Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' ne...
May 15, 2022•7 min•Season 2Ep. 100
According to the zero trust philosophy, we all assume that our networks are already compromised and try to design them to limit the damage if it turns out to be so. In this episode of CyberWire-X, we’ve invited subject matter experts, Amanda Fennell, the Chief Information Officer and Chief Security Officer of Relativity, and Galeal Zino, CEO of episode Sponsor NetFoundry, to the Cyberwire Hash Table to discuss all the ways to think about the solution in the modern era: Software Defined Perimeter...
May 15, 2022•32 min•Season 1Ep. 31
Dr. May Wang, Chief Technology Officer at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization" research. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lap...
May 14, 2022•22 min•Season 5Ep. 232
Ukraine holds its first war crimes trial. Are there war crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). Roblox seems to have been used to introduce a backdoor. CISA issues ICS advisories. Darkweb C2C trader sentenced. The last conspirator in the strange case of the eBay newsletter takes a guilty plea. Carole Theriault looks at Google’s new approach to cookies in Europe. Our guest is Mary Writz of ForgeRock on the growing importance of mobile device authentication s...
May 13, 2022•24 min•Season 6Ep. 1578
Killnet hits Italian targets. Access to RuTube is restored. Hacktivism in the hybrid war. Emotet surges. Clearing up the confusion of NPM dependency confusion attacks. Tim Eades from Cyber Mentor Fund on finding the right investors. Our guest is Michael DeBolt of Intel 471 on the growing interest in Biometrics in the criminal underground. And cybercrime and punishment, Florida-man edition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/n...
May 12, 2022•25 min•Season 6Ep. 1577
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationships. This advisory includes security guidance tailored for both MSPs and their customers. AA22-131A Alert, Technical Details, and Mitigations Technica...
May 12, 2022•3 min•Season 1Ep. 15
There’s international consensus on the cyberattack against Viasat. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies are exploited, but to what end? Caleb Barlow examines Russia’s future on the internet. Our guest is Deepen Desai from Zscaler with the latest phishing research. And new advisories from CISA and its partners. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/91 Select...
May 11, 2022•25 min•Season 6Ep. 1576
A quick introductory note on Russia’s hybrid war against Ukraine. Russian television schedules hacked to display anti-war message. Phishing campaign distributes Jester Stealer in Ukraine. European Council formally attributes cyberattack on Viasat to Russia. Costa Rica declares a state of emergency as Conti ransomware cripples government sites. DCRat and the C2C markets. The gang behind REvil does indeed seem to be back. More Joker-infested apps found in Google Play. Guest Nick Adams from Differe...
May 10, 2022•29 min•Season 6Ep. 1575
The US Treasury Department sanctions a cryptocurrency mixer. Rewards for Justice is interested in Conti. US tractor manufacturer AGCO was hit by a ransomware attack. Russian hacktivism hits German targets and threatens the UK. A Russian diplomatic account was apparently hijacked. Tracking Cobalt Strike servers used against Ukraine. Dinah Davis from Arctic Wolf defends against DDOS attacks. Rick Howard looks at Single Sign On. And no apology for you, Mr. Bennett. For links to all of today's stori...
May 09, 2022•25 min•Season 6Ep. 1574
Chief security officer and chief information officer at Relativity, Amanda Fennel shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, no...
May 08, 2022•8 min•Season 2Ep. 99
Tushar Richabadas from Barracuda joins Dave Bittner to discuss their findings detailed in their "Threat Spotlight: Attacks on Log4Shell vulnerabilities." Their research shows the percentage of attackers targeting the vulnerabilities, and shows where the dips and spikes are over the course of the past couple of months. The research has also gathered where the attackers main IP addresses are located, with 83% of them located in the United States. They breakdown what this malware can do and how to ...
May 07, 2022•16 min•Season 5Ep. 231
An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mother’s Day (and stay safe online). For links to all of today's stories check out our CyberWire daily n...
May 06, 2022•20 min•Season 6Ep. 1572
Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. ...
May 05, 2022•23 min•Season 6Ep. 1572
An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle…...
May 04, 2022•28 min•Season 6Ep. 1571
Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations. For links to all of today's stories check out our CyberWire daily news...
May 03, 2022•23 min•Season 6Ep. 1570
Security executives need visibility into their real cyber risk in real time. But with the flood of vulnerability alerts, how can organizations pinpoint impactful security gaps? To meet this challenge, security teams are shifting to an exploit-centric approach to security validation to expose potential threats from ransomware, leaked credentials, phishing, & more. On this episode, of CyberWire-X, we explore how automation can help teams make this shift to prioritize remediation based on bottom li...
May 03, 2022•29 min•Season 1Ep. 30
Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week’s DDoS incident was retaliation for Bucharest’s support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnapping...
May 02, 2022•24 min•Season 6Ep. 1569
The move to cloud has great potential to improve security, but the required process and cultural changes can be daunting. There are a vast number of critical vulnerabilities that make it to production and demand more effective mitigations. Although “shifting security left” should help, organizations are not able to achieve this quickly enough, and “shifting left” does not account for runtime threats. Organizations must strive to improve the prioritization of vulnerabilities to ensure the most da...
May 01, 2022•32 min•Season 1Ep. 29
Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become apart of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has one the industry right now, and he even shares about an experience that led him to path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He say's "there's two pat...
May 01, 2022•8 min•Season 2Ep. 98
Vikram Thakur of Symantec Threat Hunter team joins Dave Bittner to discuss their work on Daxin, a new and the most advanced piece of malware researchers have seen from China-linked actors. Symantec said " There is strong evidence to suggest the malware, Backdoor.Daxin, which allows the attacker to perform various communications and data-gathering operations on the infected computer, has been used as recently as November 2021 by attackers linked to China." They go on to explain how Daxin is used ...
Apr 30, 2022•21 min•Season 5Ep. 230
Russian and Ukrainian operators exchange cyberattacks. Wiper malware: contained, but a potentially resurgent threat. #OpRussia update. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous breach claims. CISA issues two new ICS advisories. Caleb Barlow on cleaning up the digital exhaust of your home. Our guests are Freddy Dezeure and George Webster on reporting cyber risk to boards. A Declaration for the Future of the Internet. For links to all of today's storie...
Apr 29, 2022•25 min•Season 6Ep. 1568
Microsoft summarizes the scale of Russian cyberattacks against Ukraine. Russian cyber capabilities should be neither overestimated nor underestimated. Russia has also come under cyberattack during its hybrid war. Chinese intelligence services are paying close attention to Russian targets. The Five Eyes advise us on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Linda Gray-Martin and Britta Glade from RSA discuss what’s new at RSAC and cybersecurity trends. Marc van Zade...
Apr 28, 2022•23 min•Season 6Ep. 1567
Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, “The Art of Cyberwarfare - An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime.” And the US Department of State has added six Russian GRU ...
Apr 27, 2022•22 min•Season 6Ep. 1566
Heightened cyber tension as Quds Day approaches. Costa Rican electrical utility suffers from Conti ransomware. Emotet’s operators seem to be exploring new possibilities. North Korean cyber operators target journalists who cover the DPRK. A guilty plea in a strange case of corporate-connected cyberstalking. Bel Yelin ponders the potential Twitter takeover. Mr. Security Answer Person John Pescatore addresses questions about vendors. And cybercrime, run like a business. For links to all of today's ...
Apr 26, 2022•27 min•Season 6Ep. 1565
Anonymous counts coup with their #OpRussia campaign. Alternative energy suppliers in Europe sustain cyberattacks. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. Rick Howard hits the history books. Our guest is Paul Giorgi of XM Cyber with a look at multi-cloud hopping. Locked Shields wraps up. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/79 Selected reading. Ukraine's Postal Se...
Apr 25, 2022•22 min•Season 6Ep. 1564
Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another wa...
Apr 24, 2022•8 min•Season 2Ep. 97
John Hammond from Huntress joins Dave Bittner on this episode to discuss malware known as BABYSHARK and how it is swimming out for blood once again. Huntress's research says "This activity aligns with known tradecraft attributed to North Korean threat actors targeting national security think tanks." Huntress also adds that the activity was spotted on February 16th and immediately their ThreatOps team began following the trail of breadcrumbs. They said "This led them to uncover the malware that w...
Apr 23, 2022•36 min•Season 5Ep. 229
A look at Russian malware used against Ukrainian targets. Actual and potential targets harden themselves against Russia cyberattacks. Sanctions and the criminal underworld. Conti’s fortunes. A credential stealer resurfaces in corporate networks. BlackCat ransomware warning. Tomer Bar from SafeBreach discusses MuddyWaters. Dr. Christopher Emdin previews his new book STEM, STEAM, Make, Dream. CISA releases three more ICS security advisories. For links to all of today's stories check out our CyberW...
Apr 22, 2022•29 min•Season 6Ep. 1563
A renewed Five Eyes’ warning about potential Russian cyberattacks. The FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business. Carole Theriault shares insights on bug bounty programs. Our own Rick Howard checks in with Zack Barack from Coralogix on where things stand with XDR. And beware of threats of Facebook account suspension. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newslette...
Apr 21, 2022•21 min•Season 6Ep. 1562
A Shuckworm update. Pegasus spyware found in UK government officials’ phones. CISA issues six ICS security alerts and adds three entries to its Known Exploited Vulnerabilities Catalog. Gangs succeed when criminals run them like a business. Julian Assange moves closer to extradition to the US. Tim Eades from Cyber Mentor Fund on cyber valuations. Our guest is Wes Mullins from deepwatch discussing adversary simulations. And a guilty plea in a high-profile cyberstalking case. For links to all of to...
Apr 20, 2022•25 min•Season 6Ep. 1561
