Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are often used as social engineering schemes by threat actors. MINEBRIDGE buries itself into the vulnerable remote desktop software TeamViewer, enabling the thr...
Apr 17, 2021•17 min•Season 3Ep. 179
The European Union expresses solidarity with the US over the SolarWinds incident. The UK joins the US in attributing the incident to Russia. Russia objects to US sanctions and hints strongly that it intends to retaliate. IBM discloses new cyber threats to the COVID-19 vaccine cold chain. Iran says Natanz is back in business. Kevin Magee from Microsoft looks at the security of startups. Our guest is Brad Ree of ioXt Alliance with results from their Mobile IoT Benchmark report. And data breaches h...
Apr 16, 2021•25 min•Season 5Ep. 1313
The US announces a broad range of retaliatory actions designed to “impose costs” on Russia for its recent actions in cyberspace, prominently including both the SolarWinds supply chain compromise and attempts to influence elections. More reports on the Natanz incident suggest that a buried bomb was remotely detonated. David Dufour from Webroot has a wakeup call on digital privacy. Our guest is Ganesh Pai from Uptycs on Mitre ATT&CK Evaluations. And IcedID is taking Emotet’s place in the criminal ...
Apr 15, 2021•26 min•Season 5Ep. 1312
Updates on Natanz, where the nature of the sabotage remains unclear--it happened, but there are conflicting explanations of how. Electrical utilities on alert for cyberattack, especially after the SolarWinds incident. The US Government takes extraordinary steps to fix the Microsoft Exchange Server compromise. Joe Carrigan analyses effective phishing campaigns. Our guest is the FBI’s Herb Stapleton on their recent IC3 report. And the US Intelligence Community’s Annual Threat Assessment points, in...
Apr 14, 2021•27 min•Season 5Ep. 1311
Updates on the sabotage at Natanz--whether it was cyber or kinetic, Iran has vowed to take its revenge against Israel. NAME:WRECK vulnerabilities affect DNS implementations. Tax season scammers are phishing for credentials. If you liked the investment opportunities those Nigerian princes used to offer, you’re going to love their loaded ATM cards. Ben Yelin looks at data protection and interoperability. Our guest is Jules Martin from Mimecast on the importance of security integration. And in the ...
Apr 13, 2021•25 min•Season 5Ep. 1310
Iran says Israel was responsible for sabotaging the Natanz nuclear facility yesterday, and Tehran promises revenge. Online plotting results in the arrest of a Texas man alleged to have planned an attack on an Amazon Web Services center. Scraped, not hacked, data from LinkedIn and Clubhouse are being hawked online. Andrea Little Limbago from Interos addresses asymmetric power within cyberspace and how that plays out in warfare. Our guest is Giovanni Vigna from VMware on the takedown of the Emotet...
Apr 12, 2021•24 min•Season 5Ep. 1309
Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and l...
Apr 11, 2021•6 min•Season 1Ep. 44
Guests Gage Mele, Winston Marydasan, and Yury Polozov from Anomali join Dave to discuss their research into Static Kitten targeting government agencies in the UAE and Kuwait. Anomali Threat Research uncovered malicious activity very likely attributed to the Iran-nexus cyberespionage group, Static Kitten (Seedworm, MERCURY, Temp.Zagros, POWERSTATS, NTSTATS, MuddyWater), which is known to target numerous sectors primarily located in the Middle East This new campaign, which uses tactics, techniques...
Apr 10, 2021•23 min•Season 3Ep. 178
Lazarus Group has a new backdoor. Bogus Clubhouse app advertised on Facebook. Cryptojacking goes to school. A ransomware cartel is forming, but so far apparently without much profit-sharing. The US Senate is preparing to make strategic competition with China the law of the land. Dinah Davis from Arctic Wolf looks at phony COVID sites. Our guest is Jaclyn Miller from NTT on the importance of mentoring the next generation. And Russia remains displeased with a lot of Twitter’s content. For links to...
Apr 09, 2021•25 min•Season 5Ep. 1308
Cring ransomware afflicts vulnerable Fortigate VPN servers. Distance learning in France stumbles due to sudden high demand, and possibly also because of cyberattacks. Hafnium’s attack on Microsoft Exchange Servers may have been long in preparation, and may have used data obtained in earlier breaches. Commerce Department adds seven Chinese organizations to its Entity List. 5G security standards in the US are said likely to emphasize zero trust. Atlantic Media discloses a breach of employee data. ...
Apr 08, 2021•23 min•Season 5Ep. 1307
Goblin Panda’s upped its game in recent attacks on Vietnamese government targets. The EU is investigating cyberattacks against a number of its organizations. Scraped LinkedIn data is being sold in a hackers’ forum. Facebook talks about the causes of its recent data incident. New Android malware poses as a Netflix app. Joe Carrigan shares comments from the new head of the NCSC. Our guest is Fang Yu from Datavisor with highlights from their Digital Fraud Trends Report. And the Molerats are using v...
Apr 07, 2021•24 min•Season 5Ep. 1306
A watering hole campaign compromised several Ukrainian sites (and one Canadian one). File transfer blues. A couple of looks into the criminal-to-criminal marketplace: establishing a brand and selling malicious document building tools. Ben Yelin has details on a privacy suit against Intel. Our guest is Steve Ginty from RiskIQ on the threat actors behind LogoKit. And notes on the big and apparently old Facebook breach, including why people care about it. For links to all of today's stories check o...
Apr 06, 2021•22 min•Season 5Ep. 1305
An old leaked database has been delivered into the hands of skids. (The news isn’t that the data are out there; it’s that the skids now have it. For free.) CISA and the FBI warn that APTs are scanning for vulnerable Fortinet instances. Cryptojackers pan for alt-coin in GitHub’s infrastructure. Holiday Bear may have looked for network defenders. Threats to water utilities. Johannes Ullrich explains why dynamic data exchange is back. Our guest is Mark Lance from GuidePoint Security tracking parall...
Apr 05, 2021•21 min•Season 5Ep. 1304
Co-founder and Chief Strategy Officer for Corelight Greg Bell describes the twists and turns of his career bringing him back to his childhood joy of computers. Working in a myriad of fields from human rights to Hollywood to writing a history of conspiracy belief before pivoting back to technology. Focusing on the relationships within the open source community, Greg works to change and improve the world through his mission-based organization. For those looking to begin their career in cyber, Greg...
Apr 04, 2021•5 min•Season 1Ep. 43
Guests Fernando Martinez and Tom Hegel from AT&T Alien Labs join Dave to discuss their team's research "Malware using new Ezuri memory loader." Multiple threat actors have recently started using a Go language (Golang) tool to act as a packer and avoid Antivirus detection. Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in...
Apr 03, 2021•19 min•Season 3Ep. 177
Goblin Panda might be out and about. Ubiquiti confirms that an extortion attempt was made, but says the attempted attack on data and source code was unsuccessful. The Accellion compromise claims more university victims. It’s National Supply Chain Integrity Awareness Month in the US. BOLO Mr. Korhsunov. Andrea Little Limbago from Interos on supply chain resilience in a time of tectonic geopolitical shifts. Our guest is Paul Nicholson from A10 Networks on their State of DDoS Weapons report. And so...
Apr 02, 2021•26 min•Season 5Ep. 1303
US Cyber Command and CISA plan to publish an analysis of the malware Holiday Bear used against SolarWinds. The DPRK is again phishing for security researchers. Exchange Server exploitation continues. Stone Panda goes after industrial data in Japan. Human error remains the principal source of cyber risk. A US Executive Order on cyber hygiene and breach disclosure nears the President’s desk. David Dufour from Webroot on the 3 types of hackers and where you’ve seen them recently. Rick Howard checks...
Apr 01, 2021•26 min•Season 5Ep. 1302
Charming Kitten is back, and interested in medical researchers’ credentials. Russian services appear to have been reading some US State Department emails (it’s thought their access was confined to unclassified systems). Risk management practices and questions about the risks of growing too blasé about “management.” Recognizing the approach of an intelligence officer. Volumetric attacks are up. Joe Carrigan examines a sophisticated Microsoft spoof. Our guest is Donna Grindle from Kardon on update...
Mar 31, 2021•24 min•Season 5Ep. 1301
The US Administration continues to prepare its response to Holiday Bear’s romp through the SolarWinds supply chain. Congress is asking for details on what was compromised in the incident, and why the Department of Homeland Security failed to detect the intrusion. The UN offers some recommendations on norms of conduct in cyberspace. Ben Yelin on a New Jersey Supreme Court ruling that phone passcodes are not protected by 5th amendment. Our guest is Frank Kettenstock from FoxIT on the security of P...
Mar 30, 2021•25 min•Season 5Ep. 1300
German politicians’ emails are under attack, and the GRU is the prime suspect. Australia’s Nine Network was knocked off the air by a cyberattack, and a nation-state operation is suspected. PHP takes steps to protect itself from an attempt to insert a backdoor in its source code. Apple fixes browser engine bugs. FatFace pays the ransom. Project Zero caught a Western counterterror operation. Betsy Carmelite from Booz Allen Hamilton on Zero Trust. Our guest is Tal Zamir of Hysolate on CISA's new ra...
Mar 29, 2021•26 min•Season 5Ep. 1299
Vice President of Raytheon's Cyber Offense, Defense Experts Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government c...
Mar 28, 2021•6 min•Season 1Ep. 42
Guest Sergio Caltagirone from Dragos joins us to take us through their 2020 ICS Cybersecurity Year in Review report. Dragos's annual ICS Year in Review provides an overview and analysis of ICS vulnerabilities, global threat activity targeting industrial environments, and industry trends and observations gathered from customer engagements worldwide. The goal of the report is to give asset owners and operators proactive, actionable information and defensive recommendations in order to prepare for ...
Mar 27, 2021•22 min•Season 3Ep. 176
Criminal-on-criminal cyber crime. Ransomware hits European and North American businesses. Big Tech goes (virtually) to Capitol Hill to talk disinformation and Section 230. The head or NSA and US Cyber Command discusses election security and cyber defense with the Senate Armed Services Committee. Russia complains of a US assault on Russia’s “civilizational pillars.” Accenture’s Josh Ray shares his thoughts on securing the supply chain. Our guest is Sergio Caltagirone from Dragos on their 2020 ICS...
Mar 26, 2021•28 min•Season 5Ep. 1298
The FBI warns organizations that Mamba ransomware is out and about in a newly evolved form. Facebook takes down a Chinese cyberespionage operation targeting Uyghurs. Huawei joins the Organization of Islamic Cooperation. Slack thinks it might have made a security and privacy misstep. Caleb Barlow from CynergisTek on Healthcare Interoperability. Our guest is Roei Amit from Deep Instinct on their 2020 Cyber Threat Landscape Report. And a look at fleeceware. For links to all of today's stories check...
Mar 25, 2021•24 min•Season 5Ep. 1297
COVID-themed phishbait has shifted to vaccines. Notes on the ransomware exploiting vulnerable Exchange Servers. Purple Fox gets wormy. Sierra Wireless halts operations to remediate a ransomware incident. Notes on ICS vulnerabilities. More victims of third-party risk. Joe Carrigan looks at SMS security issues. Our guest is Ron Brash from Verve Industrial with takeaways from their 2020 ICS Vulnerabilities report. And what are the cybercriminals thinking? For links to all of today's stories check o...
Mar 24, 2021•25 min•Season 5Ep. 1296
The CyberWire partners with Recorded Future's threat intelligence podcast and our Dave Bittner is the host. It's a weekly show that comes out each Monday afternoon. We thought you might want to check it out and are adding it to our feed today. We hope you like it and consider subscribing in your favorite podcast app. The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run-of-the-mill money scams to...
Mar 24, 2021•17 min
Exchange Server patching is going well, they say, but they also say that patching isn’t enough. Crooks are continuing to look for unpatched instances, and even in the patched systems, you’ve got to check to make sure the bad actors have been found and ejected. AFCEA and Shell both disclose being affected by third-party breaches. Citizen Lab sees no particular problem with TikTok. Ben Yelin ponders possible US response to the Microsoft Exchange Server attacks. Our guest is Alex Gizis from Connect...
Mar 23, 2021•25 min•Season 5Ep. 1295
Indian authorities warn the country’s transportation sector that it may be a target for cyberespionage. Google’s Project Zero describes an elaborate and expensive campaign that exploited zero-day vulnerabilities. The SilverFish threat group is elaborate, well-resourced, and well-organized. Threat actors are quietly altering mailbox permissions. REvil is back. Some say “yes” to Moscow; others say “nyet.” Dinah Davis from Arctic Wolf on Security Metrics. Our guest is Graeme Bunton from the DNS Abu...
Mar 22, 2021•26 min•Season 5Ep. 1294
Chief Security Officer of Microsoft Canada Kevin Magee shares his background as a historian and how it applies to his work in cybersecurity. Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I ...
Mar 21, 2021•6 min•Season 1Ep. 41
Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins us to discuss their research into BendyBear. Highly malleable, highly sophisticated and over 10,000 bytes of machine code. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. The malware is associated with the cyber espionage group BlackTech, which many in the broader threat research community have assessed to have ties to the Chinese government, a...
Mar 20, 2021•16 min•Season 3Ep. 175
