Home router vulnerabilities exploited in the wild. ACSC warns of a spike in LockBit ransomware attacks. The Flytrap Android Trojan is still concealed in malicious apps. An unidentified threat actor has been prospecting SCADA systems in Southeast Asia. Rick Howard checks in with the Hash Table about Backups. Mike Benjamin from Lotus Labs on watering hole attacks. Apple’s new child protection measures attract skepticism from privacy hawks. Wiretaps extended to social media. And using three random ...
Aug 09, 2021•29 min•Season 5Ep. 1392
Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those arou...
Aug 08, 2021•7 min•Season 2Ep. 61
Guest Asheer Malhotra, Threat Researcher of Cisco Talos Intelligence Group, joins Dave to discuss his team's research "InSideCopy: How this APT continues to evolve its arsenal." Cisco Talos has observed an expansion in the activity of SideCopy malware campaigns, targeting entities in India. In the past, the attackers have used malicious LNK files and documents to distribute their staple C#-based RAT. We are calling this malware "CetaRAT." SideCopy also relies heavily on the use of Allakore RAT, ...
Aug 07, 2021•20 min•Season 3Ep. 195
Smishing campaigns are seeking to exploit the unemployed. Initial access brokers seem not to have missed a beat, although some gangs are seeking to bypass them by trolling for rogue insiders. Are criminal enterprises vulnerable on the gig economy front? Criminal affiliates are disgruntled--good. Clearly, healthcare isn’t off the target list. Thomas Etheridge from CrowdStrike on eCrime Extortion. Chris Jacobs from ThreatQuotient joins us with a look back at BlackHat. Anup Gosh from Fidelis Cybers...
Aug 06, 2021•36 min•Season 5Ep. 1391
CISA announces a new public-private cybersecurity initiative. Prometheus TDS and Prophet Spider take their places in the C2C market. The money points to BlackMatter being a rebranded DarkSide. Andrea Little Limbago from Interos on Divergent trends of federal data privacy laws and government surveillance. Tonia Dudley from CoFense checks in from the BlackHat show floor. Our guest is Simon Maple from Snyk with a look at Cloud Native Application Security. And where some see naiveté, others see caut...
Aug 05, 2021•31 min•Season 5Ep. 1390
APT31 casts its net into some waters that aren’t yet phished out. Vulnerabilities in the NicheStack TCP/IP stack are reported. LemonDuck may be outgrowing its beginnings as a cryptojacking botnet. A large marketing database is found exposed. NSA and CISA offer advice on securing Kubernetes clusters. Adam Darrah from ZeroFox checks in from the floor at BlackHat. Our guests are Nic Fillingham and Natalia Godyla from Microsoft’s Security Unlocked podcast. David Dufour from Webroot on the hidden cos...
Aug 04, 2021•37 min•Season 5Ep. 1389
An apparent ransomware attack hits Italy’s online vaccine-scheduling service. A Chinese cyberespionage campaign hits Southeast Asian telcos enroute to high-value targets. Some strategic context for Beijing’s espionage. FatalRAT is spreading by Telegram. Crafty phishing spoofs SharePoint. Joe Carrigan has thoughts on HP's latest Threat Insights Report. Our guest is Marc Gaffan of Hysolate who reveals the “Enterprise Security Paradox”. Plus, Conversations with BlackMatter, and a look at the inside...
Aug 03, 2021•32 min•Season 5Ep. 1388
SVR may have compromised twenty-seven US Attorneys’ offices. Ransomware disruptions of a physical supply chain continue as South African ports reopen. EA hackers give up, and dump the source code they stole. Double extortion may not be paying off. A look at initial access brokers. Operation Top Dog yields indictments in an international fraud case. Rick Howard tackles enterprise backup strategies. Kevin Magee from Microsoft with lessons learned hiring multiple team members during COVID. And a de...
Aug 02, 2021•32 min•Season 5Ep. 1387
Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career. Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, And...
Aug 01, 2021•6 min•Season 2Ep. 60
President Biden's Cyber Executive Order includes provision for a software bill of materials in government contracts. It's a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks like the ones that affected SolarWinds and Colonial Pipeline, organizations also need transparency about the way the software in their supply chain behaves–how, and with whom, that software engages in and outside of their networks. In this episode of CyberWire-X, w...
Aug 01, 2021•33 min•Season 1Ep. 17
Guest Charity Wright, Cyber Threat Intelligence Expert in Recorded Future's Insikt Group, joins Dave to discuss her research "China’s Digital Colonialism: Espionage and Repression Along the Digital Silk Road". Through the Digital Silk Road Initiative (DSR), announced in 2015, the People’s Republic of China (PRC) is building an expansive global data infrastructure and exporting surveillance technologies to dictators and illiberal regimes throughout the developing world, in some cases trading tech...
Jul 31, 2021•20 min•Season 3Ep. 194
Cozy Bear’s active command-and-control servers are found, and people conclude that Moscow’s not too worried about American retaliation after all. Spyware found in an app for companies doing business in China. What to make (and not make) of the Iranian documents Sky News received. Phishing with Crimean bait. HTML smuggling may be enjoying a moderate surge. DoppelPaymer rebrands. Andrea Little Limbago from Interos on growing the next-gen of cyber. Our guest is Jamil Jaffer from IronNet Cybersecuri...
Jul 30, 2021•31 min•Season 5Ep. 1386
Advice on WiFi security from NSA. South African ports are recovering from their ransomware attack. The attack on Iranian railroads was a wiper, of unknown origin and uncertain purpose. Developments in the criminal-to-criminal market. Israel undertakes an investigation of NSO Group. Josh Ray from Accenture Security on the road back to the office. Our guest is Duncan Godfrey from Auth0 with insights on managing digital identities. And a bad password is revealed on an open mic during an Olympic bro...
Jul 29, 2021•32 min•Season 5Ep. 1385
US formally establishes its Industrial Control System Cybersecurity Initiative. Shooting wars in cyberspace. Developments in the ransomware criminal souks. This week’s iOS update may have closed the vulnerability exploited by NSO Group’s Pegasus intercept tool. The US, UK, and Australia issue a joint advisory on the most exploited vulnerabilities. Abkhazia’s crackdown on coinminers. Joe Carrigan looks at the Mespinoza ransomware gang. And meet Marcy Flores, the Robin Sage of Liverpool aerobics. ...
Jul 28, 2021•35 min•Season 5Ep. 1384
Transnet declares force majeure over cyberattack on South African port management. The IRGC apparently is Googling a bunch of stuff about gas stations and merchant ships. Kaseya’s denial of paying ransom has legs. Criminal coders like obscure languages. The AvosLocker gang is looking for pentesters, access brokers, and affiliates. The US and China hold “frank and open” conversations about, among other things, cyber tensions. Ben Yelin explains the tech implications of President Biden's recent ex...
Jul 27, 2021•32 min•Season 5Ep. 1383
Kaseya isn’t saying where it got its REvil decryptor. Transportation services disrupted at two major South African ports by an unspecified cyber incident. Another company is mentioned as an alleged source of abused intercept tools as the controversy over NSO Group’s Pegasus software continues. Johannes Ullrich from SANS on supply chains, development tools and insecure libraries. Our own Rick Howard looks at enterprise encryption. And a guilty plea gets a swatter five years: he got off easy. For ...
Jul 26, 2021•30 min•Season 5Ep. 1382
Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskil...
Jul 25, 2021•6 min•Season 2Ep. 59
With the recent onslaught of ransomware attacks across healthcare institutions, critical infrastructure, and the public sector, it's clear that ransomware isn’t going anywhere. But given how common ransomware attacks have become, how is it that we've been unable to put a stop to them? Companies often overlook the role that hardware security plays in meeting this challenge, and that oversight has become a bad actor's dream. Michael Nordquist speaks about the recent surge in ransomware attacks, an...
Jul 25, 2021•32 min•Season 1Ep. 16
Guest Christopher Budd, Senior Global Threat Communications Manager at Avast, joins Dave to talk about some research his team did when they looked into a Reddit report saying their Avast folder was empty and other reports like it. The team found a new malware they’re calling “Crackonosh” in part because of some possible indications that the malware author may be Czech. Crackonosh is distributed along with illegal, cracked copies of popular software and searches for and disables many popular anti...
Jul 24, 2021•16 min•Season 3Ep. 193
The Olympics are underway, and the authorities are on the alert for cyberattacks. Kaseya has a decryptor for the REvil ransomware, but it hasn’t said how it got the key. NSO Group says it’s not responsible for customer misuse of its Pegasus intercept tool. US policy toward Chinese cyber activities shows continuity, with some diplomatic intensification, but hawks would like to see more action. Our guest Jack Williams from Hexagon joins Dave to discuss the promises and challenges of smart cities. ...
Jul 23, 2021•31 min•Season 5Ep. 1381
It’s extortion after all at Saudi Aramco. Controversy and investigation over alleged misuse of NSO Group’s Pegasus intercept tool continues. Warning of Chinese espionage from ANSSI, and China’s denunciation of all this kind of “baseless slander.” Phishing in Milanote. FIN7 resurfaces after the conviction of some key members. Dinah Davis from Arctic Wolf on the importance of identity management. Our guest Jenn Donahue shares key strategies for mentoring and supporting female engineers, scientists...
Jul 22, 2021•32 min•Season 5Ep. 1380
CISA warns of threats to industrial control systems, profusely illustrated with examples from recent history. Ransomware can be operated either in the course of privateering or as an APT side hustle. Security firms outline new and evolving threats and vulnerabilities. Reaction continues to the Pegasus Project’s reports on intercept tools. Joe Carrigan unpacks recent Facebook revelations and allegations. Our guest is Dave Humphrey from Bain Capital on his tech investment bets and predictions. And...
Jul 21, 2021•31 min•Season 5Ep. 1379
The US says China contracted with criminals to carry out cyberespionage campaigns. Norway says China was behind an attack on its parliamentary email system. China denounces accusations of cyberespionage as slander, and says it’s the real victim, because the CIA is the one stealing IP from China. AWS expels NSO Group from its CloudFront CDM. NSO denies it permits its intercept tools to be abused. Saudi Aramco sustains a data breach. Ben Yelin describes calls for bans on government use of facial r...
Jul 20, 2021•32 min•Season 5Ep. 1378
Allied governments formally attribute exploitation of Microsoft Exchange Server to China’s Ministry of State Security. A US Federal indictment names four MSS officers in conjunction with another, long-running cyberespionage campaign. The US Department of Commerce adds six Russian organizations to the Entities List. The Pegasus Project outlines alleged abuse of NSO Group’s intercept tool. Thomas Etheridge from CrowdStrike on the importance of real-time response, continuous monitoring and remediat...
Jul 19, 2021•29 min•Season 5Ep. 1377
CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery. He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different app...
Jul 18, 2021•6 min•Season 2Ep. 58
Guest Nathan Howe, Vice President of Emerging Technology at Zscaler, joins Dave to discuss his team's work, "2021 “Exposed” Report Reveals Corporate and Cloud Infrastructures More at Risk Than Ever From Expanded Attack Surfaces." The modern workforce has resulted in an increase of users, devices, and applications existing outside of controlled networks, including corporate networks, the business emphasis on the “network” has decreased and the reliance on the internet as the connective tissue for...
Jul 17, 2021•21 min•Season 3Ep. 192
Russia’s Ministry of Defense says its website sustained a distributed denial-of-service attack this morning. Facebook disrupts a complex Iranian catphishing operation aimed at military personnel and employees of defense and aerospace companies. Microsoft and Citizen Lab describe the recent operations of an Israeli intercept tool vendor. The US shows no signs of relenting on Huawei. Johannes Ullrich from the SANS technology institute has been Hunting Phishing Sites with Shodan. Our guest is Rick ...
Jul 16, 2021•28 min•Season 5Ep. 1376
A Chinese APT is active against targets in Myanmar and, especially, the Philippines. Cyberespionage campaigns suggest that there’s a thriving market for zero-days. MI5 warns against spying, disinformation, and radicalization. REvil continues to lie low (and the Kremlin hasn’t seen anything). CISA offers ransomware mitigation advice. Bogus Coinbase sites steal credentials. Ransomware attacks on old SonicWall products expected. Daniel Prince from Lancaster University looks at Getting into the indu...
Jul 15, 2021•33 min•Season 5Ep. 1375
SolarWinds patches a zero-day exploited by a Chinese threat group. Patch Tuesday notes. What’s up with REvil: takedown, retirement, rebranding, or glitch? (Don’t bet against rebranding.) Joe Carrigan from JHU ISI on cell phone carriers sneaking us ads via SMS. Our guest is Nicko van Someren of Absolute Software with a look at endpoint risk. And bots like futbol. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefin...
Jul 14, 2021•30 min•Season 5Ep. 1374
SolarWinds addresses a zero-day that was exploited in the wild. A watering hole campaign lures users of online gaming sites. Inauthentic accounts (now suspended) get a blue check mark. Trickbot is back, with new capabilities. The DarkSide hits fashion retailer Guess. Malek Ben Salem from Accenture on Remediation of Vulnerabilities using AI. Our guest is Jeff Williams from Contrast Security with a look at Application Security in Financial Services. And some updates on Kaseya, its customers, and t...
Jul 13, 2021•30 min•Season 5Ep. 1373
