Kaseya has patched the VSA on-premises and SaaS versions affected by REvil ransomware. The US tries some straight talk about privateering with Russia, but with what effect remains to be seen. Russia’s autarkic Internet poses some challenges for international security. Iranian rail and government sites were hit with a cyber incident over the weekend. Ukraine says Russian threat actors defaced its Naval website. Carole Theriault looks at ethics in phishing simulations. Josh Ray from Accenture trac...
Jul 12, 2021•29 min•Season 5Ep. 1372
Cloud attacks have become so widespread that the Department of Homeland Security (DHS) has warned against an increase of nation states, criminal groups and hacktivists targeting cloud-based enterprise resources. APTs such as Pacha Group, Rocke Group and TeamTNT have been rapidly modifying their existing tools to target Linux servers in the cloud. Modifying their existing code to create new malware variants which are easily bypassing traditional security solutions. The solution? In order to detec...
Jul 11, 2021•31 min•Season 1Ep. 15
Senior Threat Analyst and Shift Lead for VMware Taree Reardon shares her journey to becoming leader for women in the cybersecurity field. A big gamer who has always been interested in hacking and forensics, Taree found her passion while learning about cybersecurity. She's dedicated to diversity and inclusion and found her footing on a team made up of 50% women. Taree spends her days tracking and blocking attacks and as a champion for women. Trusting yourself is top on her list of advice. We than...
Jul 11, 2021•6 min•Season 2Ep. 57
Guest Daniel Kats, Senior Principal Research Engineer at NortonLifeLock, joins Dave to discuss his team's work, "Encrypted Chat Apps Doubling as Illegal Marketplaces." Encrypted chat apps are gaining popularity worldwide due to their central premise of not sending user data to tech giants. Some popular examples include WhatsApp, Telegram and Signal. These apps have also been adopted by businesses to securely communicate directly to their users. Additionally, these apps have been instrumental to ...
Jul 10, 2021•21 min•Season 3Ep. 191
Kaseya continues to work through remediation of the VSA vulnerability exploited by REvil, with completion expected Sunday afternoon. And while REvil has made a nuisance of itself, this time they may not have seen a big payday, or at least not yet. The US is still considering its retaliatory and other options in the big ransomware case. China’s MSS is active against targets in Asia. Andrea Little Limbago from Interos looks at Government access to data analysis. Our guest is Leon Gilbert from Unis...
Jul 09, 2021•33 min•Season 5Ep. 1371
Ukrainian government websites may have come under an unspecified cyberattack early this week. Kaseya delays its VSA patch until Sunday, and offers assistance to victims of VSA exploitation by REvil. The US continues to mull its response to Russia over REvil and Cozy Bear. A small electric utility’s business systems go offline after a ransomware attack. Microsoft continues to grapple with PrintNightmare. Caleb Barlow from CynergisTek on the changing Cyber Insurance landscape. Our guest is Kwame Y...
Jul 08, 2021•29 min•Season 5Ep. 1370
Kaseya continues to work on patching its VSA products. The US mulls retaliation for the Kaseya ransomware campaign, as well as for Cozy Bear’s attempt on the Republican National Committee and Fancy Bear’s brute-forcing efforts. (Russia denies any wrongdoing.) Current events phishbait. Microsoft patches PrintNightmare. Joe Carrigan looks at recent updates to Google’s Scorecards tool. Our guest Umesh Sachdev of Uniphore describes his entrepreneurial journey. And the Lazarus Group is back, phishing...
Jul 07, 2021•28 min•Season 5Ep. 1369
Updates on the Kaseya ransomware incident, as REvil strikes again. Concerns about other ransomware attacks against industrial targets rise. Google expels credential-stealing apps from the Play Store. Online gamers draw various threat actors. Carole Theriault examines the elements that could put you in the crosshairs for ransomware. Ben Yelin has an update on the Facebook antitrust case. And the Tokyo Olympic Games will be on alert for cyberattacks. For links to all of today's stories check out o...
Jul 06, 2021•30 min•Season 5Ep. 1368
Senior technical project manager Dwayne Price takes us on his career journey from databases to project management. Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those inte...
Jul 04, 2021•6 min•Season 2Ep. 56
Guest Tom Roter from Minera Labs joins Dave to discuss his team research: "Rigging a Windows Installation." It is common knowledge that pirated software might contain malware, yet millions still put themselves and their devices at risk and download from dubious sources. It is even more surprising to see the popularity of torrented operating system installations, which are ranked at the top of most torrent tracker ranking lists. Today we will prove conventional wisdom right and show off a devious...
Jul 03, 2021•14 min•Season 3Ep. 190
Mitigations for the PrintNightmare vulnerability are suggested. Wizard Spider has a new strain of ransomware in its toolkit. A new RagnarLocker strain is in circulation. NETGEAR patches router firmware. Russia reacts to US and US reports of a GRU brute-forcing campaign: Moscow says it didn’t do it. Kevin Magee from Microsoft shares some of the tools he uses to keep himself and his team up to date. Our guest is Andrew Patel from F-Secure on how to prepare security teams for AI-powered malware. An...
Jul 02, 2021•31 min•Season 5Ep. 1367
US and British authorities warn of a large-scale GRU campaign aimed at brute-forcing its way into European and American organizations. Reports of a major cyberattack on German critical infrastructure appear very much exaggerated. IndigoZebra uses Dropbox in ministry-to-ministry deception aimed at the Afghan government. Currently active ransomware groups are profiled, and REvil is now going after Linux systems in addition to Windows machines. A cyber most-wanted, and priorities in a US Treasury c...
Jul 01, 2021•30 min•Season 5Ep. 1366
A report on threats to industrial control systems is out, and it focuses on ransomware, coinjacking, and legacy malware. EternalBlue remains a problem. The US is preparing a formal attribution in the case of the Microsoft Exchange Server campaign. An international police operation has taken down DoubleVPN, and the authorities seem pretty pleased with their work. Joe Carrigan examines vulnerabilities in systems from Dell. Our guest is Vikram Thakur from Symantec on Multi-Factor Authentication eva...
Jun 30, 2021•29 min•Season 5Ep. 1365
Legitimate tools are abused as commodity initial access payloads. Hades ransomware is circulating in some new sectors. Criminal markets are sharing more features with legitimate markets, including advertising, recruiting, and even funding rounds. Cybercrime uses cryptocurrency, but the key to success may be location more than technology. Ben Yelin describes insurance companies collaborating on cyber breach data collection. Our guest is Michael Osborn from Moody's on a recent rash of cyber attack...
Jun 29, 2021•29 min•Season 5Ep. 1364
The SVR’s Nobelium appears to be back, this time with a less-than-fully successful cyberespionage campaign. The Netfilter driver is assessed as malware. Idle hands seem to make for more attacks against online gaming. Mercedes-Benz USA reports a data exposure incident. CISA starts to keep track of bad practices. The International Institute for Strategic Studies publishes a net assessment of national cyber power. Carole Theriault looks at the security implications of frictionless online commerce. ...
Jun 28, 2021•28 min•Season 5Ep. 1363
There’s truth in the sentiment, “teamwork makes the dream work.” When team members don’t feel included or heard in their environment, they’re not going to do their best work, so it’s up to managers, supervisors, and even global security directors to foster a workplace and culture that doesn’t allow anyone to be silenced. On this episode, Microsoft’s CISO, Bret Arsenault, sits with his friend and peer, Emma Smith, Director of Global Cybersecurity for Vodafone. Throughout the conversation, they di...
Jun 27, 2021•36 min•Season 1Ep. 4
Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in securi...
Jun 27, 2021•8 min•Season 2Ep. 55
Guest Yonatan Striem-Amit joins Dave to talk about Cybereason's research "Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities." The Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange vulnerabilities (CVE-2021-27065 and CVE-2021-26858) in order to penetrate the network and install malware. Yonatan shares his...
Jun 26, 2021•22 min•Season 3Ep. 189
REvil hits a Brazilian medical diagnostics company and a British fashion retailer. A misconfigured cloud database exposes millions of WordPress user records. A new cryptojacker is deploying XMrig to mine Monero. A judgment is issued against a hacker and one of the traders he worked with to trade securities on non-public information. Johannes Ullrich from SANS on server site request forgery and errors in validating IP addresses. Our guest is Tom Patterson from Unisys reacts to the DOJ launching a...
Jun 25, 2021•22 min•Season 5Ep. 1362
The ChaChi Trojan is out, about, and interested in educational institutions. Bogus free subscription cancellations figure in a social engineering campaign designed to get the victims to download BazarLoader. Ursnif is automating fraudulent bank transfers with Cerberus Android malware. The US Senate invites the Department of Defense to think of ransomware as analogous to piracy, and Defense says it’s thinking along those lines. And rest in peace, John McAfee. For links to all of today's stories c...
Jun 24, 2021•26 min•Season 5Ep. 1361
ReverseRat looks like a state-run espionage tool active in South and Central Asia. The US Justice Department seizes thirty-three sites run by media aligned with the Iranian government. Poland offers more clarity on a cyberespionage campaign it attributes to Russia. An intercept and inspection company’s executives are indicted for complicity with torture. NSA opens a Cybersecurity Collaboration Center for industry. Joe Carrigan examines Apple’s push to replace passwords. Our guest is Shehzad Merc...
Jun 23, 2021•28 min•Season 5Ep. 1360
Malicious Google ads for Signal and Telegram are being used to lure the unwary into downloading an info-stealer. LV ransomware looks like repurposed REvil. A study of the US Defense Industrial Base finds that many smaller firms, particularly ones that specialize in research and development, are vulnerable to ransomware attacks. Rick Howard ponders how we categorize state sponsored cybercrime. Our guest is Sudheer Koneru from Zenoti on how data privacy impacts salons and spas. And it’s high noon ...
Jun 22, 2021•21 min•Season 5Ep. 1359
The South Korean nuclear research organization sustained an apparent cyberespionage incident. Norway’s investigation of its 2018 breach of government networks concludes that China’s APT31 was behind it. Poland accuses Russia in a long-running email hacking case. Our guest is Mark Testoni from SAP NS2 on where the Justice Department should focus during its upcoming cyber review. Chris Novak of Verizon on financial vs. espionage breaches. NATO seeks to clarify its policies in cyberspace, including...
Jun 21, 2021•25 min•Season 5Ep. 1358
CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his curre...
Jun 20, 2021•6 min•Season 2Ep. 54
Guests Gage Mele and Yury Polozov join Dave to talk about Anomali's research "Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes." Anomali Threat Research identified malicious samples that align with the Russia-sponsored cyberespionage group Primitive Bear’s (Gamaredon, Winterflounder) tactics, techniques, and procedures (TTPs). Primitive Bear, known primarily to focus on Ukraine, has been very active in 2021. However, the themes of the samples Anomali found, as well as those shared b...
Jun 19, 2021•15 min•Season 3Ep. 188
Phishing, with a bogus hardware wallet as bait. Empty threats from a DarkSide impersonator. Cyber vigilantes may be distributing anti-piracy malware. Data security incidents at a cruise line and a US grocery chain. Malek Ben Salem from Accenture looks at optimizing security scanning. Our guest is Edward Roberts of Imperva on their 2021 Bad Bots Report. And a conviction for a crypter, with sentencing to follow. For links to all of today's stories check out our CyberWire daily news brief: https://...
Jun 18, 2021•29 min•Season 5Ep. 1357
The US-Russian summit took up cyber conflict, cyber privateering, and cyber deterrence, ending with the prospect of further discussions. Ferocious Kitten’s domestic surveillance. Ransomware gangs are using a lot of initial access brokers. The Molerats are back. Troubleshooting a wave of intermittent Internet interruptions. NSA offers advice on securing business communication tools. Ukrainian police arrest six alleged Clop gangsters. Andrea Little Limbago from Interos on bringing the private sect...
Jun 17, 2021•26 min•Season 5Ep. 1356
Southwest flights are back in the air after an IT issue disrupted them yesterday. Paradise ransomware source code has been leaked online. Some networked camera feeds may be accessible to unauthorized viewers. TSA is preparing a second, more prescriptive pipeline cybersecurity directive. The Russo-US summit is underway. Our guest is Jay Paz from Cobalt on bad actors targeting hackers. Joe Carrigan looks at malware hosted on Steam. And the “face of Anonymous” has been extradited from Mexico to the...
Jun 16, 2021•24 min•Season 5Ep. 1355
Microsoft disrupts a major BEC campaign. The scope of cyberespionage undertaken via exploitation of vulnerable Pulse Secure instances seems wider than previously believed. Secureworks offers an account of Hades ransomware, and differs with others on attribution. Final notes during the run-up to tomorrow’s US-Russia summit, where cyber will figure prominently. Helping employees stay secure. Carole Theriault wonders if the internet of things is becoming the internet of everything. Ben Yelin weighs...
Jun 15, 2021•25 min•Season 5Ep. 1354
Volkswagen warns North American customers of a third-party data breach. An “anti-monopoly agenda” advances in the US House Judiciary Committee. Speculation about how the FBI recovered ransom from DarkSide. How EA was hacked. Is Avaddon going out of business? Craig Williams from Cisco Talos explains why they’re calling some cyber criminals “privateers”. Rick Howard shares thoughts on professional development. And a strange case of a gamekeeper turned poacher (allegedly). For links to all of today...
Jun 14, 2021•27 min•Season 5Ep. 1353
