A reply-chain incident is reported at a major international furniture and housewares retailer. North Korean operators are phishing for South Korean marks using bogus Samsung recruiting emails as phishbait. Fancy Bear has been seen pawing at Gmail. A regional escalation to civilian targets in the cyber conflict between Iran and Israel. More organizations are added to the US Entity List. Johannes Ullrich looks at decrypting Cobalt Strike. Our own Rick Howard wonders if executive really need to kno...
Nov 29, 2021•22 min•Season 5Ep. 1467
Associate Director at Raytheon Intelligence and Space in the Cyber Protection Services Division Anisha Patel always loved math and it defined her career journey. As a first-generation American from an Asian household, Anisha said she was destined for a STEM-focused career and chose electrical engineering. She began her career and remains at Raytheon (formerly E-Systems) working in several areas of the business thanks to her skills and informal mentors. Starting a rotational assignment in program...
Nov 28, 2021•7 min•Season 2Ep. 77
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off recovering from our Thanksgiving feasts. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as they’re played out in cyberspace. This week's headlines: Iranian threat actors target the IT supply chain. North Korean cyberespionage. More information on Emotet's return. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. Learn more ab...
Nov 27, 2021•8 min
Our team decided to extend our Thanksgiving holiday and thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview October 27th, 2021 originally aired as a shortened version on the CyberWire Daily Pod...
Nov 26, 2021•9 min
Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen actio...
Nov 25, 2021•18 min•Season 1Ep. 2
An apparent cyberespionage campaign targets the Iranian diaspora. Babadeda is an emerging crypter seeing use against alt-coin and NFt speculators. RATDispenser is out in the wild, a malware-as-a-service operation. Proofs-of-concept published for Microsoft exploits. Apple sues NSO Group. Group-IB’s founder asks President Putin for clemency. Caleb Barlow on the difference between working for a company that is funded by VCs, PEs, angels or is public. Our guest today is Karl Sigler from Trustwave on...
Nov 24, 2021•29 min•Season 5Ep. 1466
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. A Gizmodo-led consortium will review and release the Facebook Papers. Ben Yelin on our privacy rights during emergency situations. Our guest is Ric Longenecker of Open Systems to discuss how ransomware attacks represent the number one threat for universities. And NSO Group may not recover from current controversy over its Pegasus intercept tool. For links to all of today's stories check out our ...
Nov 23, 2021•30 min•Season 5Ep. 1465
The Lazarus Group seems interested in learning from, by which they mean stealing from, some of the world’s leading state-sponsored cyber operators. Void Balaur remains an enigma, but it’s not the only player in the C2C market. CISA and the FBI warn all, but especially critical infrastructure operators, to remain alert during the holidays. Some scammers are impersonating the US SEC. Dinah Davis from Arctic Wolf on what security gifts to get your family this year. Our guest today is Carole Theriau...
Nov 22, 2021•22 min•Season 5Ep. 1464
As ransomware attacks rapidly rise in frequency, eye-popping ransom demands grab headlines, and consumers experience product shortages and difficulty accessing services as the organizations they do business with are knocked offline. However, little is reported about the impact of a ransomware attack inside an organization. However, little is reported about the impact of a ransomware attack inside an organization. In this show, we cover what steps organizations are taking now to prepare for a ran...
Nov 21, 2021•30 min•Season 1Ep. 22
Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate a...
Nov 21, 2021•7 min•Season 2Ep. 76
Guests Nicholas Boucher and Ross Anderson from the University of Cambridge join Dave Bittner to discuss their research, "Trojan Source: Invisible Vulnerabilities." The researchers present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they a...
Nov 20, 2021•25 min•Season 3Ep. 210
Software supply chain incidents: FatPipe, PyPi, and IT services generally. A look at recent Iranian operations. The US Federal Reserve publishes its disclosure rules for banks sustaining cyber incidents. CISA issues a set of ICS advisories. Two of the Five Eyes announce plans for continued, even closer cooperation in cyberspace. Johannes Ullrich on attackers abusing "PAM" (Plug Authentication Modules). Our guest is Hatem Naguib, CEO at Barracuda Networks. And a real evil maid seems to have been ...
Nov 19, 2021•26 min•Season 5Ep. 1463
Red Curl is a Russophone gang with an unusual target list. North Korea’s TA406 is having a busy year, hacking for intelligence and for profit. Wicked Panda’s getting good at code-signing, and software supply chain attacks are in Beijing’s long-term plans. A spearphishing campaign abuses legitimate collaboration tools. Kevin Magee from Microsoft has an insider’s look at Windows 11 security. Our guest is Kevin Bocek of Venafi to discuss Security Software Build Environments. And selling confiscated...
Nov 18, 2021•25 min•Season 5Ep. 1462
CISA, the FBI, the ACSC, and the NCSC issue a joint advisory warning of an Iranian cyber campaign exploiting known vulnerabilities in Fortinet and Microsoft Exchange. A Belarusian connection to Ghostwriter. Candiru tools reported in watering holes. SideCopy’s interest in Afghanistan. RAMP shows an interest in attracting Chinese operators. Josh Ray from Accenture Security digs into the CONTI playbook leak. Our guest is Matt Keeley from Bishop Fox on fuzzing. And Pompompurin wants to sell you leak...
Nov 17, 2021•24 min•Season 5Ep. 1461
Older threats, including Emotet and Mirai, are out and about, and an old vulnerability, Rowhammer, gets a fresh proof-of-concept. A new banking Trojan threatens Europe. Intel works on vulnerabilities. CISA advises awareness of recently reported DDS vulnerabilities. Joe Carrigan explains how spearphishers are using customer complaints as bait. Rick Howard epaks with Carlos Vega from Devo on Supply Chain issues. And an arrest is made in a Maryland revenge porn case. For links to all of today's sto...
Nov 16, 2021•29 min•Season 5Ep. 1460
Exploitation of a configuration error in the FBI’s Law Enforcement Enterprise Portal enables hackers to send bogus warning emails. Philippine Office of Civil Defense Twitter account briefly hijacked. Update on Iranian politically motivated threat group MosesStaff. Discount retailer Costco discloses a point-of-sale skimmer incident. Dinah Davis from Arctic Wolf track zero days. Rick the Toolman Howard drops by the studio. And the US seeks extradition of a Russian alt-coin baron on charges of laun...
Nov 15, 2021•22 min•Season 5Ep. 1459
Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem–everyone from cyber insurance providers to the federal government have taken note. The CyberWire's Rick Howard speaks with Hash Table member Kevin Ford of Environmental Systems Resear...
Nov 14, 2021•29 min•Season 1Ep. 21
Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes y...
Nov 14, 2021•9 min•Season 2Ep. 75
Senior Intelligence Researcher at Anomali, Tara Gould, joins Dave to discuss their team's work on "Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server." Anomali Threat Research discovered an open server to a directory listing that they attribute with high confidence to the German-speaking threat group, TeamTNT.The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.Other server contents include Amazon Web Services (AWS) Credentials stolen f...
Nov 13, 2021•15 min•Season 3Ep. 209
Notes on rising international tension in Eastern Europe. A watering-hole campaign in Hong Kong. The US and the EU have joined the Paris Call. NSO Group’s prospective CEO resigns his position before formally assuming it. Void Balaur, a cybermercenary group, is active in the Russophone cyber underground. Johannes Ullrich on leaked vaccination cards and Covid tests. Our guest is Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect Active Directory. CISA intends ...
Nov 12, 2021•26 min•Season 5Ep. 1458
Welcome to a fun new project by the team who brings you Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series. They view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this first episode, Dave, Joe and Rick are watching Dave's and Joe's picks. They watch each of the selected scenes, describe the on-screen action for you, and then t...
Nov 11, 2021•25 min•Season 1Ep. 1
Tehran’s Lyceum group expands its activities against ISPs and telcos in Israel, Morocco, Tunisia, and Saudi Arabia. Clopp is going after unpatched instances of SolarWinds. Cyber mercenaries are quietly competing with lawful intercept vendors. NSO Group receives a setback from the US 9th Circuit. Mexico makes an arrest in its Pegasus investigation. Carole Theriault shares her thoughts on the supply chain. Josh Ray from Accenture Security on Moving Left of the Ransomware Boom. And notes on Patch T...
Nov 10, 2021•24 min•Season 5Ep. 1457
Hive ransomware hits electronics retailer Media Markt. Robinhood Markets sustains a data breach it traces to social engineering. Ben Yelin looks at the law behind U.S. police demanding your phone passcode. Dave checks in with Rick Howard for his thoughts on the Trojan Source vulnerability. And more notes on the international action against REvil, including the US application of sanctions (with Baltic cooperation) to three companies involved in supporting the gang’s financial infrastructure. For ...
Nov 09, 2021•25 min•Season 5Ep. 1456
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign. Conti (sort of) apologizes. Caleb Barlow thinks it’s time to re-think your security documentation. Our guest is Jessica Hetrick of Optiv Security on cyber fraud running rampant. And the FBI warns of ransomware attacks targeting casinos. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/ne...
Nov 08, 2021•25 min•Season 5Ep. 1455
Senior Vice President for Strategy, Partnerships, and Corporate Development at IronNet Cybersecurity, Jamil Jaffer, shares how his interest in technology brought him full circle. Always a tech guy, Jamil paid he way through college doing computer support. Jamil went to law school and worked in various jobs in Washington DC including a stint in the newly-created National Security division of the Justice Department just after 9/11. When talking about adversity, Jamil notes, "Adversity has happened...
Nov 07, 2021•6 min•Season 2Ep. 74
Guest Mor Levi, Vice President of Cyber Practices from Cybereason, joins Dave Bittner to discuss her team's work on "Operation GhostShell - Novel RAT Targets Global Aerospace and Telecoms Firms." In July 2021, the Cybereason Nocturnus and Incident Response Teams responded to Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe. The Operation Ghos...
Nov 06, 2021•19 min•Season 3Ep. 208
The US offers a reward of up to ten million dollars for information leading to the identification or location of the leaders of the DarkSide ransomware gang. Researchers expect BlackMatter’s nominally retired operators to resurface in other criminal organizations. Ukraine outlines Russian FSB cyber operations during the hybrid war that’s been waged since 2014. Deterrence in cyberspace. Carole Theriault takes on high value targets. Our guest is Bill Mann of Styra on rising compliance regulations ...
Nov 05, 2021•26 min•Season 5Ep. 1454
Britain’s Labour Party is affected by a ransomware incident a third-party provider sustained. ANSSI identifies a new ransomware affiliate gang, “Lockean.” Notes on how and why BlackMatter and REvil went on the lam. Russo-American talks discussed cybercrime and cybersecurity. Iran’s gas stations are fully back in business, following the cyber sabotage they sustained. Kevin Magee from Microsoft has highlights from their 2021 Digital Defence Report. Our guest is Ofer Ben Noon of Talon Cyber Securit...
Nov 04, 2021•26 min•Season 5Ep. 1453
The BlackMatter ransomware gang says that it’s retiring under pressure from the authorities. The spokesman for the Groove group says his gang doesn’t exist--he was just playing the media. Quiet, high-level talks held between senior US and Russian officials. The US Commerce Department sanctions four spyware vendors. Carole Theriault wonders if you can train yourself free of social engineering. Josh Ray from Accenture Security with insights from their Cyber Investigations and Forensic Response tea...
Nov 03, 2021•23 min•Season 5Ep. 1452
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and doxing. Criminals are now hacking on material, non-public information, the FBI warns. Joe Carrigan looks at multifactor adoption at Twitter. Our guest is Steve Ragan from Akamai on API security. And criminals hit healthc...
Nov 02, 2021•28 min•Season 5Ep. 1451
