Pentagon leaks suspect, indicted by federal grand jury (The Guardian) Learn more about your ad choices. Visit megaphone.fm/adchoices
16/06/2331m 25s

Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.

A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/115 Selected reading. Android GravityRAT goes after WhatsApp backups (ESET) Quarterly Adversarial Threat Report (Facebook) Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant) GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos) Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck) Darth Vidar: The Aesir Strike Back (Team Cymru) Tracking Diicot: an emerging Romanian threat actor (Cado Security) Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec) Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft) Destructive malware targeting Ukrainian organizations (Microsoft) Learn more about your ad choices. Visit megaphone.fm/adchoices
15/06/2328m 58s

CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.

CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation. AA23-165A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. See the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0 for information on strengthening an organization’s cybersecurity posture through implementing a prescriptive, prioritized, and simplified set of best. See the CIS Community Defense Model 2.0 (CDM 2.0) for the effectiveness of the CIS Controls against the most prevalent types of attacks and how CDM 2.0 can be used to design, prioritize, implement, and improve an organization’s cybersecurity program. See Blueprint for Ransomware Defense for a clear, actionable framework for ransomware mitigation, response, and recovery built around the CIS Controls. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/06/232m 43s

A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.

The Five Eyes, alongside a couple of allies, issue a LockBit advisory. AI aids in proofreading phishing attacks. Anonymous Sudan mounts nuisance-level DDoS attacks against US companies. France alleges a disinformation campaign conducted by Russian actors. KillNet says it's partnered with the less-well-known Devil Sec. The private cybersecurity industry's effect on the war in Ukraine. Carole Theriault ponders oversharing on social media. Our guest is Duncan Jones from Quantinuum on the threats of Harvest Now, Decrypt Later tactics. And a note on this month’s Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/114 Selected reading. Understanding Ransomware Threat Actors: LockBit (Joint Cybersecurity Advisory) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks (Abnormal Security) France Accuses Russia of Online Disinformation Campaign (Bloomberg) The Private Sector’s Evolving Role in Conflict—From Cyber Assistance to Intelligence (R Street) Microsoft Patches Critical Windows Vulns, Warns of Code Execution Risks (SecurityWeek) Patch Tuesday: Critical Flaws in Adobe Commerce Software (SecurityWeek) Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes (Naked Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
14/06/2322m 46s

CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.

CISA issues a new Binding Operational Directive. An update on CosmicEnergy. Hackers’ homage to fromage in attacks against the Swiss government. Ukraine's Cyber Police shut down a pro-Russian bot farm. Clothing and footwear retailers see impersonation and online fraud. A 2021 ransomware attack contributed to a hospital closing. A proof-of-concept exploit of a patched MOVEit vulnerability. An industry letter calls for a new framework on the White House cybersecurity strategy. Joe Carrigan examines a ChatGPT fueled phishing scam. Our guest is Neha Rungta, Applied Science Director at AWS Identity discussing Amazon Verified Permissions. And trends in cyber risks for small and medium businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/113 Selected reading. Binding Operational Directive 23-02 (US Cybersecurity and Infrastructure Security Agency) COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) Dragos Analysis Determines COSMICENERGY Is Not an Immediate Threat (Dragos) More than 4,000 bots to discredit the Defense Forces of Ukraine and spread propaganda in favor of Russia: the police of Vinnytsia eliminated a large-scale bot farm (Ukraine Cyber Police) Ukraine police raid social media bot farm accused of pro-Russia propaganda (The Record) Widespread Brand Impersonation Scam Campaign Targeting Hundreds of the Most Popular Apparel Brands (Bolster) An Illinois hospital is the first health care facility to link its closing to a ransomware attack (NBC News) Ransomware attack causes Illinois hospital to close (Becker’s Hospital Review) New BlackFog research: 61% of SMBs were victims of a cyberattack in the last year (BlackFog) Switzerland warns that a ransomware gang may have accessed government data (The Record) Swiss government warns of ongoing DDoS attacks, data leak (BleepingComputer) Swiss Government Targeted by Series of Cyber-Attacks (Infosecurity Magazine) DDoS attack on Federal Administration: various Federal Administration websites and applications unavailable (The Federal Council of the Swiss Government) Learn more about your ad choices. Visit megaphone.fm/adchoices
13/06/2329m 31s

Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.

Attacks against unpatched versions of Visual Studio and win32k continue. Progress Software patches two MOVEit vulnerabilities. The Cyber Anarchy Squad claims to have taken down a Russian telecommunications provider's infrastructure. RomCom resumes its activity in the Russian interest. Deepen Desai of Zscaler describes Nevada ransomware. Our guest is Clarke Rodgers from Amazon Web services with insights on what CISOs say to each other when no one else is listening?. And the Mt. Gox hacking indictment has been unsealed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/112 Selected reading. Online muggers make serious moves on unpatched Microsoft bugs (The Register) Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC) (Numen) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) MDE Affected by Global Data Breach (Minnesota Department of Education) Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat (The 74) Ofcom statement on MOVEit cyber attack (Ofcom) Ukrainian hackers take down service provider for Russian banks (BleepingComputer) Pro-Ukraine hackers claim to take down Russian internet provider (The Record) Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC (Security Affairs) RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine (BlackBerry) Mt. Gox's Hackers Are 2 Russian Nationals, U.S. DOJ Alleges in Indictment (CoinDesk) Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e (The Record) Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices
12/06/2328m 7s

Nadir Izrael: Play to your strengths. [CTO] [Career Notes]

Nadir Izrael, co-founder and CTO from Armis, sits down to share his story. Nadir started his love of cyber when he became a software developer at the age of 12. He always had a passion for making things work better and asking questions. Once he joined the 8200 unit in Israel, he was able to focus his interests on physics, which led him to making the discovery of wanting to start his own business. After he started building his company is when he learned to take smart and innovative risks at work and making it a way of life. Nadir shares advice, saying "Playing to your strengths, maximizes the odds of success and every other consideration lowers them inevitably, or at least, uh, um, kind of shrinks, I guess the, the probability space for success." He thinks playing to ones strengths is the best a leader can do to create the most success for their team. We thank Nadir for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/06/239m 42s

A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]

Our guest, Allen West from Akamai's SIRT team, joins Dave to discuss their research on "The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile." Akamai found this new botnet was targeting the gaming industry, modeled after Qbot, Mirai, and other malware strains. The botnet has expanded to encompass hundreds of compromised devices. The research states "through reverse engineering and patching the malware binary, our analysis determined the botnet's attack potential at approximately 629.28 Gbps with its UDP flood attacks." Akamai researchers do a deep dive into the motives behind the attacks, the effectiveness of the attack, and how the law has been handling similar cases. The research can be found here: The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile Learn more about your ad choices. Visit megaphone.fm/adchoices
10/06/2319m 28s

“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.

Barracuda Networks urges replacement of their gear. Fractureiser infects Minecraft mods. ChatGPT sees a court date over hallucinations and defamation. Asylum Ambuscade engages in both crime and espionage. The US delivers Ukraine Starlink connectivity. DDoS attacks hit the Swiss parliament's website. My conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Our guest is Delilah Schwartz from Cybersixgill discussing how the Dark Web is evolving with new technologies like ChatGPT. And BEC crooks see their day in court. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/111 Selected reading. Barracuda Email Security Gateway Appliance (ESG) Vulnerability (Barracuda) CVE-2023-2868 (MITRE) ACT government falls victim to Barracuda’s ESG vulnerability (CSO Online) CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances (Rapid7) CVE-2023-2868 Detail (National Institute of Standards and Technology) Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware (Bitdefender) New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux (BleepingComputer) IN THE SUPERIOR COURT OF FULTON COUNTY (Superior Court of Fulton County) OpenAI Hit With First Defamation Suit Over ChatGPT Hallucination (Bloomberg Law) Learn more about your ad choices. Visit megaphone.fm/adchoices
09/06/2330m 10s

CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com) No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/06/232m 41s

ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.

ChatGPT takes an unexpectedly human turn in having its own version of hallucinations. Updates on Cl0p’s ransom note, background, and recent promises. Researchers look at Instagram’s role in promoting CSAM. A look at KillNet's reboot. Andrea Little Limbago from Interos shares insight on cyber’s human element. Our guest is Aleksandr Yampolskiy from SecurityScorecard on how CISOs can effectively communicate cyber risk to their board. And a hacktivist auxiliary’s stellar advice for protecting your data. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/110 Selected reading. Can you trust ChatGPT’s package recommendations? (Vulcan) Ransomware group Clop issues extortion notice to ‘hundreds’ of victims (The Record) MOVEit cyber attack: Cl0p sparks speculation that it’s lost control of hack (ITpro) Responding to the Critical MOVEit Transfer Vulnerability (CVE-2023-34362) (Kroll) MOVEit Transfer Critical Vulnerability (May 2023) (Progress) Cybergang behind N.S. breach says it erased stolen data, but experts urge caution (CBC Canada) Most SMBs admit to paying ransomware demands - here's why (TechRadar) Instagram Connects Vast Pedophile Network (Wall Street Journal) Addressing the distribution of illicit sexual content by minors online (Stanford University) Rebooting Killnet, a New World Order and the End of the Tesla Botnet (Radware) Learn more about your ad choices. Visit megaphone.fm/adchoices
08/06/2328m 11s

PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.

A new PowerShell remote access tool targets a US defense contractor. Current Russian cyber operations against Ukraine are honing in on espionage. CISA and its partners have released a Joint Guide to Securing Remote Access Software. A bug has been reported in Visual Studio’s UI. Awais Rashid from University of Bristol discussing Privacy in health apps. Our guest is Jim Lippie of SaaS Alerts with insights on software as a service Application Security. And are there disconnects between cybersecurity and the legal profession? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/109 Selected reading. PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry (Adlumin) UAC-0099: cyberespionage against state organizations and media representatives of Ukraine (CERT-UA#6710) (CERT-UA) Guide to Securing Remote Access Software (Joint Guide) Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers (Varonis) Press Release | ILTA and Conversant Group Release First Cybersecurity Benchmarking Survey of the Legal Industry (International Legal Technology Association) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/06/2326m 14s

Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.

The Cl0p gang claims responsibility for the MOVEit file transfer vulnerability. Verizon’s DBIR is out. Palo Alto Networks takes a snapshot of last year’s threat trends. A new criminal campaign targets Android users wishing to install modified apps. A smishing campaign is expanding into the Middle East. Cisco observes compromised vendor and contractor accounts as an access point for network penetration. Cyclops ransomware acts as a dual threat. Anonymous Sudan demands $1 million to stop attacks on Microsoft platforms. Ben Yelin explains a groundbreaking decision on border searches. Our guest is Matt Caulfield of Oort with insights on identity security. And a deepfaked martial law announcement airs on Russian provincial radio stations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/108 Selected reading. Clop ransomware claims responsibility for MOVEit extortion attacks (BleepingComputer) CVE-2023-34362 Detail (National Institute of Standards and Technology) Microsoft links Clop ransomware gang to MOVEit data-theft attacks (BleepingComputer) BA, BBC and Boots hit by cyber security breach with contact and bank details exposed (Sky News) 2023 Data Breach Investigations Report (Verizon) 2023 Unit 42 Network Threat Trends Research Report (Unit 42) Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology (Bitdefender) Chinese-speaking phishing ring behind latest fake fee scam targeting Middle East; another campaign exposed (Group-IB) Adversaries increasingly using vendor and contractor accounts to infiltrate networks (Cisco Talos) Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat (Uptycs) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Microsoft's Outlook.com is down again on mobile, web (BleepingComputer) Kremlin: fake Putin address broadcast on Russian radio stations after 'hack' (Reuters) Deep fake video of Putin declaring martial law is broadcast in parts of Russia (Semafor) Peskov called "Putin's emergency appeal" shown on some TV networks as a hack (TASS) Proceedings of the 2023 U.S.-Ukraine Cyber Dialogue (US Department of State) Learn more about your ad choices. Visit megaphone.fm/adchoices
06/06/2330m 27s

Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.

Anonymous Sudan responds to remarks from the US Secretary of State by targeting Lyft and American hospitals. NSA releases an advisory on North Korean spearphishing campaigns. The US government’s Moonlighter satellite will test cybersecurity in orbit. "Operation Triangulation" offers an occasion for Russia to move closer to IT independence. The SEC drops cases over improper access to Adjudication Memoranda. Executives and board members are easy targets for threat actors trolling for sensitive information. Rick Howard targets Zero Trust. The FBI’s Deputy Assistant Director for Cyber Cynthia Kaiser shares trends from the IC3 Annual Report. And KillNet seems to say it's disbanding…or is it? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/107 Selected reading. U.S. Measures in Response to the Crisis in Sudan (US Department of State) U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence (US National Security Agency) North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media (Joint Cybersecurity Advisory) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency) CVE-2023-34362 Detail (National Institute of Standards and Technology) Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (Mandiant) SpaceX launch sends upgraded solar arrays to International Space Station (Spaceflight Now) Moonlighter Fact Sheet (The Aerospace Corporation) Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space (The Register) Russia wants 2 million phones with home-grown Aurora OS for use by officials (The Record) Russia accuses U.S. of hacking thousands of iPhones (Axios) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Operation Triangulation: Mysterious attack on iPhones (ComputerBild) Killnet hacktivists say they’re disbanding (Cybernews) Second Commission Statement Relating to Certain Administrative Adjudications (US Securities and Exchange Commission) Ponemon: Understanding the Serious Risks to Executives’ Personal Cybersecurity & Digital Lives (BlackCloak) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/06/2325m 27s

Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]

Galit Lubetzky Sharon, Co-Founder and CTO of Wing Security sits down to share her story and how years in the business lead her to be where she is now. Galit shares her insights from her experiences co-founding her company and bringing it out of stealth mode in early 2022, including why she saw the need for Wing Security and what lessons she learned in the process of founding and launching the company. She started her career as a Colonel in the 8200 Unit gives her a unique perspective on the cyber industry. Galit also shares what she does when things get stressful to help calm her down in the moment and help her clear her head. She says "I think it's very important to do things that you love. It should be something that you come and you bring yourself and your passion and, uh, finding yourself the occupation, the chores, the, the tasks that you love to do brings the, the best out of you." We thank Galit for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/06/239m 17s

Lancefly screams bloody Merdoor.

Brigid O Gorman from Symantec joins Dave to discuss their research, “Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors." Researchers discovered in 2020 that Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, educations, and telecoms organizations in South and Southeast Asia. The research states "The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted." These targets, though observed in some activity in 2020 and 2021, started in 2022 and have continued into 2023. The research can be found here: Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors Learn more about your ad choices. Visit megaphone.fm/adchoices
03/06/2316m 36s

Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.

MOVEit Transfer software sees exploitation. A website skimmer has been employed against targets in the Americas and Europe. A look into XeGroup's recent criminal activity. Apple denies the FSB’s allegations of collusion with NSA. Kaspersky investigates compromised devices. Johannes Ullrich from SANS describes phony YouTube "live streams". Our guest is Sherry Huang from William and Flora Hewlett Foundation to discuss their grants funding cyber policy studies. And the US Department of Defense provides Starlink services to Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/106 Selected reading. MOVEit Transfer Critical Vulnerability (May 2023) (Progress Software) Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability (Rapid7) New MOVEit Transfer zero-day mass-exploited in data theft attacks (BleepingComputer) Hackers use flaw in popular file transfer tool to steal data, researchers say (Reuters) New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others (Akamai) Not your average Joe: An analysis of the XeGroup’s attack techniques (Menlo Security) Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin (The Hacker News) Apple denies surveillance claims made by Russia's FSB (Reuters) FSB uncovers US intelligence operation via malware on Apple mobile phones (TASS) Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own (WIRED) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Lithuania becomes first to designate Russia as terrorist state (CSCE) Pentagon confirms SpaceX deal for Ukraine Starlink services (C4ISRNET) Learn more about your ad choices. Visit megaphone.fm/adchoices
02/06/2330m 16s

Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.

A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a “significant forensic discrepancy” in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/105 Selected reading. Supply Chain Risk from Gigabyte App Center backdoor (Eclypsium) Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox) Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB) Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop) Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal) Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga) 2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (Reddit) An In-Depth Look at Cuba Ransomware (Avertium) Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (The Record) Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters) Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (The New York Times Learn more about your ad choices. Visit megaphone.fm/adchoices
01/06/2326m 15s

Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.

SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites see abuse by malicious actors. A look into identity security trends. People may be overconfident in their ability to detect deepfakes. Deepen Desai from Zscaler describes a campaign targeting Facebook users. CW Walker from Spycloud outlines identity exposure in the Fortune 1000. And a blurring of the lines between criminal, hacktivist, and strategic motivations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/104 Selected reading. SeroXen RAT for sale (AT&T Cybersecurity) Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users (The Hacker News) DogeRAT: The Android Malware Campaign Targeting Users Across Multiple Industries (CloudSek) Ghost Sites: Stealing Data From Deactivated Salesforce Communities (Varonis) 2023 Trends in Securing Digital Identities (Identity Defined Security Alliance) Jumio 2023 Online Identity Consumer Study (Jumio) Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals (Trend Micro) Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware (The Hacker News) Learn more about your ad choices. Visit megaphone.fm/adchoices
31/05/2326m 16s

Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.

New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from Russia's war, while the EU draws lessons from Ukraine's performance against Russia. Joe Carrigan explains Mandiant research on URL obfuscation. Mr. Security Answer Person John Pescatore plays security whack-a-mole. And NoName disrupts a British airport. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/103 Selected reading. Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices (Unit 42) US officials believe Chinese hackers may still have access to key US computer networks (CNN) Chinese state-sponsored hackers infiltrated U.S. naval infrastructure, secretary of the Navy says (CNBC) US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise (SC Magazine) Senegalese government websites hit with cyber attack (Reuters) DOD Transmits 2023 Cyber Strategy (US Department of Defense) Fact Sheet: 2023 DOD Cyber Strategy (US Department of Defense) Lessons from the war in Ukraine for the future of EU defence (European Union External Action) Investigation Launched After London City Airport Website Hacked (Simple Flying) Maryland high school listed on Zillow for $42K in ‘creative’ senior prank (New York Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
30/05/2324m 33s

Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]

Stacy Dunn, a Senior Solutions Engineer from the SANS Institute sits down and shares what it is like to work through her own adversity to get to be where she is today. Stacy shares some of her experiences as a woman with ADHD working in an IT career and explains her tips for other neurodiverse people in the field. After working in a wide array of positions in different fields, she wanted to go back to school to get her degree in management information systems and information assurance. Eventually she started working her way up the ladder, and became a very successful woman in the IT world. She shares her struggles with ADHD as she was making the climb and says "It's both a superpower and kryptonite because I think something that is a fundamental misunderstanding of most people, and maybe even some people that do have ADHD, is that it's not just the aspect of not being able to focus, it's also an aspect of focusing too much." We thank Stacy for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/05/239m 47s

8 GoAnywhere MFT breaches and counting. [Research Saturday]

This week, our guests are Emily Austin and Himaja Motheram from Censys and their sharing their research - "Months after first GoAnywhere MFT zero-day attacks, Censys still sees about 180 public admin panels." In early February 2023, Censys researchers discovered a zero-day RCE vulnerability in Fortra’s “GoAnywhere MFT” (Managed File Transfer) software. After finding this the Clop ransomware gang claimed that they exploited this vulnerability to breach the data of 130 organizations and Censys found other ransomware groups were jumping on the bandwagon. They said " A single vulnerable instance has the potential to serve as a gateway to a data breach that could potentially impact millions of individuals." The research can be found here: Months after first GoAnywhere MFT zero-day attacks, Censys still sees ~180 public admin panels Learn more about your ad choices. Visit megaphone.fm/adchoices
27/05/2317m 43s

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.

CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/102 Selected reading. COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)  China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC) Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado) Legion Malware Upgraded to Target SSH Servers and AWS Credentials (Hacker News) CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
26/05/2326m 57s

Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.

China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications of ChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/101 Selected reading. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point) Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (The Record) Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz) Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky Security) Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor) Buhti: New Ransomware Operation Relies on Repurposed Payloads (Symantec) Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII (SentinelOne) The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile (Akamai) Fresh Phish: ChatGPT Impersonation Fuels a Clever Phishing Scam (INKY) Learn more about your ad choices. Visit megaphone.fm/adchoices
25/05/2332m 43s

CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]

Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon.  AA23-144A Alert, Technical Details, and Mitigations Active Directory and domain controller hardening: Best Practices for Securing Active Directory | Microsoft Learn CISA regional cyber threats: China Cyber Threat Overview and Advisories Microsoft Threat Intelligence blog: Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/05/232m 43s

Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.

Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia Inquirer. CERT-UA identifies a probable Russian cyberespionage campaign. Ireland views cyber assistance to Ukraine as a contribution to collective security. Ann Johnson from Afternoon Cyber Tea speaks with Tyrance Billingsley about Black Tech. Our guest is Oz Alashe from CybSafe on raising VC money amidst a down economy. And KillNet's underperforming hacktivists. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/100 Selected reading. Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit (SentinelOne) North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (The Hacker News) Meet the GoldenJackal APT group. Don’t expect any howls (Kaspersky) Follina — a Microsoft Office code execution vulnerability (DoublePulsar) YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner (FortiGuard Labs) Arms maker Rheinmetall confirms BlackBasta ransomware attack (Bleeping Computer) Inquirer and forensics team investigating computer disruptions to publishing (Philadelphia Inquirer) Cuba ransomware claims cyberattack on Philadelphia Inquirer (Bleeping Computer) Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549) (CERT-UA) Ukraine Identifies Central Asian Cyberespionage Campaign (BankInfoSecurity) Ireland’s cyber security agency has been providing ‘non-lethal aid’ to Ukraine (Irish Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
24/05/2326m 8s

BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.

AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/99 Selected reading. Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET) Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET) BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro) Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso) Uncle Sam strangles criminals' cashflow by reining in money mules (The Register) German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post) Israel Torpedoed Morocco Spyware Deal - and NSO Competitor QuaDream Shut Down (Haaretz) He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
23/05/2329m 32s

Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.

The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944 uses SIM swapping to gain access to Azure admin accounts. A Turla retrospective. Rick Howard tackles workforce development. Our guest is Andrew Peterson of Fastly to discuss the intricate challenges of secure software development. And the FBI was found overstepping its surveillance authorities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/98 Selected reading. Meta Fined $1.3 Billion Over Data Transfers to U.S. (Wall Street Journal) Meta fined record $1.3 billion and ordered to stop sending European user data to US (AP News) Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks (The Hacker News) Researchers tie FIN7 cybercrime family to Clop ransomware (The Record) Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware (Security Affairs) PyPI new user and new project registrations temporarily suspended. (Python) PyPI repository restored after temporarily suspending new activity (Computing) RATs found hiding in the NPM attic (ReversingLabs) Legitimate looking npm packages found hosting TurkoRat infostealer (CSO Online) SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack (Mandiant) Mozilla Explains: SIM swapping (Mozilla) The Underground History of Russia’s Most Ingenious Hacker Group (WIRED) Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service (US Department of Justice) Hunting Russian Intelligence “Snake” Malware (CISA) FBI misused intelligence database in 278,000 searches, court says (Reuters) FBI misused controversial surveillance tool to investigate Jan. 6 protesters (The Record) FBI broke rules in scouring foreign intelligence on Jan. 6 riot, racial justice protests, court says (AP News) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/05/2327m 5s

Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/05/2339m 52s

Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't ready to retire quite yet because she loved the industry so much, saying "I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother." She shares words of wisdom for all trying to get into the industry, saying that you need to always take the risk like she did when she first started her career. We thank Dawn for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/05/2310m 2s

Dangerous vulnerabilities in H.264 decoders. [Research Saturday]

Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking at the marvel that is modern video encoding standards such as H.264 for vulnerabilities and ultimately hidden security risks. The research states "We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files." Using H26FORCE, they were able to uncover insecurities in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS and video accelerator and application processor kernel memory bugs in Android devices. The research can be found here: The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders Learn more about your ad choices. Visit megaphone.fm/adchoices
20/05/2324m 19s

Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.

Section 230 survives SCOTUS. Lemon Group's pre-infected devices. The IRS is sending cyber attachés to four countries in a new pilot program. A Wisconsin man is charged with stealing DraftKings credentials. Russian hacktivists conduct DDoS attacks against Polish news outlets. An update on RedStinger. Grayson Milbourne from OpenText Cybersecurity discusses IoT and the price we pay for convenience. Our guest is Matthew Keeley with info on an open source domain spoofing tool, Spoofy. And war principles and hacktivist auxiliaries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/97 Selected reading. “Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives (Just Security) A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks (Wired) CloudWizard APT: the bad magic story goes on (SecureList) Ukraine at D+441: Skirmishing along the line of contact, and in cyberspace. (The CyberWire) Russian dissident gets three years in prison colony for DDoS attacks on military website (Cybernews) Europe: The DDoS battlefield (Help Net Security) Russian hackers hit Polish news sites in DDoS attack (Cybernews) 18-year-old charged with hacking 60,000 DraftKings betting accounts (Bleeping Computer) Garrison Complaint (Department of Justice) IRS-CI deploys 4 cyber attachés to locations abroad to combat cybercrime (IRS) IRS deploys cyber attachés to fight cybercrime abroad (The Hill) Cybercrime gang pre-infects millions of Android devices with malware (Bleeping Computer) This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide (The Hacker News) Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices (Trend Micro) Learn more about your ad choices. Visit megaphone.fm/adchoices
19/05/2327m 50s

BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.

Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against Ukraine. Executive digital protection. Deepen Desai of Zscaler explains security risks in OneNote. Our guest is Ajay Bhatia of Veritas Technologies with advice for onboarding new employees. And news organizations as attractive targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/96 Selected reading. Leveraging Dropbox to Soar Into Inbox (Avanan) MalasLocker ransomware targets Zimbra servers, demands charity donation (Bleeping Computer) Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprises (Business Wire) APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution (PR Newswire) Evolving Cyber Operations and Capabilities (CSIS) Following the long-running Russian aggression against Ukraine. (The CyberWire) Executive Digital Protection whitepaper (Agency) The Philadelphia Inquirer’s operations continue to be disrupted by a cyber incident (The Philadelphia Inquirer) Cyberattack at the Philadelphia Inquirer. (The CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
18/05/2325m 57s

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]

FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov, a whole-of-government approach with one central location for U.S. ransomware resources and alerts. cyber.gov.au for the Australian Government’s central location to report cyber incidents, including ransomware, and to see advice and alerts. The site also provides ransomware advisories for businesses and organizations to help mitigate cyber threats. CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide for guidance on mitigating and responding to a ransomware attack No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/05/232m 52s

A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.

Cyber agencies warn of BianLian ransomware. There’s a new gang using leaked Baduk-based ransomware. Chinese government-linked threat actors target TP-link routers with custom malware. ChatGPT-themed fleeceware is showing up in online stores. Ukraine is now a member of NATO's Cyber Centre. Tim Starks from the Washington Post shares insights on section 702 renewal. Our guest is Ismael Valenzuela from BlackBerry sharing the findings from their Global Threat Intelligence Report. And the CIA's offer to Russian officials may have had some takers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/95 Selected reading. #StopRansomware: BianLian Ransomware Group (Cybersecurity and Infrastructure Security Agency CISA)  Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code (Cisco Talos Blog)  The Dragon Who Sold His Camaro: Analyzing Custom Router Implant (Check Point Research) Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Sophos Reports (GlobeNewswire News Room)  Ukraine joins NATO Cyber Centre (Computing)  Russian Officials Unnerved by Ukraine Bloodshed Are Contacting CIA, Agency Says (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices
17/05/2328m 22s

What is data centric security and why should anyone care? [CyberWire-X]

In today’s world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldn’t there be a standard way to protect sensitive data regardless of where it resides or who it’s been shared with? It’s called “data-centric” security and it’s fundamentally different from “perimeter-centric” security models. Practicing it at scale requires a standard way to extend the value of “upstream” data governance (discovery, classification, tagging) into “downstream” collaborative workflows like email, file sharing, and SaaS apps. In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner explore modern approaches for applying and enforcing policy and access controls to sensitive data which inevitably leaves your possession but still deserves just as much security as the data that you possess internally. Rick and Dave are joined by guests Bill Newhouse, Cybersecurity Engineer at National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), and Dana Morris, Senior Vice President for Product and Engineering of our episode sponsor Virtru.  Learn more about your ad choices. Visit megaphone.fm/adchoices
17/05/2333m 26s

DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.

DDoS "carpet bombing." Lancefly infests Asian targets. Cyber insurance trends. Infostealers in the C2C market. A Russian espionage service is masquerading as a criminal gang. KillNet’s running a psyop radio station of questionable quality. Joe Carrigan describes baiting fraudsters with fake crypto. Our guest is Gemma Moore of Cyberis talking about how red teaming can upskill detection and response teams. And geopolitical DDoS. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/94 Selected reading. 2023 DDoS Threat Intelligence Report (Corero) Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors (Symantec) 2023 Cyber Claims Report (Coalition) The Growing Threat from Infostealers (Secureworks) Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say (TechCrunch) DDoS Attacks Targeting NATO Members Increasing (Netscout) Following the long-running Russian aggression against Ukraine. (The CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
16/05/2326m 5s

Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.

Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/93 Selected reading. Discord discloses data breach after support agent got hacked (Bleeping Computer) Discord suffered a data after third-party support agent was hacked (Security Affairs) Multinational tech firm ABB hit by Black Basta ransomware attack (Bleeping Computer) Breaking: ABB confirms cyberattack; work underway to restore operations (ET CISO) Black Basta conducts ransomware attack against Swiss technology company ABB (The CyberWire) They dox Chinese hackers. Now, they’re back. (Washington Post) What’s Cracking at the Kerui Cracking Academy? (Intrusion Truth) Posing as Islamists, Russian Hackers Take Aim at Sweden (Bloomberg) Anonymous Sudan: Threat Intelligence Report (TrueSec) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Russian ‘Red Stealer’ cyberattacks target breakaway territories in Ukraine (Cybernews) Russia Cyber Threat Overview and Advisories (CISA) Known Exploited Vulnerabilities Catalog (CISA) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) CISA warns of critical Ruckus bug used to infect Wi-Fi access points (Bleeping Computer) Security Bulletins (Ruckus) ROK union leaders charged with spying for North Korea in ‘movie-like’ scheme (NK News) Learn more about your ad choices. Visit megaphone.fm/adchoices
15/05/2332m 14s

Steve Benton: Mixing like a DJ. [VP] [Career Notes]

Steve Benton, Vice President at Anomali Threat Research & GM Belfast, sits down to share his story as a cybersecurity expert with a surplus of strategic leadership experience across cyber and physical security rooted in substantial operational directorship and accountability. Steve shares his beginnings, where he wanted to grow up to be a rockstar, slowly moving into the world of tech with his first ever computer and falling in love with it. After graduating from Queens University with a degree in information technology, he joined British Telecommunications or BT, where he got to put his new found skills to use. Steve mentions how his job is kind of like being a DJ almost and says " a typical day for me is looking at the intelligence that we're bringing in, mixing it as it were to think of a slight, like DJs with a set of headphones on creating the right kind of mixes of intelligence for our clients." We thank Steve for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/05/239m 26s

Running away from operation Tainted Love. [Research Saturday]

Aleksandar Milenkoski and Juan Andres Guerrero-Saade from SentinelOne's SentinelLabs join Dave to discuss their research "Operation Tainted Love | Chinese APTs Target Telcos in New Attacks." Researchers found initial phases of attacks against telecommunication providers in the Middle East in Q1 in 2023. The research states "We assess that this activity represents an evolution of tooling associated with Operation Soft Cell." While the exact grouping is unclear, researchers think it is highly likely that the threat actor is a Chinese cyberespionage group in the nexus of Gallium and APT41. The research can be found here: Operation Tainted Love | Chinese APTs Target Telcos in New Attacks Learn more about your ad choices. Visit megaphone.fm/adchoices
13/05/2322m 48s

CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.

FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, software applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without credentials.  AA23-131A Alert, Technical Details, and Mitigations PaperCut: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) Huntress: Critical Vulnerabilities in PaperCut Print Management Software No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/05/232m 36s

Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.

Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible networks and coordination of strategic cyber risks. Our cyberwire producer Liz Irvin speaks with Crystle-Day Villanueva, Learning and Development Specialist for Lumu Technologies. And KillNet’s short-lived venture, with a dash of regret. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/92 Selected reading. Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (Bleeping Computer) Ransomware actors adopt leaked Babuk code to hit Linux systems (Decipher) Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers (SentinelOne) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG (CISA) CVE-2023-27350 Detail (NIST) Proofpoint Emerging Threats Rules (Proofpoint) 2023 Imperva Bad Bot Report (Imperva) New phishing-as-a-service tool “Greatness” already seen in the wild (Cisco Talos) Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
12/05/2327m 30s

Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.

A Ransomware report highlights targeting and classification. Phishing remains a major threat. Cisco addresses an expired certificate issue. LockBit and Medusa hit school districts with ransomware. US and Canadian cyber units wrap up a hunt-forward mission in Latvia. Ben Yelin on NYPD surveillance. Our CyberWire producer Liz Irvin interviews Damien Lewke, a graduate student at MIT. And an unknown threat actor is collecting against both Russia and Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/91 Selected reading. GRIT Ransomware Report: April 2023 (GuidePoint Security) DNSFilter State of Internet Security - Q1 2023 (DNSFilter) Identify vEdge Certificate Expired on May 9th 2023 (Cisco) The State of Ransomware Attacks in Education 2023: Trends and Solutions (Veriti) US Cyber Command 'Hunts Forward' in Latvia (Voice of America) US cyber team unearths malware during ‘hunt-forward’ mission in Latvia (C4ISRNET) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Bad magic: new APT found in the area of Russo-Ukrainian conflict (Kaspersky) Learn more about your ad choices. Visit megaphone.fm/adchoices
11/05/2324m 44s

CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or FSB, for long-term intelligence collection on sensitive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/05/233m 19s

Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.

The Five Eyes disrupt Russia’s FSB Snake cyberespionage infrastructure. Shifting gears: from DDoS to cryptojacking. Trends in ransomware. Our guest is Steve Benton from Anomali with insights on potential industry headwinds. Ann Johnson from Afternoon Cyber Tea speaks with Roland Cloutier about risk and resilience in the modern era. And yesterday’s Patch Tuesday is now in the books, including a work-around for a patch from this past March. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/90 Selected reading. Patch Tuesday notes. (The CyberWire) U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide (US National Security Agency) Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory) RapperBot DDoS Botnet Expands into Cryptojacking (Fortinet) The State of Ransomware 2023 (Sophos) From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API (Akamai) Windows MSHTML Platform Security Feature Bypass Vulnerability (Microsoft) Learn more about your ad choices. Visit megaphone.fm/adchoices
10/05/2327m 54s

State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.

An analysis of Royal ransomware. PaperCut vulnerability detection methods can be bypassed. Man-in-the-middle phishing attacks are on the rise. A new wave of BEC attacks from an unexpected source. Thomas Etheridge from CrowdStrike, has the latest threat landscape trends. Our guest is Dan Amiga of Island with insights on the enterprise browser category. And a look into recent Russian cyberattacks against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/89 Selected reading. Threat Assessment: Royal Ransomware (Unit 42) PaperCut Exploitation - A Different Path to Code Execution (VulnCheck) New PaperCut RCE exploit created that bypasses existing detections (Bleeping Computer) Man-in-the-Middle (MitM) attacks reaching inboxes increase 35% since 2022 (Cofense) Exploring the Rise of Israel-Based BEC Attacks (Abnormal Security) Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda) Reverting UAC-0006: Mass distribution of SmokeLoader using the "accounts" theme (CERT-UA#6613) (CERT-UA) Learn more about your ad choices. Visit megaphone.fm/adchoices
09/05/2325m 54s

Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.

ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments in Texas and California.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/88 Selected reading. ALPHV gang claims ransomware attack on Constellation Software (BleepingComputer)  Constellation Software hit by cyber attack, some personal information stolen (IT World Canada)  Press Release of Constellation Software Inc. (GlobeNewswire News Room) Meet Akira — A new ransomware operation targeting the enterprise (BleepingComputer) New Cactus ransomware encrypts itself to evade antivirus (BleepingComputer)  Pro-Russian Hackers Claim Downing of French Senate Website (SecurityWeek) Dallas cyberattack highlights ransomware’s risks to public safety, health (Washington Post)  Hacked: Dallas Ransomware Attack Disrupts City Services (Dallas Observer)  City of Dallas Continues Battling Ransomware Attack for Third Day (NBC 5 Dallas-Fort Worth)  San Bernardino County pays hackers $1.1 million ransom after cyber attack (Victorville Daily Press)  San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff's Department systems (ABC7 Los Angeles) Atomic Data devastated by the unexpected death of CEO and co-owner Jim Wolford (Atomic Data) Learn more about your ad choices. Visit megaphone.fm/adchoices
08/05/2326m 53s

Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]

Shelley Ma, Incident Response Lead at Coalition sits down to share her story, starting all the way back when she was a kid and fell in love with playing the game "NeoPets" that ended up paving the way for her future in cybersecurity. After starting this journey, she shares how she became intrigued with crime and mystery shows, which ultimately spawned an interest in forensic science. She ended up signing up for an internship program that she was able to get into, which she says was a pivotal change for her that provided her the chance to begin her career. She shares the advice that if anyone is looking to get into this career, she highly recommends looking into the career before beginning. Following some advise given to her by a professor and mentor, she says that telling the truth helps her deal with adversity in the workplace. Shelley says "In our industry, there are so many opportunities for our opinions and testimonies to be coerced and swayed. I refuse to do that and every time I come back to what my professor said, if you don't want to spend the rest of your life looking over your shoulders, just simply tell the truth." We thank Shelley for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/05/239m 58s

Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]

Ryan Robinson from Intezer to discuss his team's work on "Phishing Campaign Targets Chinese Nuclear Energy Industry." The research team discovered activity targeting the nuclear energy industry in China. Researchers attributed the activity to Bitter APT, a South Asian APT that is known to target the energy, manufacturing and government sectors, mainly in Pakistan, China, Bangladesh, and Saudi Arabia. The article states "We identified seven emails pretending to be from the Embassy of Kyrgyzstan, being sent to recipients in the nuclear energy industry in China. In some emails, people and entities in academia are also targeted, also related to nuclear energy." By luring recipients in, invites them to join conferences on subjects that are relevant to them, they are then able to social engineer the victims. The research can be found here: Phishing Campaign Targets Chinese Nuclear Energy Industry Learn more about your ad choices. Visit megaphone.fm/adchoices
06/05/2320m 55s

DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.

Kimsuki has a new reconnaissance tool. The Biden administration shares plans for AI. Reports on the ransomware taskforce report. KillNet recommits to turning a profit. Deepen Desai from Zscaler has the latest stats on Phishing. Our guest is Karen Worstell from VMware with a conversation about inclusivity. And the former CSO at Uber is sentenced. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/87 Selected reading. Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign (SentinelOne) Ransomware Task Force Gaining Ground - May 2023 Progress Report (Ransomware Task Force) Influential task force takes stock of progress against ransomware (Washington Post) For Money and Attention: Killnet Apparently Reorganizes Again (Flashpoint) Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up (Security Week) Former Uber security chief Sullivan avoids prison in data breach case (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/05/2337m 24s

Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.

An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Department’s Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat Intelligence. And there’s been an indictment and a takedown in a major dark web carder case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/86 Selected reading. Attack on Security Titans: Earth Longzhi Returns With New Tricks (Trend Micro) APT groups muddying the waters for MSPs (ESET) Russian hackers use WinRAR to wipe Ukraine state agency’s data (BleepingComputer) WinRAR as a "cyberweapon". Destructive cyberattack UAC-0165 (probably Sandworm) on the public sector of Ukraine using RoarBat (CERT-UA#6550) (CERT-UA)  The malware threat landscape: NodeStealer, DuckTail, and more (Engineering at Meta)  Facebook disrupts new NodeStealer information-stealing malware (BleepingComputer) NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials (Decipher) City of Dallas likely targeted in ransomware attack, city official says (Dallas News)  Cybercriminal Network Fueling the Global Stolen Credit Card Trade is Dismantled (US Department of Justice) Secret Service, State Department Offer Up To $10 Million Dollar Reward For Information On Wanted International Fugitive (US Secret Service) Police dismantles Try2Check credit card verifier used by dark web markets (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices
04/05/2330m 48s

Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.

Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse and repeat: Iran accelerates its cyber influence operations worldwide (Microsoft On the Issues) ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence)  Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (Bloomberg)  Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310% (Cofense) Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (Barracuda) Zelensky says White House told him nothing about Discord intelligence leaks (Washington Post) Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (Ukrinform) Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says (Wall Street Journal) Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim (Fierce Pharma) Learn more about your ad choices. Visit megaphone.fm/adchoices
03/05/2333m 15s

From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)

LOBSHOT is a cryptowallet stealer abusing Google Ads. Coronation phishbait. A known CCTV vulnerability is currently being exploited. T-Mobile discloses another, smaller data breach. New Magecart exploits. Preliminary lessons from cyber operations during Russia's war. Rob Boyce from Accenture shares insights from RSA Conference. Our special guest is NSA Director of Cybersecurity Rob Joyce. And Europol announces a major dark web market takedown. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/84 Selected reading. New LOBSHOT malware gives hackers hidden VNC access to Windows devices (BleepingComputer) New 'Lobshot' hVNC Malware Used by Russian Cybercriminals (SecurityWeek) Elastic Security Labs discovers the LOBSHOT malware (Elastic Blog) Researchers see surge in scam websites linked to coronation (Computer Weekly)  TBK DVR Authentication Bypass Attack (FortiGuard)  T-Mobile discloses second data breach since the start of 2023 (BleepingComputer)  T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (Ars Technica)  T-Mobile Announces Another Data Breach (CNET) Magecart threat actor rolls out convincing modal forms (Malwarebytes) Cyber lessons from Ukraine: Prepare for prolonged conflict, not a knockout blow (Breaking Defense) 288 dark web vendors arrested in major marketplace seizure (Europol) Learn more about your ad choices. Visit megaphone.fm/adchoices
02/05/2331m 15s

FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.

The FDA warns of a vulnerability affecting biomedical devices. Ransomware's effects continue to trouble the US Marshals Service. The US Justice Department shifts how it deals with large scale cybercrime. Fresh phish from the GRU. Caleb Barlow looks at unicorns and zombiecorns. Our guest Manoj Sharma from Symantec explains the differences between Zero Trust and SASE. And KillNet runs an ask-me-anything session. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/83 Selected reading. Illumina cyber vulnerability may present risks for patient results (U.S. Food and Drug Administration) CISA, FDA warn of new Illumina DNA device vulnerability (Record Key law enforcement computers still down 10 weeks after breach (Washington Post) Feds Prioritizing Disruptions Over Arrests in Cyberattack Cases (PCMAG)  "Ashamed" LockBit ransomware gang apologises to hacked school, offers free decryption tool (Hot for Security)  APT28 cyberattack: distribution of emails with "instructions" on "updating the operating system" (CERT-UA#6562) (CERT-UA) Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (BleepingComputer)  Ukraine at D+431: Drone strikes and phishing expeditions. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
01/05/2334m 31s

Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]

Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and host of the 8th Layer Insights podcast, sits down to share his story trying different paths, before ultimately switching over to the cyber industry. After trying to go down the paths of music and law and finding neither were what he wanted to do, he decided to take an internship to get more into computer programming. That led him to getting his first job. After his first job, he moved onto other big name companies like Walmart, Alltel, and Gartner, and landing finally with KnowBe4. He compares his work to working with music, when he initially wanted to begin making music early in his career. He says "I think for me, when it was the kind of the connection between music and computing is that whenever you're kind of joining things together or at a, a musical scale to make chords, or whenever you're adding different, um, instruments and octaves together or timbers together to get some kind of bigger result." We thank Perry for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/04/2310m 37s

HinataBot focuses on DDoS attack. [Research Saturday]

This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering HinataBot: A Deep Dive into a Go-Based Threat." The team discovered a new Go-based, DDoS-focused botnet. They found it was named after the popular anime show "Naruto," they are calling it "HinataBot" In the research it says "HinataBot was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators." Akamai was able to get a deep look into the malware works by using a combination of reverse engineering the malware and imitating the command and control (C2) server. The research can be found here: Uncovering HinataBot: A Deep Dive into a Go-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices
29/04/2327m 26s

What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?

Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/82 Selected reading. Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (The Hacker News) Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (BleepingComputer) ​ New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month (SecurityWeek)  “Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… (Guardio) Request for Comment on Secure Software Self-Attestation Common Form (CISA) OMB, CISA set to release common form for software self-attestation (FCW) Pro-Russian hacktivism isn’t real, top Ukrainian cyber official says (CyberScoop) Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop)  Learn more about your ad choices. Visit megaphone.fm/adchoices
28/04/2328m 53s

Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)

Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsoft’s Ann Johnson stops by with her take on the RSA conference. And bots want new kicks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/81 Selected reading. Continuing our work to hold cybercriminal ecosystems accountable (Google) Google Disrupts Massive CryptBot Malware Operation (Decipher) Google disrupts malware that steals sensitive data from Chrome users (TechCrunch)  FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability (SecurityWeek) RTM Locker Ransomware as a Service (RaaS) Now on Linux (Uptycs)  Evasive Panda APT group delivers malware via updates for popular Chinese software (WeLiveSecurity)  NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities (CyberScoop)  Ukraine at D+427: Russian cyberattacks and disinformation before Ukraine's spring offensive. (CyberWire) Releasing leak suspect a national security risk, feds say (AP NEWS) Pentagon leak suspect may still have access to classified info, court filings allege (the Guardian)  Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q1 2023 (Netacea) Learn more about your ad choices. Visit megaphone.fm/adchoices
27/04/2328m 36s

BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.

BellaCiao is malware from Iran's IRGC, while PingPull is malware used by the Chinese government affiliated Tarus Group. Ransomware continues to be a pervasive international threat. An overview of hacktivism. Our guest is CyberMindz founder Peter Coroneos, discussing the importance of mental health in cybersecurity. Johannes Ullrich shares insights from his RSAC panel discussions. And Ukraine continues to collect evidence of Russian war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/80 Selected reading. Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware (Bitdefender Blog) Chinese Alloy Taurus Updates PingPull Malware (Unit 42) Abuse of the Service Location Protocol May Lead to DoS Attacks (Cybersecurity and Infrastructure Security Agency CISA) #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations (Infosecurity Magazine) Hacktivism Unveiled, April 2023 Insights into the footprints of hacktivists (Radware) FBI aiding Ukraine in collection of digital and physical war crime evidence (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices
26/04/2329m 13s

BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.

BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. Our guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/79 Selected reading. BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay)  Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative) Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post)  U.S. deploys more cyber forces abroad to help fight hackers (Reuters) DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com)  US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record)  North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia)  Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury) Learn more about your ad choices. Visit megaphone.fm/adchoices
25/04/2331m 24s

Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/78 Selected reading. 3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine) That 3CX supply chain attack keeps getting worse (Register) Energy sector orgs in US, Europe hit by same supply chain attack as 3CX (Record)  Even more victims found in complex 3CX supply chain attack (CybersecurityConnect)  X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs)  URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut) PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise (Horizon3.ai)  Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (The Hacker News)  CISA KEV Breakdown | April 21, 2023 (Nucleus Security) CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug (The Hacker News)  CISA adds printer bug, Chrome zero-day and ChatGPT issue to exploited vulnerabilities catalog (Record) Bumblebee Malware Distributed Via Trojanized Installer Downloads (Secureworks). Google ads push BumbleBee malware used by ransomware gangs (BleepingComputer)  Bumblebee malware infects victims via fake Zoom, Cisco and ChatGPT software installers (Record)  Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (BleepingComputer)  Analyzing DNS Traffic for Anomalous Domains and Threat Detection (Infoblox Blog)  Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known (New York Times)  FBI leak investigators home in on members of private Discord server (Washington Post) From Discord to 4chan: The Improbable Journey of a US Intelligence Leak (bellingcat)  Europe’s Planes Keep Flying Despite Cyberattack (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices
24/04/2327m 8s

Maria Varmazis: Combining cyber and space. [Space] [Career Notes]

Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where she learned about cybersecurity. Now she discusses cyber and space in her new podcast, combining her two passions into one for all to understand. Maria discusses some of the setbacks she overcame in this industry and shares the wise advice of "I would never pretend that failure isn't painful, but it is an incredible teaching tool. So if you feel like you've had a huge career fail or a really big misstep, you can still pivot from that and you can make that into something." We thank Maria for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/04/239m 1s

Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.

T-Minus Deep Space Guest Scott Stalker, Command Senior Enlisted Leader at US Space Command, shares how the combatant command is adapting to new challenges in the digital era of space operations, new operational concepts, and building the force to deter aggression. You can follow US Space Command on LinkedIn and Twitter, and you can follow MGySgt Scott Stalker on LinkedIn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space, and you’ll never miss a beat. Audience Survey We want to hear from you! Please complete our wicked fast 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders in the industry. Here’s a link to our media kit. Contact us at space@n2k.com to request more info about sponsoring T-Minus. Want to join us for an interview? Please send your interview pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal, and our editor will get back to you for scheduling. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/04/2322m 38s

Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]

Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai have been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies. The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or Telegram." These scams have helped add to the existing damages that exceed $1 billion caused by crypto fraud. The research can be found here: Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful Learn more about your ad choices. Visit megaphone.fm/adchoices
22/04/2319m 22s

Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.

Daggerfly APT targets an African telecommunications provider. EvilExtractor is an alleged teaching tool apparently gone bad. A Chinese speaking threat group is active against Taiwan and South Korea. Europe’s air traffic control is under attack. Cecilia Marinier from RSAC and Barmak Meftah, a judge of ISB, discuss the RSA innovation sandbox. Awais Rashid from University of Bristol on the cybersecurity of smart farming. Forget about those evil maids. What about these evil sys admins?  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/77 Selected reading. Daggerfly: APT Actor Targets Telecoms Company in Africa (Symantec) EvilExtractor – All-in-One Stealer (Fortinet Blog) Chinese-language threat group targeted a dozen South Korean institutions (Record)  Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan (Recorded Future)  WSJ News Exclusive | Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal)  Intelligence Leaks Cast Spotlight on a Recurring Insider Threat: Tech Support (Wall Street Journal) Russia’s invasion of Ukraine is also being fought in cyberspace (Atlantic Council)  CFP European Cybersecurity Seminar 2023-2024 (European Cyber Conflict Research Initiative) #CYBERUK23: Russian Cyber Offensive Exhibits ‘Unprecedented’ Speed and Agility (Infosecurity Magazine) Learn more about your ad choices. Visit megaphone.fm/adchoices
21/04/2330m 17s

Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.

The 3CX compromise involved a two-stage supply-chain attack. Impersonating ChatGPT. Russia's security organs say they're cracking down on leaks. Updates on the Discord Papers case. Belarus arrests a pro-Russian hacktivist. Rob Boyce from Accenture Security on Dark Web cyber criminals targeting CRM systems. Our guest is Mike Loewy from the Tide Foundation, with an innovative approach to distributed key security. And, is Minsk going wobbly on Moscow? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/76 Selected reading. 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (Mandiant) ChatGPT-Themed Scam Attacks Are on the Rise (Palo Alto Networks Unit 42) Russian Offensive Campaign Assessment, April 19, 2023 (Institute for the Study of War) Belarus-linked hacking group targets Poland with new disinformation campaign (Record) Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) Belarus-linked hacking group targets Poland with new disinformation campaign (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/04/2328m 6s

CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.

The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28’s exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/04/232m 45s

Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”

Play ransomware's new tools. Fancy Bear is out and about. Updates on Sandworm. Ransomware in Russia's war against Ukraine. The US Air Force opens an investigation into the alleged leaker's Air National Guard wing. The Washington Post’s Tim Starks joins us with insights on the Biden administration's attempts to better secure the water supply. Carole Theriault chats with Cisco Talos' Vanja Svacjer about the threat landscape, now and tomorrow. And KillNet’s in the education business with a new hacker course: “Dark School.”  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/75 Selected reading. Play Ransomware Group Using New Custom Data-Gathering Tools (Symantec) NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of Cisco Routers (National Security Agency/Central Security Service) APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers (NCSC) State-sponsored campaigns target global network infrastructure (Cisco Talos Blog)  Ukraine remains Russia’s biggest cyber focus in 2023 (Google) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) M-Trends 2023: Cybersecurity Insights From the Frontlines (Mandiant) Faltering against Ukraine, Russian hackers resort to ransomware: Researchers (Breaking Defense)  Air Force unit in document leaks case loses intel mission (AP NEWS) Pentagon Details Review of Policies for Handling Classified Information (New York Times)  Ukraine at D+419: GRU cyber ops scrutinized. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
19/04/2329m 18s

A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]

Brace yourselves, it’s Space Symposium week! Wet dress rehearsal for Starship. UK launches the International Bilateral Fund. Orbit Fab gets a series A round. Boeing announces their anti-jam payload for WGS. The FAA wants to balance air travel and space travel. Our interview with Steve Luczynski, Board Chair of the Aerospace Village, on their mission, programs, and upcoming activities at the RSA Conference next week. All this and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space, and you’ll never miss a beat. T-Minus Guest Our featured guest is Steve Luczynski, Board Chair of the Aerospace Village, on the Aerospace Village nonprofit, their mission, their programs, and their upcoming activities at the RSA Conference next week. You can follow Steve on LinkedIn and Twitter. Selected Reading SpaceX's launch of Starship could remake space exploration | Washington Post  UK Space Agency funding for international space partnerships | GOV.UK.  SpaceX launches seventh Transporter rideshare mission | SpaceNews Exolaunch’s 21 rideshare smallsats deployed during the SpaceX Transporter-7 mission | SatNews HawkEye 360’s nexgen Cluster 7 smallsats are successfully launched | SatNews    TrustPoint Announces Launch of First Commercially-Funded, Purpose-Built PNT Microsatellite | Business Wire  China claims its Space Station has achieved 100% oxygen regeneration in orbit | Interesting Engineering  Boeing Unveils Anti-Jam Payload For Next Space Force Wideband Global SATCOM Satellite | Via Satellite As counterspace weapons ‘proliferate,’ the new cold war for space races forward: studies | Breaking Defense The Moon is the Best Place to Transport Rocket Fuel | Universe Today  US aviation authorities may delay some space launches to avoid air traffic disruption | Reuters  NASA launches stadium-sized balloon from New Zealand | SpaceConnect   Audience Survey We want to hear from you! Please complete our wicked fast 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders in the industry. Here’s a link to our media kit. Contact us at space@n2k.com to request more info about sponsoring T-Minus. Want to join us for an interview? Please send your interview pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal, and our editor will get back to you for scheduling. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/04/2325m 41s

Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.

An Iranian threat actor exploits N-day vulnerabilities. CSC exposes subdomain hijacking vulnerabilities. More on the Discord Papers. An update on Russia’s NTC Vulkan. Joe Carrigan on the aftermath of a $98M online investment fraud. Our guest is Blake Sobczak from Synack , host of the podcast WE'RE IN! And threat actor nomenclature: a scorecard, and a Periodic Table no more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/74 Selected reading. Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft Security) An Iranian hacking group went on the offensive against U.S. targets, Microsoft says (Washington Post)  New CSC Research Finds One in Five DNS Records are Susceptible to Subdomain Hijacking Due to Insufficient Cyber Hygiene | CSC (CSC) DOD Assessing Document Disclosures and Implementing Mitigation Measures (U.S. Department of Defense) After leak, Pentagon purges some users' access to classified programs, launches security review (Breaking Defense) Why Did a 21-Year-Old Guardsman Have Access to State Secrets? (Vice) U.S. officials have examined whether alleged doc leaker had foreign links (POLITICO)  The Air Force Loves War Gamers Like Alleged Leaker Teixeira (Military.com)  FBI Investigating Ex-Navy Noncommissioned Officer Linked to Pro-Russia Social-Media Account (Wall Street Journal) Pentagon leak suggests Russia honing disinformation drive – report (the Guardian) Dragos Analyzes Russian Programs Threatening Critical Civilian Infrastructure (Dragos)  Microsoft shifts to a new threat actor naming taxonomy (Microsoft) Learn more about your ad choices. Visit megaphone.fm/adchoices
18/04/2328m 27s

Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?

The alleged Discord Papers leaker has been charged. We look at how the Papers spread online. A life lived online as a security risk. US tax season scams, at the 11th filing hour. Caleb Barlow from Cylete on the layoffs in security that many thought would never happen. Maria Varmazis and Brandon Karpf share the launch of the new space podcast, T-Minus. And KillNet says it’s open for business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/73 Selected reading. Inside the furious week-long scramble to hunt down a massive Pentagon leak (CNN Politics)  Massachusetts Air National Guard’s Intelligence Mission in the Spotlight (New York Times)  Leaker of U.S. secret documents worked on military base, friend says (Washington Post)  WSJ News Exclusive | Social-Media Account Overseen by Former Navy Noncommissioned Officer Helped Spread Secrets (Wall Street Journal). A Russian Disinformation Empire in Oak Harbor, Washington (Malcontent News)  Pro-Russia propagandist unmasked as New Jersey tropical fish seller (The Telegraph)  Suspect charged in case involving leaked classified military documents (Washington Post)  Jack Teixeira, suspect in Pentagon leaks, charged under Espionage Act (the Guardian) Leak suspect appears in court as US spells out its case (AP NEWS)  Airman in Pentagon intel leak charged (Military Times)  Airman charged in Pentagon intel leak regretted joining the military (Military Times)  He’s from a military family — and allegedly leaked U.S. secrets (Washington Post) Jack Teixeira's alleged Discord leaks show why the US should stop showering Top Secret clearances on 21-year-old keyboard warriors (Business Insider). The military loved Discord for Gen Z recruiting. Then the leaks began. (Washington Post)  A new kind of leaker: Spilling state secrets to impress online buddies (Washington Post)  Was the Gen-Z Pentagon leaker motivated by social media clout? (the Guardian)  Microsoft president claims Russian intelligence is trying to "penetrate gaming communities" (GamesIndustry.biz) How Gamers Eclipsed Spies as an Intelligence Threat (Foreign Policy) Crafty PDF link is part of another tax-season malware campaign (Record) Tax season scams. (CyberWire) Ukraine at D+414: Discord Papers arrest, cyberespionage, and hacktivist DDoS. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
17/04/2330m 25s

Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]

Jack Chapman, VP of Threat Intelligence at Egress sits down to share his story on how he found his way into the cybersecurity field as well as his journey creating a cybersecurity company that was successfully acquired. Jack previously co-founded anti-phishing company Aquilai and served as its Chief Technology Officer, working closely with the UK’s intelligence and cyber agency GCHQ to develop cutting-edge product capabilities. Aquilai was acquired by Egress in 2021. Now he is working with Egress as what he calls their "chief bad guy," helping to shield his team from threats. He says "I'm probably what you call a servant leader, my mission is to enable and shield my teams from things that will prevent them from succeeding in their missions, whatever that might look like." Jack hopes to be remembered for making a meaningful impact to help drive the field forward. We thank Jack for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/04/2310m 25s

New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]

Scott Fanning, Senior Director of Product Management, Cloud Security at CrowdStrike, sits down to talk about the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. The research defines Dero as "a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly used cryptocurrency in cryptojacking operations." CrowdStrike was the first organization to discover Dero, and has been observing the cryptojacking operation since the beginning of February 2023. The operation focuses mainly on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet. The research can be found here: CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes Learn more about your ad choices. Visit megaphone.fm/adchoices
15/04/2314m 28s

"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.

"Read the Manual" and the ransomware-as-a-service market. Bitter APT may be targeting Asia-Pacific energy companies. A Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Deepen Desai of Zscaler describes job scams following tech layoffs. Our guest is Kelly Shortridge from Fastly with insights on the risks from bots. And there’s been an arrest in the Discord Papers case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/72 Selected reading. Read The Manual Locker: A Private RaaS Provider (Trellix) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) Espionage campaign linked to Russian intelligence services (Baza wiedzy) Russian cyberspies hit NATO and EU organizations with new malware toolset (CSO Online) Pro-Russia hackers say they were behind Hydro-Quebec cyberattack (Montreal CTV News - 04-13-2023) Cyberattack knocks out website and mobile app for Quebec’s hydro utility (Toronto Star) F.B.I. Arrests National Guardsman in Leak of Classified Document (New York Times) DOD Calls Document Leak 'a Criminal Act' (U.S. Department of Defense) Learn more about your ad choices. Visit megaphone.fm/adchoices
14/04/2329m 13s

Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.

Transparent Tribe expands its activity against India's education sector. A Lazarus sub-group is after defense sector targets. The FBI's Denver office warns of potential juicejacking. Legion: a Python-based credential harvester. The source of leaked US intelligence may be closer to identification. Johannes Ullrich from SANS explains upwork scams. Our guest is Charlie "Tuna" Moore of Vanderbilt University on the cyber lessons from Russia’s war on Ukraine. Canada responds to claims of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/71 Selected reading. Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector (SentinelOne) Following the Lazarus group by tracking DeathNote campaign (Securelist) DPRK threat actors target C3X and defense sector at large. (CyberWire) FBI office warns against using public phone charging stations at airports or malls, citing malware risk (CBS News) The FBI warns of juicejacking and other risks of public tech. (CyberWire) Legion: an AWS Credential Harvester and SMTP Hijacker (Cado Security)  The Legion credential harvester. (CyberWire) Leaker of U.S. secret documents worked on military base, friend says (Washington Post) U.S. may change how it monitors the web after missing leaked documents for weeks (NBC News) Cyberattacks on Canada’s gas infrastructure left ‘no physical damage,’ Trudeau says (Global News) Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool (CyberScoop) US Warns Russia Getting Creative in Cyberspace (VOA) APT Winter Vivern Resurfaces (Avertium) Learn more about your ad choices. Visit megaphone.fm/adchoices
13/04/2330m 36s

Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.

Patch Tuesday update. Another commercial surveillance company is outed. Voice security and the challenge of fraud. CISA updates its Zero Trust Maturity Model. Effects of the US intelligence leaks. Our guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, outlines CISA's role in the cybersecurity community. André Keartland of Netsurit makes the case for DevSecOps. Russian cyber auxiliaries believed responsible for disrupting the Canadian PM's website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/70 Selected reading. Patch Tuesday overview. (CyberWire) DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia (Microsoft Threat Intelligence)  Threat Report on the Surveillance-for-Hire Industry (Meta) Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers (The Citizen Lab) Voice Intelligence and Security Report (Pindrop) CISA Releases updated Zero Trust Maturity Model (Cybersecurity and Infrastructure Security Agency) CISA Releases Zero Trust Maturity Model Version 2 (Cybersecurity and Infrastructure Security Agency CISA) A leak of files could be America’s worst intelligence breach in a decade (The Economist) Interagency Effort Assessing Impact of Leaked Documents, Strategizing Way Forward (U.S. Department of Defense) What we know about the Pentagon document leak (Axios) The ongoing scandal over leaked US intel documents, explained (Vox) Pentagon leak threatens Biden's foreign policy doctrine ahead of overseas trip (Axios) Schumer calls for all-senator briefing on leaked Ukraine documents (The Hill) The key countries and revelations from the Pentagon document leak (Washington Post)  Exclusive: Leaked U.S. intel document claims Serbia agreed to arm Ukraine (Reuters)  Up to 50 UK special forces present in Ukraine this year, US leak suggests (the Guardian) Egypt denies leak about supplying Russia with 40,000 rockets (Al Jazeera) DDoS attacks block PM Trudeau’s web site (IT World Canada) Learn more about your ad choices. Visit megaphone.fm/adchoices
12/04/2329m 20s

IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.

Key trends in Identity Access Management. RagnarLocker and critical infrastructure. Cyber criminals capitalize on the AI hype. Updates on the leaked US classified documents, and speculation of whether Russian hackers compromised a Canadian gas pipeline. Ben Yelin describes a multimillion dollar settlement over biometric data. Microsoft’s Ann Johnson from Afternoon Cyber Tea talking about cyber paradigm shifts with Samir Kapuria. And a welcome to GCHQ's new boss. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/69 Selected reading. 4 key trends from the Gartner IAM Summit 2023 (Venture Beat) Threat Actor Spotlight: Ragnarlocker Ransomware (Sygnia) From Chatgpt To Redline Stealer: The Dark Side Of Openai And Google Bard (Veriti) Biden administration doesn't know extent of classified Pentagon document leak (CBS News)  Ukraine ‘alters counter-offensive plans’ after Pentagon leak (The Telegraph)  Ukraine had to change military plans because of US Pentagon leak, source says (CNN)  Leaked Pentagon documents claim that hackers breached a Canadian gas network. Here’s what to know. (Washington Post) Pro-Russia Hackers Say They Breached Canadian Pipeline, but Experts Are Skeptical (Wall Street Journal) Leaked US intel: Russia operatives claimed new ties with UAE (AP NEWS) Egypt secretly planned to supply rockets to Russia, leaked U.S. document says (Washington Post) How the Latest Leaked Documents Are Different From Past Breaches (New York Times) How U.S. friends and foes have responded to leaked Pentagon documents (Washington Post)  Pentagon leaks: US seeks to mend ties after claims Washington spied on key allies (the Guardian) Pentagon Probe Under Way in Leaks Case (Wall Street Journal) Pentagon assessing damage after 'highly classified' US secrets leaked online (Breaking Defense)  The Pentagon’s Purported Classified-Document Leak: The Biggest Takeaways and Questions So Far (Wall Street Journal) The ongoing scandal over leaked US intel documents, explained (Vox) Leaked documents a 'very serious' risk to security: Pentagon (AP NEWS) The Discord servers at the center of a massive US intelligence leak (CyberScoop)  Social-Media Platform Discord Emerges at Center of Classified U.S. Documents Leak (Wall Street Journal) Why Leaked Pentagon Documents Are Still Circulating on Social Media (New York Times) Clues Left Online Might Aid Leak Investigation, Officials Say (New York Times Ukraine at D+411: US leaks remain under investigation. (CyberWire) New Director GCHQ announced (GCHQ) Learn more about your ad choices. Visit megaphone.fm/adchoices
11/04/2328m 7s

A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.

An Iranian APT MERCURY exploits known vulnerabilities. The US investigates apparent leaks of classified information about Russia's war against Ukraine. KillNet claims it has paralyzed NATO websites. More apparent doxing of the GRU. Britta Glade and Monica Koshgarian of RSA Conference talking about content curation. Grayson Milbourne from OpenText Cybersecurity hopes to remove shame from cyber attacks. And, finally, some notes on cloud security trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/68 Selected reading. MERCURY and DEV-1084: Destructive attack on hybrid environment (Microsoft Threat Intelligence) Leaked US battlefield intelligence on Ukraine is fake, says Kyiv (The Telegraph)  Russia Claims Leaked Pentagon Intelligence on Ukraine is U.S. Disinformation (US News and World Report)  Leaked US secret NATO-Ukraine war docs likely altered, say experts (SC Media)  Ukraine’s air defences could soon run out of missiles, apparent Pentagon leak suggests (the Guardian)  Russia nearly shot down British spy plane near Ukraine, leaked document says (Washington Post)  Justice Dept. will investigate leak of classified Pentagon documents (Washington Post)  US investigating whether Ukraine war documents were leaked (Military Times) U.S. Reviewing Online Appearance Of Sensitive Documents Related To Ukraine, Pentagon Says (RadioFreeEurope/RadioLiberty)  WSJ News Exclusive | Pentagon Investigates More Social-Media Posts Purporting to Include Secret U.S. Documents (Wall Street Journal)  New Details on Intelligence Leak Show It Circulated for Weeks Before Raising Alarm (Wall Street Journal)  Intelligence leak exposes U.S. spying on adversaries and allies (Washington Post)  Secret US Documents on Ukraine War Plan Spill Onto Internet: Report (SecurityWeek)  US hit by ‘worst leak of secret documents since Edward Snowden’ (The Telegraph) Ukraine at D+410: Static, sanguinary lines. (CyberWire) Report Finds 90% of IT Professionals Have Experienced a Cybersecurity Breach (Skyhigh Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
10/04/2328m 1s

Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]

Karen Worstell, Senior Cybersecurity Strategist from VMware sits down to share her journey and discusses her experience as a woman in cyber. Starting her career off as a chemist, after graduating with a bachelor's degree in chemistry and a bachelor's degree in molecular biology, she took some time off to be with her family, she came back to a science field that was far more advanced than before she had left. She decided to go in another direction which led her to cyber. She started teaching herself programming and found she was very good at it. Now that she works in cyber, she says "You, you have to know yourself, know what you want, and know where you're, know where you plant your feet. I used to use a phrase a lot that said, uh, don't be afraid to take a stand but know where your feet are planted." We thank Karen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/04/2311m 1s

A dark side to LLMs. [Research Saturday]

Sahar Abdelnabi from CISPA Helmholtz Center for Information Security sits down with Dave to discuss their work on "A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models." There is currently a large advance in the capabilities of Large Language Models or LLMs, as well as being integrated into many systems, including integrated development environments (IDEs) and search engines. The research states, "The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable." This could lead them to be susceptible to targeted adversarial prompting, as well as making them adaptable to even unseen tasks. Researchers demonstrated these said attacks to see if the LLMs needed new techniques for more defense. The research can be found here: More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models Learn more about your ad choices. Visit megaphone.fm/adchoices
08/04/2317m 46s

Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.

Preventing abuse of the Cobalt Strike pentesting tool. US investigates a leak of sensitive documents related to the war in Ukraine. Hacktivist activity continues. Google's advice for boards. Electronic lockpicks for electronic locks. Nexx security devices may have security flaws. Tesla employees reportedly shared images and videos from Teslas in the wild. Matt O'Neill from US Secret Service discussing investment crypto scams. Our guest is James Campbell of Cado Security on the challenges of a cloud transition. And CISA releases seven ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/67 Selected reading. Stopping cybercriminals from abusing security tools (Microsoft On the Issues)  Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands (CyberScoop) Ukraine War Plans Leak Prompts Pentagon Investigation (New York Times) DDoS attacks rise as pro-Russia groups attack Finland, Israel (TechRepublic) Perspectives on Security for the Board (Google Cloud) Thieves Use CAN Injection Hack to Steal Cars (SecurityWeek) How thieves steal cars using vehicle CAN bus (Register)  Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it (Graham Cluley). Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know (Naked Security) Special Report: Tesla workers shared sensitive images recorded by customer cars (Reuters) CISA Releases Seven Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
07/04/2330m 20s

New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.

New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Russia's turn in the Security Council chair immediately becomes an occasion for disinformation. Our guest is Nick Tausek from Swimlane to discuss supply chain attack trends. Tim Starks from the Washington Post has the latest on the DOJ’s attempts to disrupt cyber crime. And, make robo-love, not robo-war: nuisance-level hacktivism in the interest of Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/66 Selected reading. New Phishing Campaign Exploits YouTube Attribution Links, Cloudflare Captcha (Vade Security) Criminal Marketplace Disrupted in International Cyber Operation (U.S. Department of Justice) Takedown of notorious hacker marketplace selling your identity to criminals | Europol (Europol) Notorious criminal marketplace selling victim identities taken down in international operation (National Crime Agency) Check your hack (Politie) Carr Announces Investigation into Suspected Users of Genesis Dark Web Marketplace Following FBI Takedown of Illicit Site (Office of Attorney General of Georgia Chris Carr) U.S., European Police Shut Down Hacker Marketplace, Make 119 Arrests (Wall Street Journal) 120 Arrested as Cybercrime Website Genesis Market Seized by FBI (SecurityWeek)  International cops put the squeeze on Genesis Market users (Register)  FBI obtained detailed database exposing 60,000 users of the cybercrime bazaar Genesis Market (CyberScoop) Genesis Black Market Dismantled, But Experts Warn of Potential Vacuum (Nextgov.com) How we’re protecting users from government-backed attacks from North Korea (Google)  Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks (The Hacker News) ‘Outrageous’: Russia Accused of Spreading Disinformation at U.N. Event (New York Times) Des hackers ont acheté 23.000 euros de sex-toys avec de l’argent russe (20 minutes) Thanks to Ukrainian hackers, war freak orders £20,000 worth drones for Russian soldiers, gets sex toys instead (First Post) Ukrainian hackers exchange Russian fighter’s drone order for dildos (New York Post) ‘It’s bullshit’: Inside the weird, get-rich-quick world of dropshipping (WIRED) Learn more about your ad choices. Visit megaphone.fm/adchoices
06/04/2328m 3s

Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.

Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia’s hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters)  Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world’s largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry’s website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra vulnerability exploited by Russian hackers targeting Nato countries - CISA (Tech Monitor)  CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) NVD - CVE-2022-27926 (National Vulnerability Database) The Interview - Russian cyber weapons 'could do a lot of damage' in the US: Former counterterrorism czar (France 24) Biden cybersecurity chief 'surprised' Russia has not hit US targets amid Ukraine war (Washington Examiner) Ukrainian Cyber War Confirms the Lesson: Cyber Power Requires Soft Power (Council on Foreign Relations) Learn more about your ad choices. Visit megaphone.fm/adchoices
05/04/2325m 24s

Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.

Did "appeasement" embolden Russia's cyber operators? Western Digital discloses a cyberattack. Rilide is a new strain of malware in active use. The Mantis cyberespionage group uses new, robust tools and tactics. The challenges of threat hunting. Joe Carrigan has thoughts on public school systems making cyber security part of the curriculum. Our guest May Mitchell of Open Systems addresses closing the talent gap. And when it comes to criminal enterprise, size matters. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/64 Selected reading. Russia's shadow war: Vulkan files leak show how Putin's regime weaponises cyberspace (The Conversation) Russia's Invasion of Ukraine Heralds New Era of Warfare (VOA) West’s Cyber Appeasement Gave Putin Green Light: James Stavridis (Bloomberg Law) Western Digital Provides Information on Network Security Incident (Business Wire)  Western Digital confirms breach, shuts down systems (Computing) Western Digital discloses network breach, My Cloud service down (BleepingComputer) WD says law enforcement probing breach of internal systems (Register) Western Digital investigating MyCloud data breach affecting Mac desktop drives (Macworld) Users fume after My Cloud network breach locks them out of their data (Ars Technica) Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (Cisco Talos Blog) Mantis: New Tooling Used in Attacks Against Palestinian Targets (Symantec)  Inside the Mind of a Threat Hunter: Team Cymru's Latest Report Sheds Light on Challenges Faced by Cybersecurity Analysts (Accesswire) Wages Dominate Cybercrime Groups' Operating Expenses (PR Newswire) Inside the Halls of a Cybercrime Business (Trend Micro) Size Matters: Unraveling the Structure of Modern Cybercrime Organizations (Trend Micro) Learn more about your ad choices. Visit megaphone.fm/adchoices
04/04/2328m 52s

"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.

"Cylance" the ransomware (with no relation to Cylance, the security company). An update on the 3CX incident. The FSB's arrest of a Wall Street Journal reporter. Simone Petrella from N2K Networks unpacks 2023 cybersecurity training trends. Deepen Desai from Zscaler has the latest on cloud security. And Hacktivists claim to have tricked wives of Russian combat pilots into revealing personal information. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/63 Selected reading. "Cylance" ransomware (no relation to Cylance). (CyberWire Pro) New Cylance Ransomware Targets Linux and Windows, Warn Researchers (HackRead) New Cylance Ransomware strain emerges, experts speculate about its notorious members (IT PRO)  More evidence links 3CX supply-chain attack to North Korean hacking group (Record) 3CX supply chain attack: the unanswered questions (Computing) 3CX Desktop App Compromised (CVE-2023-29059) (Fortinet Blog)  Evan Gershkovich Loved Russia, the Country That Turned on Him (Wall Street Journal) The Ukrainian hoax that revealed the Russian pilots who bombed Mariupol theatre (The Telegraph) Ukrainian Hacktivists Trick Russian Military Wives for Personal Info (HackRead) Learn more about your ad choices. Visit megaphone.fm/adchoices
03/04/2330m 30s

Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]

Alon Jackson, chief executive and Co-founder of Astrix Security, sits down to share his story to rising success. Before being on the vendor side of things, Jackson served in various strategic roles in the Cyber Security Division of the Israeli Military Intel Unit 8200 for more than 8 years, including leading the Cloud Security division and serving as the Head of the Cyber Security R&D Department. His experience in the military inspired him to learn more about the industry and jump to the private sector. Fast forward years later, he co-founded his company to help address security gaps seen in the industry. He mentions how being a start up CEO can be difficult sometimes, and how it may feel as though you're an octopus with all the multitasking that comes with the job. Alon says that one of his main goals as a contributor in this industry is making sure people remember him and his company for years to come, saying he wants to help by " building a company that people kind of know about, remember, and is important in the world." We thank Alon for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/04/238m 31s

Blackfly flies back again. [Research Saturday]

Dick O'Brien from Symantec’s Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property. This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families." The research can be found here:  Blackfly: Espionage Group Targets Materials Technology Learn more about your ad choices. Visit megaphone.fm/adchoices
01/04/2313m 34s

A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.

The Vulkan papers offer a glimpse into Mr. Putin’s cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging stations. Our guest is Steve Benton from Anomali Threat Research, sharing a ‘less is more’ approach to cybersecurity. And AlienFox targets misconfigured servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/62 Selected reading. A Look Inside Putin's Secret Plans for Cyber-Warfare (Spiegel) Secret trove offers rare look into Russian cyberwar ambitions (Washington Post)  7 takeaways from the Vulkan Files investigation (Washington Post) ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics (the Guardian) Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan (Mandiant) 3CX DesktopApp Security Alert - Mandiant Appointed to Investigate (3CX) Information on Attacks Involving 3CX Desktop App (Trend Micro) 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component  (SecurityWeek) There’s a new supply chain attack targeting customers of a phone system with 12 million users (TechCrunch) Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) (Orca Security) Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife (SentinelOne) Learn more about your ad choices. Visit megaphone.fm/adchoices
31/03/2328m 21s

A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.

The 3CXDesktopApp is under exploitation in a supply chain campaign. An open letter asks for a pause in advanced AI development. All your grammar and usage are belong us. Combosquatting might fool even the wary. Defender had flagged Zoom and other safe sites as dangerous. Recognizing the importance of OSINT. Matt O'Neill from US Secret Service discussing his agency’s cybersecurity mission. Our guest is Ping Li from Signifydwith a look at online fraud. And the FSB arrests a US journalist. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/61 Selected reading. 3CX DesktopApp Security Alert (3CX) Supply Chain Attack Against 3CXDesktopApp (CISA) Pause Giant AI Experiments: An Open Letter (Future of Life Institute) In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT (WIRED AI chatbots making it harder to spot phishing emails, say experts (the Guardian) The Most Common Combosquatting Keyword Is “Support” (Akamai) False positives in Microsoft Defender. (CyberWire) Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe (Proofpoint)  ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine (WeLiveSecurity)  Russia Ramping Up Cyberattacks Against Ukraine (VOA)  A new age of spying gives Kyiv the upper hand (The Telegraph)  Russia arrests Wall Street Journal reporter on spying charge (AP NEWS) Russia detains a Wall Street Journal reporter, accusing him of espionage. (New York Times) Learn more about your ad choices. Visit megaphone.fm/adchoices
30/03/2328m 16s

Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.

Traffers and the threat to credentials. A newly discovered WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Ann Johnson from Afternoon Cyber Tea chats with EY principal Adam Malone. Our guest is Toni Buhrke from Mimecast with a look at the State of Email Security. And is piracy patriotic? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/60 Selected reading. Traffers and the growing threat against credentials (Outpost24 blog)  WiFi protocol flaw allows attackers to hijack network traffic (BleepingComputer)  Cross-chain bridge attacks. (CyberWire)  2023 Annual State of Email Security Report (Cofense) From Ukraine to the whole of Europe:cyber conflict reaches a turning point (Thales Group)  Russia Ramps Up Cyberattacks On Ukraine Allies: Analysts (Barron's)  Pro-Russian hackers shift focus from Ukraine to EU countries (Radio Sweden)  Russian hackers attack Slovak governmental websites after country supplies Mig-29s to Ukraine (Ukrainska Pravda) Ukraine's Defense Ministry says Russia is encouraging online piracy (The Jerusalem Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
29/03/2323m 39s

Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.

Twitter gets a subpoena for a source-code leaker’s information. The insider risk to data. Russian hacktivist auxiliaries target the French National Assembly. Recent trends in cyberattacks sustained by Ukraine. Ben Yelin unpacks the White House executive order on spyware. Mr. Security Answer Person John Pescatore ponders the permanence of ransomware. And Cyberespionage and cybercrime in the interest of Pyongyang’s weapons programs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/59 Selected reading. GitHub Suspends Repository Containing Leaked Twitter Source Code (SecurityWeek) Twitter takes down source code leaked online, hunts for downloaders (BleepingComputer) Annual Data Exposure Report 2023 (Code 42) Russian Hackers Target French National Assembly Website (Privacy Affairs) Pro-Russian Hacktivists: A Reaction to a Western Response to a Russian Aggression (Radware Blog) Ukraine at D+397: Cyberespionage and battlespace preparation. (CyberWire) APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations (Mandiant) Learn more about your ad choices. Visit megaphone.fm/adchoices
28/03/2323m 45s

Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.

IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/58 Selected reading. Fork in the Ice: The New Era of IcedID (Proofpoint) Emotet malware distributed as fake W-9 tax forms from the IRS (BleepingComputer) Internet Crime Complaint Center (IC3) | Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors (IC3) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer)  'Bitter' espionage hackers target Chinese nuclear energy orgs (BleepingComputer) UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers (PCMag Middle East) UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data (Record) OpenAI: ChatGPT payment data leak caused by open-source bug (BleepingComputer) OpenAI says a bug leaked sensitive ChatGPT user data (Engadget) March 20 ChatGPT outage: Here’s what happened (OpenAI) How Albania Became a Target for Cyberattacks (Foreign Policy)  Russia’s Rostec allegedly can de-anonymize Telegram users (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices
27/03/2330m 13s

An introduction to the National Cryptologic Museum. [Special Edition]

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/03/2327m 27s

Tanya Janca: Find a community who supports you. [CEO] [Career Notes]

Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she knew she wanted to try something new. She switched from programming to security and after working at Microsoft as a presenter, she eventually found that she wanted to start her own company, saying "at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow." She hopes that with her and her community's help, nobody is left feeling unsafe when it comes to being online. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/03/239m 56s

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices
26/03/2335m 3s

Popunders are not the good kind of ads. [Research Saturday]

On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization (SEO) techniques to maximize their revenues. The Malwarebytes team discovered a few dozen WordPress blogs using the same plugin that mimics human activity by automatically scrolling a page and following links within it, all the while a number of ads were being loaded and refreshed. The blogs would only exhibit this invalid traffic behavior when launched from a specific URL created by this plugin, otherwise they appeared completely legitimate. The research can be found here: WordPress sites backdoored with ad fraud plugin Learn more about your ad choices. Visit megaphone.fm/adchoices
25/03/2324m 37s

Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.

A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate Starlink terminals. Betsy Carmelite from Booz Allen Hamilton on the DoD's zero trust journey. Analysis of the National Cybersecurity strategy from our special guests, Adam Isles, Principal at the Chertoff Group and Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology with the National Security Council. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/57 Selected reading. JCDC Cultivates Pre-Ransomware Notification Capability (Cybersecurity and Infrastructure Security Agency CISA) US cyber officials make urgent push to warn businesses about vulnerabilities to hackers (CNN) Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) New CISA tool detects hacking activity in Microsoft cloud services (BleepingComputer) CISA Releases Six Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) The Microsoft Reply Attack (Avanan) More victims emerge from Fortra GoAnywhere zero-day attacks (Security |  More Clop GoAnywhere attack victims emerge (SC Media)  Mass-Ransomware Attack on GoAnywhere File Transfer Tool Exposes Companies Worldwide (Medium)  City of Toronto confirms data theft, Clop claims responsibility (BleepingComputer)  Canadian movie chain Cineplex among the victims of GoAnywhere MFT hack (Financial Post)  Personal data of Rio Tinto's Aussie staff may have been hacked - memo (Reuters)  Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy (Heimdal Security Blog)  Using Starlink Paints a Target on Ukrainian Troops (Defense One) As CISA chief notes lack of Russian cyberattacks against US, experts focus on enhancing nuclear reactor security (Utility Dive) Using Deception to Learn About Russian Threat Actors (Security Boulevard) Learn more about your ad choices. Visit megaphone.fm/adchoices
24/03/2328m 13s

Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.

DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russia’s war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/56 Selected reading. North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer) Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz) North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign (Record) ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News) The Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler) CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG)  A Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg)  We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant) Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop) The 5×5—Conflict in Ukraine's information environment (Atlantic Council) How the Russia-Ukraine conflict has impacted cyber-warfare (teiss) CommonMagic APT gang attacking organisations in Ukraine (Tech Monitor) Learn more about your ad choices. Visit megaphone.fm/adchoices
23/03/2326m 24s

Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.

Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine. An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/55 Selected reading. ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack (ZenGo) Stopping a $36 Million Vendor Fraud Attack (Abnormal Intelligence)  Bad magic: new APT found in the area of Russo-Ukrainian conflict (Securelist) Unknown actors target orgs in Russia-occupied Ukraine (Register) New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (The Hacker News) Partisan suspects turn on the cyber-magic in Ukraine (Cybernews) Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' (CyberScoop)  CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management | CISA (Cybersecurity and Infrastructure Security Agency CISA)  ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practi (National Security Agency/Central Security Service) Identity and Access Management: Recommended Best Practices for Administrators (NSA and CISA)  CISA Releases Updated Cybersecurity Performance Goals (Cybersecurity and Infrastructure Security Agency CISA)  CISA Releases Eight Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) End of BreachForums could take a bite out of cybercrime (Washington Post) BreachForums says it is closing after suspected law enforcement access to backend (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
22/03/2327m 20s

Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.

Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog)  Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices
21/03/2327m 10s

Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.

Cl0p ransomware hits Hitachi Energy. The US Department of Justice investigates ByteDance in alleged surveillance of journalists. A Hacktivist auxiliary hits Indian healthcare records. Pirated software is used to carry malware. The Effects of cyberattack on Latitude persist. Adam Meyers from CrowdStrike shares findings from the 2023 CrowdStrike Global Threat Report. Rick Howard has the latest preview of CSO Perspectives. And Pompompurin is arrested for an alleged role in BreachForums. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/53 Selected reading. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Hitachi Energy Group hit by cyber-attack, says network operations not compromised (cnbctv18.com)  Justice Department Probes TikTok’s Tracking of U.S. Journalists (Wall Street Journal)  The FBI And DOJ Are Investigating ByteDance’s Use Of TikTok To Spy On Journalists (Forbes) KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks (Azure Network Security Team) Pro-Russia hackers are increasingly targeting hospitals, researchers warns (Record)  Russian hacktivist group targets India’s health ministry (CSO Online) Russian Hacktivist group Phoenix targets India’s Health Ministry Website (Threat Intelligence | CloudSEK)  Ukraine warns that hacked software can be infected with Russian viruses (Kyiv Independent) Russian hackers spread infected software through torrents (SSSCIP) Australia's Latitude takes systems offline, Federal Police investigate cyberattack (Reuters) FBI targets notorious cybercrime market with teen’s arrest (Washington Post)  Dark Web ‘BreachForums’ Operator Charged With Computer Crime (Bloomberg)  Feds arrest alleged BreachForums owner linked to FBI hacks (The Verge)  NY Man Charged as 'Pompompurin,' the Boss of BreachForums (KrebsOnSecurity)  Breach Forums Admin 'Pompompurin' Arrested in New York (Cyber Kendra)  Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York (The Hacker News) Learn more about your ad choices. Visit megaphone.fm/adchoices
20/03/2327m 9s

Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]

Kathleen Smith, CMO from ClearedJobs.Net, sits down to share her story as she remembers having big shoes to fill in her childhood. She strived for greatness at an early age, as her parents told her she would be going to college and would follow strong guidelines to become successful. Kathleen can remember being into the hard sciences when she was in school, which sparked an interest in becoming a biochemist and law student. Eventually she found her passion as a translator, saying that "doing the translator role, I wanted to get into international marketing and I was going on to get my degree on that." She found her way to ClearedJobs.Net and fell in love with it. She had sought to find a workplace that wouldn't burn her out, where she can also be a part of the team. Kathleen found what she was passionate about and made it a reality for herself, and now she just wants young women starting in the field to know the importance of finding something they are passionate about. We thank Kathleen for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/03/239m 40s
-
-
Heart UK
Mute/Un-mute