Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-themed phishbait. Ann Johnson from Microsoft shares insights on the trends she’s tracking here at RSA. Johannes Ullrich brings highlights from his RSA conference panel discussion. And Emotet returns, in the company of som...
Jun 09, 2022•28 min•Season 6Ep. 1596
US officials continue to rate the threat of Russian cyberattack as high. Civilians in cyber war. Broadcast interference and propaganda. A Joint CISA/FBI warning of Chinese cyberespionage. What gets a vulnerability into the Known Exploited Vulnerabilities Catalog? Andrea Little Limbago from Interos and Mike Sentonas from Crowdstrike join us with previews of their RSA conference presentations. And, finally, some Jersey-based cyber campaigns (that’s the Bailiwick, not the Garden State). For links t...
Jun 08, 2022•29 min•Season 6Ep. 1595
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised global infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. AA22-158A Alert, Technical Details, and Mitigations Refer to China Cyber Threat and Advisories, Internet Crime Complaint Center...
Jun 08, 2022•4 min•Season 1Ep. 21
DDoS as a weapon in a hybrid war. Resilience in the defense of critical infrastructure. Offensive cyber operations against Russia. LockBit claims to have hit Mandiant, but their claim looks baseless. Rick Howard joins us with thoughts on trends he’s tracking at the RSA conference. Our guest is Dr. Diane Janosek from NSA with insights on personal resilience. Effects of ransomware on businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.c...
Jun 07, 2022•26 min•Season 6Ep. 1594
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches a Confluence critical vulnerability. CISA releases ICS advisory on voting systems. A "State-aligned" phishing campaign tried to exploit Follina. Is Electronic warfare a blunt instrument in the ether? Verizon’s Chris Novak stops by with thoughts on making the most of your trip to the RSA conference. Our guest is Tom Garrison from Intel with a look at hardware security. And a Russia-aligned group says they’re no...
Jun 06, 2022•27 min•Season 6Ep. 1593
For this Cyberwire-X episode, we are talking about the failure of perimeter defense as an architecture where, since the 1990s when it was invented, the plan was to keep everything out. That model never really worked that well since we had to poke holes in the perimeter to allow employees, contractors, and partners to do legitimate business with us. Those same holes could be exploited by the bad guys, too. The question is, what are we doing instead? What is the security architecture, the strategy...
Jun 05, 2022•34 min•Season 1Ep. 32
Executive Vice President at Concentric, Laura Hoffner shares her story about working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura knew since she was in the seventh grade she wanted to work with SEALs and work in intelligence. She set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helpin...
Jun 05, 2022•8 min•Season 2Ep. 103
Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck is a well-known cryptomining botnet, and research suggests attackers are attracted to the monetary gain from the recent boom in cryptocurrency. LemonDuck was caught trying to disguise it's attack against Docker by running an anonymous mining operation by the use of proxy pools. Scott shares how it’s unknown which organizations have been targeted an...
Jun 04, 2022•15 min•Season 5Ep. 235
Moscow wants attention to be paid to its messengers. Western support for Ukraine in cyberspace. US remains on alert for Russian cyberattacks. Iran: anti-government hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A gangland threat to firmware. Johannes Ullrich from SANS on security of browsers caching passwords. Dave Bittner sits down with Perry Carpenter to discuss his new book, "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Hu...
Jun 03, 2022•26 min•Season 6Ep. 1592
Russian government agencies are buying VPNs. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Carole Theriault has the latest on fraudsters imitating law enforcement. Kevin Magee from Microsoft on security incentives by way of insurance. And leak brokers and booters shut down. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefin...
Jun 02, 2022•23 min•Season 6Ep. 1591
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory to provide information about the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a variety of TTPs, creating significant challenges for defense and mitigation. Karakurt victims have not r...
Jun 01, 2022•3 min•Season 1Ep. 19
Costa Rica's healthcare system comes under renewed ransomware attack. Cyber phases of the hybrid war. Charity fraud exploits sympathy for Ukraine. US FBI attributes last year's attack on Boston Children's Hospital to Iran. CISOs surveyed on their challenges (and they're particularly worried about exposure to 3rd-party risk). Robert M. Lee joins us for the launch of the new Control Loop podcast. Josh Ray from Accenture looks at ransomware trends. Razzlekhan and Dutch: a cryptocurrency love song. ...
Jun 01, 2022•24 min•Season 6Ep. 1590
Sanctions, blockades, and their effects on the world economy. Western nations remain on alert for Russian cyber attacks. REvil prosecution has reached a dead end. Microsoft issues mitigations for a recent zero-day. John Pescatore’s Mr. Security Answer Person is back, looking at authentication. Joe Carrigan looks at new browser vulnerabilities. Notes from the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-bri...
May 31, 2022•27 min•Season 6Ep. 1589
Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Mic...
May 29, 2022•8 min•Season 2Ep. 102
Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit high-value targets." Stonefly specializes in mounting highly selective targeted attacks against targets that could yield intelligence to assist strategically important sectors. Symantec found that The attackers breached an engineering firm in February 2022, most likely by exploiting the Log4j vulnerability, Their research describes who these high va...
May 28, 2022•20 min•Season 5Ep. 234
Pro-Russian DDoS attacks. Sanctions and their effect on ransomware. BlackCat wants $5 million from Carinthia. A fraudster pressures Verizon. Spain will tighten judicial review of intelligence services. Johannes Ullrich looks at VSTO Office Files. Our guests are Cecilia Marinier and Niloo Howe with a preview of the RSAC Innovation Sandbox. CISA releases ICS advisories and with its partners issue guidelines for evaluating 5G implementation. For links to all of today's stories check out our CyberWi...
May 27, 2022•23 min•Season 6Ep. 1588
"Pantsdown" in QCT Baseboard Management Controllers. A warning on ChromeLoader. Conti updates. Ransomware’s effect on SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands, again. Kyiv honors Google. Josh Ray from Accenture reminds us it’s military appreciation month. Our guest is Melissa Bischoping of Tanium with lessons learned from the American Dental Association ransomware attack. And a poacher turned gamekeeper? For links to all of today's stories check out our CyberWire daily ne...
May 26, 2022•25 min•Season 6Ep. 1587
More cyberespionage targets Russian networks. Lincoln Project veterans visit Ukraine with advice on conducting an influence campaign against President Putin. A politically motivated DDoS attack hits the Port of London Authority website. Is REvil back and looking into new criminal techniques, or is a recent DDoS campaign the work of impostors? RansomHouse may be operated by frustrated bounty hunters. Kevin Magee from Microsoft sets his security sights toward space. Our guest is Mathieu Gorge of V...
May 25, 2022•26 min•Season 6Ep. 1586
Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware. Origins of the Chaos ransomware operation. The GuLoader campaign uses bogus purchase orders. Security researchers are targeted in a malware campaign. Hyperlocal disinformation. Turla reconnaissance has been detected in Austrian and Estonian networks. Ben Yelin describes a content moderation fight that may be headed to the supreme court. Our guest is Richard Melick from Zimperium to discuss threats to mobile securit...
May 24, 2022•28 min•Season 6Ep. 1585
There’s a new loader identified in wiper campaigns. President Putin complains of sanctions and cyberattacks, and vows to increase Russia's cybersecurity. Coordinated inauthenticity at scale. Killnet crows large over Italian operations. Conti's dissolution doesn't mean its operators' disappearance. Rick Howard looks at software defined perimeters. Dinah Davis from Arctic Wolf on how ransomware groups are upping their game to nation state levels. And happy birthday, US Cyber Command...but we're no...
May 23, 2022•23 min•Season 6Ep. 1584
Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others biases which helps keep Charity grounded i...
May 22, 2022•8 min•Season 2Ep. 101
Yanir Tsarimi from Orca Security, joins Dave to discuss how researchers have discovered a critical Azure Automation service vulnerability called AutoWarp. The security flaw was discovered this past March causing Yanir to leap into action announcing the issue to Microsoft who helped to swiftly resolve the cross-account vulnerability. The research shows how this serious flaw would allow attackers unauthorized access to other customer accounts and potentially full control over resources and data be...
May 21, 2022•18 min•Season 5Ep. 233
Was Conti’s digital insurrection in Costa Rica misdirection? Google assesses a commercial spyware threat “with high confidence.” Continuing expectations of escalation in cyberspace. The limitations of an alliance of convenience. Fronton botnet shows versatility. Russian hacktivists hit Italian targets, again. Lazarus Group undertakes new SolarWinds exploitation. Crypters in the C2C market. CrateDepression supply chain attack. Johannes Ullrich describes an advance fee scam hitting crypto markets....
May 20, 2022•30 min•Season 6Ep. 1583
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly rel...
May 20, 2022•3 min•Season 1Ep. 18
Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare –Truth, Tactics and Strategies”. Robo-calling the Kremlin. For links to all of today's stories check out our CyberWire daily news b...
May 19, 2022•30 min•Season 6Ep. 1582
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata si...
May 19, 2022•3 min•Season 1Ep. 17
Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "international" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her book “Security Metrics, a Beginner's Guide”. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a “reset.” For ...
May 18, 2022•25 min•Season 6Ep. 1581
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks. AA22-137A Alert, ...
May 17, 2022•3 min•Season 1Ep. 16
An assessment of the Russian cyber threat. NATO's Article 5 in cyberspace. Conti's ransomware attack against Costa Rica spreads, in scope and effect. Bluetooth vulnerabilities demonstrated in proof-of-concept. CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Joe Carrigan looks at updates to the FIDO alliance. Rick Howard and Ben Rothke discuss author Andrew Stewart's book "A Vulnerable System: The History of Information Secur...
May 17, 2022•28 min•Season 6Ep. 1580
Users are advised to patch Zyxel firewalls. Battlefield failure and popular morale in Russia’s hybrid war. Nuisance-level hacktivism in the hybrid war. Sweden and Finland move closer to NATO membership; concern over possible Russian cyberattacks rises. Intelligence, disinformation, or wishful thinking? Conti calls for rebellion in Costa Rica. PayOrGrief is just rebranded DoppelPaymer. Anonymous action in Sri Lanka seems indiscriminate and counterproductive. Dinah Davis from Arctic Wolf examines ...
May 16, 2022•24 min•Season 6Ep. 1579
