In a hybrid war, sometimes it’s about the timing. Not quite all quiet on the cyber front. Pyongyang is phishing for crypto wallets (and your NFTs, and other blockchained valuables). Emotet really likes those malicious macros. Joe Carrigan looks at prompt bombing. Bec McKeown from Immersive Labs explains human cyber capabilities. And it’s our anniversary this week: celebrate with us. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newslett...
Apr 19, 2022•23 min•Season 6Ep. 1560
Nuisance-level cyberattacks continue on both sides of Russia’s hybrid war against Ukraine. Face-saving disinformation. “CatalanGate.” Industrial Spy says it caters to its victims’ competitors. More on what’s been learned from Conti’s leaked chatter. Rewards for Justice offers $5 million for tips on DPRK cyber ops. Awais Rashid on supply chain risk management. Our guest is Jack Chapman from Egress to discuss a 232% increase in LInkedIn phishing attacks. And Exercise Locked Shields begins tomorrow...
Apr 18, 2022•24 min•Season 6Ep. 1559
At the Hack the Port 2022 event, the CyberWire held a CyberWire Live event. CyberWire Daily Podcast host Dave Bittner was joined by Roya Gordon, OT/IoT Security Research Evangelist at Nozomi Networks, and Christian Lees, CTO at Resecurity. During this fireside chat format session, Dave and our guests discussed ICS, OT cybersecurity, the role of security research and demos, supply chain compromise, and IT/OT security trends among other things. Thanks to the team at MISI/DreamPort for this opportu...
Apr 17, 2022•40 min•Season 7Ep. 43
Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead...
Apr 17, 2022•8 min•Season 2Ep. 96
Alan Neville from Symantec/Broadcom joins Dave Bittner on this episode to discuss Antlion, a Chinese state-backed hacker group, are using custom backdoors to target financial institutions in Taiwan. Symantec's blog shares the research behind the attacks and how the backdoor allowed the attackers to run WMI commands remotely. Symantec's research showed that "The goal of this campaign appears to have been espionage, as we saw the attackers exfiltrating data and staging data for exfiltration from i...
Apr 16, 2022•18 min•Season 5Ep. 228
Further developments in the Incontroller/Pipedream industrial control system threat. Conti claims responsibility for the Nordex hack. The half-a-billion stolen from Ronin went to the Lazarus Group. And indictments in an influence ops case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/73 Selected reading. Ukraine war: Russia threatens to step up attacks on Kyiv (BBC News) Live Updates: Russia Sets Stage for...
Apr 15, 2022•23 min•Season 6Ep. 1558
A nation-state threat actor (probably Russian) targets industrial systems. A quick look at the GRU's earlier attempt against Ukraine's power grid. The difficulty of recovering from a credible threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin speaks Russian, and it holds Russian companies for ransom. Carole Theriault looks at research on lie detection. Josh Ray from Accenture drops some SBOMs. And another look at the privateers in the Conti gang. For links to all...
Apr 14, 2022•22 min•Season 6Ep. 1557
Indestroyer2 and Ukraine's power grid. More on last week's distributed denial-of-service attack against Finland. Anonymous claims to have doxed Russia's Ministry of Culture. Hafnium gets evasive. Enemybot is under development but worth keeping an eye on. Changing the phish hook. Patch Tuesday notes. Tim Eades from Cyber Mentor Fund on digital & security transformations. Our guest is Aaron Shilts from NetSPI onproactive public-private sector security collaboration. Sanctions evasion is serious bu...
Apr 13, 2022•25 min•Season 6Ep. 1556
GRU deploys Industroyer2 against the Ukrainian energy sector. NB65 counts coup against Roscosmos. Anonymous doxes three more Russian companies. President Putin purges the FSB’s Fifth Service. CISA warns of an exploited firewall vulnerability. Medical robots’ vulnerabilities are remediated. A Cyber Civil Defense effort in the US. Ben Yelin on newly passed cyber legislation. Our guest is Chase Snyder from ExtraHop to discuss their recent Cyber Confidence Index. And good riddance to RaidForums. For...
Apr 12, 2022•26 min•Season 6Ep. 1555
US National Security Advisor says atrocities were part of Russia's plan. Russian commanders seek to keep troops away from dangerous sections of the Internet. Cyberattacks in Finland may be a shot across Helsinki's bow. CERT-UA warns of a phishing campaign. Hacktivists hit Russian organizations. Mixed reviews for US preemptive measures against GRU botnets. Sharkbot-infested apps ejected from Google Play. Johannes Ullrich from SANS on malicious ISO files embedded in HTML. Our guest is Neal Dennis ...
Apr 11, 2022•24 min•Season 6Ep. 1554
Enjoy this sample of CSO Perspectives, a CyberWire Pro podcast. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. On this episode, host Rick Howard discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill c...
Apr 11, 2022•23 min•Season 4Ep. 33
Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. " I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states...
Apr 10, 2022•10 min•Season 2Ep. 95
Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited. CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsoft’s Docker images, caused by misuse of Linux capabilities, a...
Apr 09, 2022•21 min•Season 5Ep. 227
Russian disinformation in its war against Ukraine. Overhead imagery and electronic intercepts suggest that Russian atrocities are matters of policy and strategy. Microsoft disrupts GRU cyber operations. Facebook takes down Iranian coordinated inauthenticity. India’s Power Ministry says it stopped a Chinese cyberattack. Dave Dufour from Webroot on evolving attack mechanisms. Our guest is Dan Petro of Bishop Fox with a warning for document redaction. Grid security and the value of exercises. For l...
Apr 08, 2022•23 min•Season 6Ep. 1553
An update on US cyber defensive operations and the war in Ukraine. You can’t tell your oligarchs without a scorecard. Google ejects data-harvesting apps from Play. China preps the cyber battlespace against India’s power grid. More moves against Hydra Market. Bearded Barbie’s catphishing. Betsy Carmelite from BAH on a blueprint for achieving a secure and resilient dot gov. Our guest is Padraic O'Reilly from CyberSaint with a fresh look at ransomware. And your majesty, meet this here dissident, wh...
Apr 07, 2022•27 min•Season 6Ep. 1552
There’s a maneuver lull in Russia’s hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is... For li...
Apr 06, 2022•25 min•Season 6Ep. 1551
Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someone’s carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out. For links to all of today's stories check out our CyberWire daily news briefin...
Apr 05, 2022•22 min•Season 6Ep. 1550
Doxing, trolling, and censorship in a hybrid war. Western organizations remain on alert for a Russian cyber campaign. Known Russian threat actors continue operations against Ukraine proper. Borat RAT described. Welcome the US State Department’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Your wild ways will break your mother’s heart. Rick Howard weighs in on Shields Up. Josh Ray from Accenture on ideological differences on underground forums. And fast food as ...
Apr 04, 2022•29 min•Season 6Ep. 1549
Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all ...
Apr 03, 2022•6 min•Season 2Ep. 94
In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR. Learn more about your ad choices. Visit megaphone.f...
Apr 03, 2022•30 min•Season 1Ep. 28
Guest Michael DeBolt from Intel 471 joins Dave Bittner on this episode to discuss one of the most popular commodity malware loaders on the underground – PrivateLoader. The blog provides an analysis of campaigns since May 2021, full details on a Pay-per-install (PPI) malware service, the methods operators employ to obtain “installs,” and insights on the malware families the service delivers. On Intel 471's blog, it shows the breakdown of how the PrivateLoader download is delivered and how it work...
Apr 02, 2022•19 min•Season 5Ep. 226
Attempting to evolve rules of cyber conduct during a hot hybrid war. Waiting for major Russian cyber operations. Viasat terminals were hit by wiper malware. Patches and detection scripts for Spring4shell. Warning of ransomware threat to local governments. Emergency data requests under Senatorial scrutiny. NSA employee charged with mishandling classified material. Andrea Little Limbago from Interos on Bots, Warriors and Trolls. Rick Howard speaks with Maretta Morovitz on cyber deception. And no A...
Apr 01, 2022•25 min•Season 6Ep. 1548
Russian cyber operators collect against domestic targets. More details on the Viasat hack. Ukrainian hacktivists say they can interfere with Russian geolocation. Spring4shell is another remote-code-execution problem. The Remcos Trojan is seeing a resurgence. Malicious links distributed via Calendly. Johannes Ullrich from SANS on attack surface detection. Our guest is Fleming Shi from Barracuda on cybersecurity champions. Phishing with “emergency data requests.” Lapsus$ may be back from vacation....
Mar 31, 2022•22 min•Season 6Ep. 1547
Taking down bot farms. Russia says the US is the aggressor in cyberspace. Influence operations, arriving at Mach 10. The call is coming from inside the house! Cyber incidents affect aviation services. CISA posts ICS control system advisories. I welcome Tim Eades from the Cyber Mentor Fund. Our guest is Alex Holland from HP Wolf Security describing a new wave of attacks. And Sanctions are also biting Russian cyber gangs. For links to all of today's stories check out our CyberWire daily news brief...
Mar 30, 2022•23 min•Season 6Ep. 1546
A cyberattack takes down a major Ukrainian Internet provider. GhostWriter is said to deploy Cobalt Strike against the Ukrainian government. Anonymous makes some large claims. This just in: spies drive drunk: Ukrainian intelligence doxes FSB officers. Conventional criminals continue to exploit sympathy for Ukraine in social engineering scams. Red-Lili automates software supply-chain attacks. Ben Yelin considers Russian cyber capabilities. Mr. Security Answer Person John Pescatore addresses securi...
Mar 29, 2022•28 min•Season 6Ep. 1545
Preparing for the spread of cyberattacks. A look at Cyber operations in the hybrid war. C3 and electronic warfare. The Republic of the Marshall Islands suffers rolling DDoS attacks. Okta gives a detailed account of its experience with the Lapsus$ Group. Lapsus$ under the law enforcement microscope. The FCC sanctions Kaspersky. Malek Ben Salem from Accenture on getting full potential from deception systems. Our guest is Greg Scasny of Blueshift Cybersecurity with remote workforce security concern...
Mar 28, 2022•24 min•Season 6Ep. 1544
Guest Dick O'Brien from Symantec joins Dave Bittner on this episode to discuss how "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine." The Russia-linked Shuckworm group (aka Gamaredon, Armageddon) has been active since 2013 and is known to use phishing emails to distribute either freely available remote access tools. In July 2021, Symantec observed Shuckworm activity on an organization in Ukraine and this continued until August 2021. According to a November 2021 report from the Securi...
Mar 26, 2022•19 min•Season 5Ep. 225
Fears of Russian escalation as Ukraine’s counteroffensive sees successes. Warnings of possible Russian cyberattacks gain context from attribution of the Viasat incident and two US unsealed indictments. CISA continues to recommend best practices. North Korean APTs exploit Chrome vulnerabilities. Mustang Panda is back. David Dufour from Webroot on ransomware gangs and cartels. Our guest is Liliana Monge of Sabio Coding Bootcamp on creating opportunities for those looking to pursue a career in tech...
Mar 25, 2022•25 min•Season 6Ep. 1543
Concerns persist that President Putin will take his revenge in cyberspace for sanctions. Wiper attacks reported continuing in Ukraine. Russia also sustains cyberattacks. Lapsus$--living at home, with Mom. A carder kingpin finds his way onto the FBI’s Most Wanted List. Andrea Little Limbago from Interos on collective resilience. Our guest is Amit Shaked from Laminar Security on shadow data. Anonymous says it hit Nestlé, but Nestlé says it never happened. For links to all of today's stories check ...
Mar 24, 2022•26 min•Season 6Ep. 1542
In this CyberWire-X episode, host Dave Bittner chats with the judges of the Insider Risk Excellence Awards. The inaugural awards program, announced during last September's Insider Risk Summit, recognizes the best of the best in Insider Risk Management. They honor the work of individuals and organizations as they address Insider Risk in the most collaborative work environment we’ve ever seen. Judges Joe Payne, President and CEO, Code42 and Chairman, Insider Risk Summit and Wendy Overton, Director...
Mar 24, 2022•23 min•Season 1Ep. 27
