Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fra...
Oct 03, 2021•7 min•Season 2Ep. 69
Moving to the cloud creates a tremendous opportunity to get security right and reduce the risk of data breach. But most cloud security initiatives get underway after services are deployed in the cloud. It’s frustrating when major breaches resulting from basic mistakes, like S3 buckets left unsecured or secrets exposed. Continually checking for risky configurations and unusual behavior in cloud logs is a requirement, but there is an opportunity to be proactive. What if you could configure your se...
Oct 03, 2021•33 min•Season 1Ep. 20
Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research "You're Doing IoT RNG," that they presented at DefCon 29. There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide. Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use...
Oct 02, 2021•32 min•Season 3Ep. 203
A malware campaign offers bogus protection against Pegasus surveillance. A new APT, ChamelGang, is found active against targets in at least ten countries. A ransomware gang can’t get its decryptor right. A proof-of-concept shows that charges can be made from a non-contact Visa card in an iPhone wallet. David Dufour from Webroot warns of potential perils in cyber insurance. Our guest is Shamla Naidoo from Netskope with advice for cyber innovators .And ransomware may be responsible for a child’s d...
Oct 01, 2021•26 min•Season 5Ep. 1430
GriftHorse will subscribe afflicted Android users to premium services they never knew they’d signed up for (and wouldn’t want if they did). Facebook releases a static analysis tool it uses internally to check apps for security issues. Speculation about what put Group-IB’s CEO in hot water with the Kremlin. A look from NSA about where the major nation-state cyberthreats currently stand. Malek Ben Salem from Accenture has thoughts on quantum security. Our guest is author and Wired editor at large ...
Sep 30, 2021•29 min•Season 5Ep. 1429
Distributed denial-of-service attacks have been making a comeback, and many of them represent criminal extortion attempts. A major British payroll provider is recovering from a cyberattack, but it’s not providing much information on the nature of that attack. Russian authorities arrest the founder of Group-IB on treason charges. Johannes Ullrich from SANS on Out of Band Phishing Using SMS messages. Our UK correspondent Carole Theriault wonders how online trolling is still a thing. And NSA and CI...
Sep 29, 2021•22 min•Season 5Ep. 1428
The triumphant homecoming of Huawei’s CFO. Microsoft describes the FoggyWeb backdoor, a significant cyberespionage tool. Kaspersky looks at the BloodyStealer Trojan and finds it especially risky to gamers. A novel approach to distributed denial-of-service. Apple looks into those iPhone zero-days. Joe Carrigan looks at the latest offerings in passwordless authentication. Our guest is Mathieu Gorge of VigiTrust on how law enforcement and executives can work together to fight cyber threats. And a l...
Sep 28, 2021•26 min•Season 5Ep. 1427
The EU publicly blames Russia for GhostWriter, and counsels Moscow to amend its ways. Finland’s security services warn of foreign cyberespionage and influence threats. Zoombombing at the highest levels in Cambodia. A ransomware operation, “Colossus,” is described. Conti is back, as predicted, and has hit a major European call center. Dinah Davis from Arctic Wolf on cybersecurity learning standards. Our guest is Otavio Freire from SafeGuard Cyber with insights on how to defend against nation-stat...
Sep 27, 2021•25 min•Season 5Ep. 1426
Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity ...
Sep 26, 2021•9 min•Season 2Ep. 68
The commonly held, idealized picture of technology is that tech makes our lives easier, safer, and better in just about every respect. But an unintended consequence of that picture is an unjustified assumption that companies will sell more products if they serve the public interest, and that may not be so. On the consumer side, personal technology investments are often a race to the price bottom, with little attention paid to the security of the products we buy. Vendors may enjoy less scrutiny a...
Sep 26, 2021•41 min•Season 1Ep. 19
Guest Ariel Zelivansky, Senior Manager of Security Research at Palo Alto Networks, joins Dave to discuss Unit 42's work on the first cross-account container takeover in the public cloud. The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected M...
Sep 25, 2021•22 min•Season 3Ep. 202
Someone is phishing for Russian rocketeers. The Port of Houston discloses a cyberattack, which the Port says it deflected before it had operational consequences. Ransomware gangs are up and active, and the US is considering mandatory reporting by victims as a defensive policy. Pegasus spyware is said to have been found in the phones of five French government ministers. Johannes Ullrich from the SANS Technology Institute on Attackers Hunting for Environment Variables. Our guest is Graeme Bunton o...
Sep 24, 2021•25 min•Season 5Ep. 1425
Ransomware hits a second US Midwestern farm co-op. The US House hears from the FBI that Russia seems not to have modified its toleration of privateering gangs (at least yet). A new APT, “FamousSparrow,” is described. REvil seems to have been--surprise!--cheating its criminal affiliates. Josh Ray from Accenture with an update on the Hades Threat Group. Our guest is Tim Eades of vArmour on the urgent need to update cyber strategies in healthcare. CISA issues a new warning, this one on the Conti ra...
Sep 23, 2021•25 min•Season 5Ep. 1424
BlackMatter continues to make a nuisance of itself on a large scale. The US is woofing about taking action against ransomware, and Treasury has sanctioned a rogue cryptocurrency exchange, but some advocate stronger measures. Where did all those Ukrainian cybercriminal chat platforms go? A warning of the “censor mode” in some Chinese manufactured smartphones. Caleb Barlow shares thoughts on CMMC certification. Our guest is Kevin Jones of Virsec with reactions to the White House Cybersecurity Summ...
Sep 22, 2021•28 min•Season 5Ep. 1423
Ransomware hits an Iowa agricultural cooperative, which doesn’t meet, the criminals say, the standard for “critical infrastructure.” US Treasury Department announces steps against ransomware’s economic support system. Did Kaseya get its REvil decryptor from the FBI? Ben Yelin describes a major federal court victory for security researchers. Our guest is Dave Stapleton from CyberGRX on the rise of extortionware. And Europol, along with Spanish and Italian police, take down a Camorra cybercrime ri...
Sep 21, 2021•26 min•Season 5Ep. 1422
Cyber electioneering, in Hungary and Russia, the latter with some international implications. The Mirai botnet is exploiting the OMIGOD vulnerability. A shipping company deals with data extortion. Government websites have been serving up some oddly adult-themed ads. Malek Ben Salem from Accenture has thoughts on quantum security in the automotive industry. Our guest is Padraic O'Reilly of CyberSaint to discuss concerns about the Defense Industrial Base. And no, there’s no such thing as the Elon ...
Sep 20, 2021•27 min•Season 5Ep. 1421
Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times. She's been fortunate to have been able to stand up for others and has had others support her. She ...
Sep 19, 2021•7 min•Season 2Ep. 67
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to re...
Sep 18, 2021•23 min•Season 3Ep. 201
Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas. Politics ain’t beanbag, Russian edition. An indictment emerges from the US investigation into possible misconduct during the 2016 elections. The costs of coin-mining. Josh Ray from Accenture on protecting critical infrastructure. Our guest is Tony Pepper from Egress with a look...
Sep 17, 2021•27 min•Season 5Ep. 1420
For the 20th anniversary of 9/11, Rick Howard, the Cyberwire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 17, 2021•29 min•Season 2Ep. 4441
Denial-of-service at a German election agency, as Federal prosecutors investigate GhostWriter. More nation-states get into election meddling. South Africa works to recover from a ransomware attack against government networks. A cryptojacking botnet moves from Linux to Windows. A ransomware gang threatens to burn your data if you bring in third-party help. Ransomware cyberinsurance claims rise. Rick Howard checks in with Tom Ayres from Lead Up Strategies on Cyber Piracy. Caleb Barlow shares insig...
Sep 16, 2021•27 min•Season 5Ep. 1419
That Russian crackdown on ransomware gangs people thought they were seeing? Hasn’t happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenka’s government in Belarus. Operation Harvest is complicated and long-running. Phishing with a promise of infrastructure funding. The criminal market for bogus vaccine cards. Johannes Ullrich from SANS on dealing with image uploads - vulnerabilities in conversion libraries. Our UK correspondent Carole Theriault o...
Sep 15, 2021•25 min•Season 5Ep. 1418
Citizen Lab finds, and Apple patches, a zero-day used for zero-click installation of Pegasus spyware. A Cobalt Strike beacon has been turned to cyberespionage use against Linux targets. The Russian government could, it seems, take action against cybercrime, but its will-to-enforcement seems to be inconsistent. Ben Yelin from UMD CHHS with more on Apple's CSAM controversy, our guest is Mel Shakir from Dreamit Ventures on selling to CISOs, and their customer sprints. REvil makes nice with grumpy a...
Sep 14, 2021•23 min•Season 5Ep. 1417
The Meris botnet continues to disrupt New Zealand banks, and has turned up elsewhere, too. Mustang Panda compromised Indonesian government networks. North Korean operators are using social media to soften up their prospective targets. Al Qaeda sympathizers marked the twentieth anniversary of 9/11 by calling for--what else?--more 9/11s. Malek Ben Salem from Accenture on deep unlearning, our own Rick Howard is in, talking about the latest episode of CSO Perspectives on adversary playbooks, and REv...
Sep 13, 2021•23 min•Season 5Ep. 1416
Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math. Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathematically intuitive people that he's met are people that also have a creative outlet and a lot of times it's music. Adding a business aspect to his technical work, Joe came to his current positi...
Sep 12, 2021•6 min•Season 2Ep. 66
Guest Jon Hencinski from Expel joins Dave Bittner to discuss his team's recent work on "Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via Drive-By Download Disguised as Google Chrome Update." In July, 2021, Expel's SOC stopped a ransomware attack at a large software and staffing company. The attackers compromised the company’s WordPress CMS and used the SocGholish framework to trigger a drive-by download of a Remote Access Tool (RAT) disguised as a Google Chrome update. In total, four...
Sep 11, 2021•19 min•Season 3Ep. 200
The SEC’s inquiry into the SolarWinds incident may expose other, unrelated data breaches. Researchers identify an IoT botnet, Meris, as responsible for DDoS attacks against a number of banks. German prosecutors have opened an investigation into the GhostWriter campaign. Researchers look at the cozy, implausibly deniable relationship between Russia’s security services and cyber gangs. A money-launderer gets eleven years. David Dufour from Webroot has straight talk about paying the ransom. Our gue...
Sep 10, 2021•27 min•Season 5Ep. 1415
A cyberattack is reported at the UN, with agency data apparently lost to parties and parts unknown. The Bears are quieter, but the privateers are up and at ‘em. DDoS hits Yandex. Cyberespionage using the SideWalk backdoor. TeamTNT is getting tougher to detect. A SWOT analysis of the newly reconstituted AlphaBay contraband market. The Groove Gang is a new age criminal affiliate program. Caleb Barlow describes attackers leveraging US and European infrastructure to hide in plain sight. Our guest is...
Sep 09, 2021•26 min•Season 5Ep. 1414
BladeHawk cyberespionage campaign in progress. Microsoft warns of targeted attacks in progress. Hey--the hoods took a breather over Labor Day, but the straw hats are off now, and they’re back at work. Someone is rummaging in REvil’s unquiet grave. Bulletproof hosting services and the criminal marketplace. Mike Benjamin from Black Lotus Labs on ReverseRAT 2.0. Rick Howard checks in with Philip Reiner from the Ransomware Taskforce. And does a New Urgent Message Require Action? Maybe not. For links...
Sep 08, 2021•24 min•Season 5Ep. 1413
No spectacular flurry of Labor Day ransomware, but Ragnar Locker threatens its victims. Berlin complains to Moscow about GhostWriter. Another Pegasus customer is disclosed. The Taliban is searching for data on potential domestic opponents. France-Visas hacked. Modified apps in circulation. Joe Carrigan unpacks a Covid based phishing scam. Carole Theriault weighs in on the ransomware pay-or-do-not-pay discussion. ProtonMail answers a warrant, Apple delays CSAM screening, and an alleged TrickBot c...
Sep 07, 2021•26 min•Season 5Ep. 1412
