Tensions remain high as Russia assembles troops near Ukraine and NATO moves to higher states of readiness. The Belarusian Cyber Partisans claim responsibility for a ransomware attack against Belarusian railroads. The BRATA banking Trojan spreads, as does DTPacker malware. REvil alumni may be getting the band back together. Ransomware operators working harder to recruit insiders at their targets. Joe Carrigan has the story of a romance scammer in custody. Mr. Security Answer Person John Pescatore...
Jan 25, 2022•32 min•Season 6Ep. 1501
Updates on the continuing hybrid war in Ukraine. The UK charges Russia with trying to install a puppet in Kyiv. Nominal hacktivists claim an attack against Belarusian railroads. Compromise of Greek parliamentary email accounts reported. Netherlands authorities warn against relaxing your guard against Log4j exploitation. Julian Assange will get another chance to avoid extradition. Rick Howard’s been pondering his reading list. Dinah Davis from Arctic Wolf on securing your smart speakers. And Russ...
Jan 24, 2022•28 min•Season 6Ep. 1500
COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today. Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got his break into security. That's where he learned the components that fit together in order to effectively secure an environment. Andrew's words of wisdo...
Jan 23, 2022•8 min•Season 2Ep. 84
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss joint research done by Accenture’s Cyber Threat Intelligence (ACTI) group and Prevailion’s Adversarial Counterintelligence Team (PACT). The teams dug into recently publicized campaigns of the cyber espionage threat group Lyceum (aka HEXANE, Spirlin) to further analyze the operational infrastructure and victimology of this actor. The team’s findings corroborate and reinforce pre...
Jan 22, 2022•18 min•Season 5Ep. 216
US and Russian talks over Ukraine conclude with an agreement to further exchanges next week. Western governments continue to recommend vigilance against the threat of Russian cyberattacks against critical infrastructure. The US Treasury Department sanctions four Ukrainian nationals for their work on behalf of Russia’s FSB and its influence operations. A firmware bootkit is discovered in the wild. Security turnover at Twitter. Caleb Barlow looks at wifi hygiene. Our guest is Allan Liska on his la...
Jan 22, 2022•26 min•Season 6Ep. 1499
As Russian forces remain in assembly areas near the Ukrainian border, the US and Russia prepare for tomorrow’s high-level talks in Geneva. NATO members look to their cyber defenses. US President Biden issues a Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. Notes on C2C markets. Mirai is exploiting Log4j flaws. Verizon’s Chris Novak shares insights on Log4j challenges. Our guest is Ryan Kovar from Splunk with a look at th...
Jan 20, 2022•29 min•Season 6Ep. 1498
Ukraine confirms that it was hit by wiper malware last week, as tension between Moscow and Kyiv remains high. It remains high as well between Russia and NATO, as Russia continues marshaling conventional forces around Ukraine. CISA advises organizations to prepare to withstand Russian cyberattacks. Other cyberespionage campaigns are reported, as is a new strain of ransomware. Microsoft’s Kevin Magee provides friendly counsel for CISOs and boards. Our guest is Clar Rosso from ISC2 on the communica...
Jan 19, 2022•26 min•Season 6Ep. 1497
A new Chinese cyberespionage group is described. Cobalt Strike implants are observed hitting unpatched VMware Horizon servers. Ukraine attributes last week’s cyberattacks to Russia (with some possibility of Belarusian involvement as well). Microsoft doesn’t offer attribution, but it suggests that the incidents were more destructive than ransomware or simple defacements. The US warns of possible provocations. Ben Yelin looks at a bipartisan TLDR bill. Our guest is Lisa Plaggemier from the Nationa...
Jan 18, 2022•26 min•Season 6Ep. 1496
Rick explains the network defender evolution from defense-in-depth in the 1990s, to intrusion kill chains in 2010, to too many security tools and SOAR in 2015, and finally to devsecops somewhere in our future. Resources: “Cybersecurity First Principles: DevSecOps.” by Rick Howard, CSO Perspectives, The CyberWire, 8 June 2020. “FAQ,” RSA Conference, 2020. "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” by Eric Hutchins, Michael...
Jan 17, 2022•18 min•Season 3Ep. 29
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a frien...
Jan 16, 2022•9 min•Season 2Ep. 83
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries. In her Money 20/20 keynote presentation entitled “Scorched Earth...
Jan 15, 2022•25 min•Season 5Ep. 215
A large-scale cyberattack against Ukrainian websites looks like an influence operation, and Russian intelligence services are the prime suspects. The FSB raids REvil. The White House Open Source Software Security Summit looks toward software bills of materials. MuddyWater exploits Log4shell. The DPRK is working to steal cryptocurrency. Caleb Barlow shares the consequences of the 3G network shutdown. Our guest is John Lehmann from Intellectual Point with programs that help military veterans trans...
Jan 14, 2022•29 min•Season 6Ep. 1495
A White House government-industry summit today addresses open-source software security. The US officially makes its second attribution of the week to a nation-state: it calls out Iran as the operator of the MuddyWater threat group. Israel arrests five on charges related to spying for Iran (they’re thought to have been recruited through catphishing). Citizen Lab finds Pegasus in Salvadoran phones. Ukraine arrests a ransomware gang. Thomas Etheridge from CrowdStrike on the importance of threat hun...
Jan 13, 2022•27 min•Season 6Ep. 1494
The US issues an alert over the prospect of Russian cyberattacks, and the EU begins a series of stress tests, both in apparent response to concerns over the prospect of a Russian attack on Ukraine. NIST updates its guidance on Engineering Trustworthy Secure Systems. NIght Sky ransomware exploits Log4shell. Phishing afflicts a hotel chain. Carole Theriault examines international efforts to stop digital fraud. Ben Yelin fon Seattle Police Faking Radio Chatter. And we’re shocked, shocked, to learn ...
Jan 12, 2022•26 min•Season 6Ep. 1493
Log4shell as an instance of a more general software supply chain issue. An APT apparently mistakenly infects itself with its own RAT. A new backdoor, SysJoker, is in use in the wild. A warning on commercial surveillance software. A leak investigation continues in Denmark. Joe Carrigan explains bogus QR codes. Our guest is Casey Allen of Concentric on cyber vulnerabilities in automobiles. And, Europol is told it has a year to clear its databases of information on people not involved in crime. For...
Jan 11, 2022•27 min•Season 6Ep. 1492
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7’s BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on their report - The Government Called, Are You Ready to Answer? Chris Novak from Verizon on PCI 4.0. And Russo-American talks open in Geneva. For link...
Jan 10, 2022•30 min•Season 6Ep. 1491
Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a professional musician, Julian found it more practical to take some technology classes and practice his saxophone when he had time. His first tech job...
Jan 09, 2022•9 min•Season 2Ep. 82
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss their research "Karakurt rises from its lair." Accenture Security has identified a new threat group, the self-proclaimed Karakurt Hacking Team, that has impacted over 40 victims across multiple geographies. The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game...
Jan 08, 2022•13 min•Season 4Ep. 214
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). The UK’s NHS warns of unknown threat actors exploiting Log4j bugs in unpatched VMware Horizon servers. In the US, CISA continues to assist Federal agencies with Log4j remediation, and observers call for more Government support of open-source software security. A major provider of school websites is hit with ransomware. Our guest is John Belizaire of Soluna Comput...
Jan 07, 2022•25 min•Season 6Ep. 1490
ICS vendors address Log4j vulnerabilities. Regulators and legislators think about addressing issues in the software supply chain. Ransomware gangs were quick to exploit Log4shell. An old, and patched, Windows vulnerability is being exploited by the Malsmoke gang. Social engineering of Google Docs users is up. Mr. Klyshin pleads not guilty. Robert M. Lee from Dragos makes the case for salary transparency. Our guest is George Gerchow from Sumo Logic with new approaches for the modern threat landsc...
Jan 06, 2022•29 min•Season 6Ep. 1489
CISA says US Federal agencies are now largely in compliance with Log4j risk mitigation guidance. The FTC issues advice and a warning on Log4j to US businesses. A skimmer is installed through cloud-delivered video. The Vice Society’s ransomware is meddling with supermarket operations in the UK. The Atlantic Council offers advice on strategy for the grey zone. Hacktivists are expected to punish greenwashing in 2022. Caleb Barlow on recent FBI PIN about how ransomware operators are looking for mate...
Jan 05, 2022•30 min•Season 6Ep. 1488
It’s going to take time, vigilance, and attention to detail to manage the Log4j risks. A North Korean APT is trying to install the Konni RAT into Russian diplomats’ devices. More hacktivist-looking incidents follow the anniversary of Iranian General Soleimani’s death. Other, self-inflicted, software supply chain incidents. The Kremlin is said to be worried about what Mr. Klyushin might tell the Americans who’ve got him in jail. Ben Yelin on the tension between ephemeral messaging apps and the pu...
Jan 04, 2022•32 min•Season 6Ep. 1487
Aquatic Panda has been found working Log4shell exploits against an academic institution. Apache fixes new Log4j issues reported last week, and Microsoft also updates Windows Defender to address Log4j risks. Cyberattacks, criminal or hacktivist in motivation, hit news outlets around the new year. Microsoft works on fixing a Y2K22 bug in on-premise Exchange Server. Andrea Little Limbago from Interos on technology spheres of influence. Our guest is Mark Dehus from Lumen’s Black Lotus Labs with DDoS...
Jan 03, 2022•25 min•Season 6Ep. 1486
Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology s...
Jan 02, 2022•8 min•Season 2Ep. 81
Industry experts discuss their cybersecurity predictions for 2022, what trends and attacks will be most prevalent in the year ahead, and how organizations should be preparing for the new year. In this show, we cover what they think the industry might see in 2022 (and some we probably won't see). The CyberWire's Rick Howard speaks with Hash Table member Kevin Magee, Chief Security Officer at Microsoft Canada, and show sponsor Keeper Security's CTO & Co-Founder Craig Lurey joins The CyberWire's Da...
Jan 02, 2022•30 min•Season 1Ep. 23
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42’s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently a...
Jan 01, 2022•21 min•Season 3Ep. 206
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bi...
Dec 31, 2021•13 min
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bi...
Dec 30, 2021•22 min
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Ho...
Dec 29, 2021•20 min
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bi...
Dec 28, 2021•10 min
