Brigid O Gorman from Symantec's Threat Hunter team joins Dave to discuss their research on "Noberus Ransomware - Darkside and BlackMatter Successor Continues to Evolve its Tactics." The research states that Noberus ransomware (aka BlackCat, ALPHV) is more dangerous than ever because attackers have been using new tactics, tools, and procedures in recent months. In the research, Symantec says, "Among some of the more notable developments has been the use of a new version of the Exmatter data exfil...
Oct 15, 2022•21 min•Season 5Ep. 254
County election workers find themselves targets of phishing. Impersonating Intrusion Truth. The LDS Church discloses data compromise. SpaceX asks for Starlink funding. Does Killnet have potential to do more damage than it so far has? Deepen Desai from Zscaler on Joker, Facestealer and Coper banking malwares on the Google Play store. Our guest is Maxime Lamothe-Brassard of LimaCharlie to discuss how the cybersecurity is following in the footsteps of software engineering. And the Gamers’ attack su...
Oct 14, 2022•28 min•Season 6Ep. 1683
Emotet ups its game. COVID-19 small business grants as phishbait. Google Translate is spoofed for credential harvesting. Research on the Budworm espionage group. Kevin Magee from Microsoft shares why cybersecurity professionals should join company boards. Our guest is Chris Niggel from Okta with a look at identity shortfalls. And Internet outages during missile strikes, and the prospects of Russia’s hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: http...
Oct 13, 2022•23 min•Season 6Ep. 1682
Refund fraud as a service. Costs of a nuisance. Remaining on alert during a hybrid war. Renewed activity by Polonium. Andrea Little Limbago from Interos discussing quantum computing policy. CyberWire Space Correspondent Maria Varmazis speaks with Dr. Gregory Falco on lessons learned from Russia’s attack on Viasat. Reflections on the Uber case's impact on security professionals. And when it comes to phishing-as-a-service, we’ll take decaf. For links to all of today's stories check out our CyberWi...
Oct 12, 2022•25 min•Season 6Ep. 1681
Russia's Killnet suspected in DDoS attack on major US airports. Starlink service interruptions reported. Bundesbahn communications network sabotaged in northern Germany. Germany's cybersecurity chief faces scrutiny over alleged ties to Russia. Ben Yelin on the FCC's crackdown on robocalls. Ann Johnson from Afternoon Cyber Tea talking with Sounil Yu from JupiterOne about the importance and evolution of cyber resilience. Overworked CISOs may be a security risk, but in an encouraging counterpoint, ...
Oct 11, 2022•27 min•Season 6Ep. 1680
This interview from September 23rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, CyberWire’s space correspondent, Maria Varmazis, interviews host of spaceflight podcast “Main Engine Cutoff,” Anthony Colangelo about the upcoming Apple iPhone 14 “Emergency SOS via Satellite” feature & what it means for satellite communications in the consumer sector. Learn more about your ad choices. Visit megaphone.fm/adchoices
Oct 10, 2022•20 min•Season 3Ep. 129
In today’s episode, our sandbox heads to the deployment pipeline for a conversation on the who/what/when/and why of a DevSecOps program and how it adds value to your business. And your main questions- – how you can encourage buy-in and adoption. Joining me today are Marcin Swiety, Relativity’s Senior Director of Global Security and IT, and Raphael Theberge - Director of Security Integrations. So, grab your DORA metrics, your source controls, and staging environments, and let’s dive in. Learn mor...
Oct 10, 2022•33 min•Season 2Ep. 19
The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, “Is it our fault if they don’t fix things?” While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start. But the real battle shouldn’t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defende...
Oct 09, 2022•36 min•Ep. 39
Payal Chakravarty, Head of Product for Security and Risk from Coalition, sits down to share her story of working at several different organizations, including interning for IBM and Microsoft. After obtaining her master's degree, she worked with IBM a bit more closely and fell in love with one of the projects she was working on. Payal had a very interesting career path going from physical to virtual, virtual to cloud now, cloud to containers. She says that there is still some bias she has dealt w...
Oct 09, 2022•9 min•Season 3Ep. 120
Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their recent work on "Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive." The research shares the insight into an active campaign from Russia’s Foreign Intelligence Service, that is leveraging the use of trusted, legitimate cloud services including Google Drive as a staging platform to deliver malware. The research states that when these tactics are used, it is extremely difficult for organizations...
Oct 08, 2022•23 min•Season 5Ep. 253
A US Executive Order outlines US-EU data-sharing privacy safeguards. CISA, NSA, and the FBI list the top vulnerabilities currently being exploited by China. A look at election security and credit risk to US states. COVID-19-themed social engineering continues. Robert M. Lee from Dragos on securing the food and beverage industry. Carole Theriault interviews Joel Hollenbeck from Check Point Software on threat actors phishing school board meetings. Notes from the hybrid war: Killnet and US state go...
Oct 07, 2022•28 min•Season 6Ep. 1679
This joint Cybersecurity Advisory provides the top CVEs used by the People’s Republic of China state-sponsored cyber actors. PRC cyber actors continue to exploit these known vulnerabilities and use publicly available tools to target networks of interest. PRC state-sponsored cyber actors have actively targeted U.S. and allied networks as well as software and hardware companies to steal intellectual property and develop access into sensitive networks. AA22-279A Alert, Technical Details, and Mitiga...
Oct 07, 2022•3 min•Season 1Ep. 34
Microsoft updates mitigations for ProxyNotShell. Lloyd's of London investigates a suspected cyberattack. Killnet hits networks of US state governments. The FBI and CISA weigh in on election security. Credential theft in the name of Zoom. Tim Eades from Cyber Mentor Fund on the move to early-stage investing in times of war and recession. Our guest is Nick Lumsden of Tenacity Cloud on cloud infrastructure sprawl. The former security chief at Uber was found guilty in a case involving data breach co...
Oct 06, 2022•26 min•Season 6Ep. 1678
Data’s stolen from a US "Defense Industrial Base organization." Major sideloading cryptojacking campaign is in progress. Nord Stream and threats to critical infrastructure. US Cyber Command describes "hunt forward" missions in Ukraine. Andrew Hammond from SpyCast speaks with hacker Eric Escobar about the overlap of traditional intelligence and cybersecurity. Our guest is AJ Nash from ZeroFox with an update on the current threat landscape. Fraud meets romance. For links to all of today's stories ...
Oct 05, 2022•28 min•Season 6Ep. 1677
From November 2021 through January 2022, the CISA responded to APT activity against a Defense Industrial Base organization’s enterprise network. During incident response activities, CISA discovered that multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltratio...
Oct 04, 2022•3 min•Season 1Ep. 33
CISA issues a Binding Operational Directive. An LA school district says ransomware operators missed most sensitive PII. An API protection report describes malicious transactions. Analysis of cyber risk in relation to SaaS applications. Joe Carrigan describes underground groups using stolen identities and deepfakes. Our guest is Eve Maler from ForgeRock on consumer identity breaches. And someone is making a nuisance of themself in Russia. For links to all of today's stories check out our CyberWir...
Oct 04, 2022•33 min•Season 6Ep. 1676
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s ...
Oct 03, 2022•30 min•Season 6Ep. 1675
Kayla Williams, CISO of Devo, sits down to share her story, from graduating with a finance degree to rising to where she is now. She quickly learned that finance was not for her and changed paths, working towards gaining an information security certificate. From there she was able to excel and was offered the opportunity to move to England which changed her life. Working in her new role, she really enjoys thriving with her team. She says "We really try to be the department of no problem versus t...
Oct 02, 2022•9 min•Season 3Ep. 119
On this episode of CyberWire-X, we dive into the essential role of open-source intelligence in identifying cyber and physical threats and reducing risk across your organization. The CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table members Dr. Georgianna Shea, CCTI and TCIL Chief Technologist at the Foundation for Defense of Democracies, and Bob Turner, Field CISO – Education at Fortinet. In the second half of the show, CyberWire podcast ho...
Oct 02, 2022•28 min•Season 1Ep. 38
David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltrates data via a browser's built-in bookmark sync. David goes on to describe how this research will "describe how the ability to synchronize bookmarks across devices introduces a novel vector for data exfiltration and other misuses." In the research, he shares how he tested his said hypothesis and goes on to describe how the interesting find was tested on multiple browsers including Chrome, Edge, Brave and Opera...
Oct 01, 2022•18 min•Season 5Ep. 252
North Korean operators "weaponize" open-source software. The SolarMarker info-stealer returns. A quick review of Fast Company's WordPress hijacking incident. Deepfakes, and their evolution into an underworld and influence ops tool. Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace. Chris Novak from Verizon with a mid-year check in. Our guest is MK Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse, skilled wor...
Sep 30, 2022•31 min•Season 6Ep. 1674
Gray-hat support for Iranian dissidents. Selling access wholesale in the C2C market. Novel malware’s discovered targeting VMware hypervisors. The Witchetty espionage group uses an updated toolkit. Deepen Desai from Zscaler has a Technical Analysis of Industrial Spy Ransomware. Ann Johnson of Afternoon Cyber Tea speaks with Michal Braverman-Blumenstyk, CTO for Microsoft Security, about Israel's cyber innovation. And Russian troops phone call revelations. For links to all of today's stories check ...
Sep 29, 2022•24 min•Season 6Ep. 1673
DDoS remains the most characteristic mode of cyber ops in Russia's hybrid war against Ukraine. A leaked LockBit 3.0 builder is being used in ransomware attacks. Meta takes down Russian disinformation networks. Lazarus Group is spearphishing with bogus job offers. Joe Carrigan looks at SNAP benefit scams. Our guest is Crane Hassold of Abnormal Security with the latest in advanced email attack trends. And the cloud…is complicated. For links to all of today's stories check out our CyberWire daily n...
Sep 28, 2022•30 min•Season 6Ep. 1672
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? We know it’s a bear market, but take a look at your wallet, crypto speculators, at least now and then. Mr Security Answer Person john Pescatore on next year's most over-hyped term. Ben Yelin explains a thirty five million dollar data privacy settlement. And, finally, developments in the Optus breach. For links to all of today's stories check out our CyberWire daily news briefing: h...
Sep 27, 2022•23 min•Season 6Ep. 1671
Unrest in Iran finds expression in cyberspace. Albania explains its reasons for severing relations with Iran. Cybercrime in the hybrid war. Rick Howard on risk forecasting with data scientists. Dave Bittner sits down with Dr. Bilyana Lilly to discuss her new book: "Russian Information Warfare: Assault on Democracies in the Cyber Wild West."And there seems to have been an arrest in the Uber and Rockstar breaches. For links to all of today's stories check out our CyberWire daily news briefing: htt...
Sep 26, 2022•25 min•Season 6Ep. 1670
Adam Marrè, CISO from Arctic Wolf sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world and so he chose to go into the FBI, there he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved which was working with computers while gaining more knowledge on cybersecurity and became computer forensic certified. Ultimately he needed a change in the end and decided to leave the FB...
Sep 25, 2022•10 min•Season 3Ep. 118
Gafnit Amiga, Director of Security Research from Lightspin joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Service Credentials." The research describes how the vulnerability was caught and right after it was reported the AWS Security team applied an initial patch limited only to the recent Amazon Relational Database Service (RDS) and Aurora PostgreSQL engines, excluding older versions. They followed by personally reaching out to the customers affected by th...
Sep 24, 2022•16 min•Season 5Ep. 251
The GRU's closely coordinating with cyber criminals. An unidentified threat actor deploys malicious NPM packets. Gootloader uses blogging and SEO poisoning to attract victims. Metador is a so-far unattributed threat actor. Johannes Ullrich from SANS on Resilient DNS Infrastructure. Maria Varmazis interviews Anthony Colangelo, host of spaceflight podcast Main Engine Cutoff, about the iPhone 14 “Emergency SOS via Satellite” feature. And having too much time on your hands while doing time is not a ...
Sep 23, 2022•29 min•Season 6Ep. 1669
GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M. Lee from Dragos explains Crown Jewel analysis. Our guest is Nathan Hunstad from Code42 with thoughts on insider risk events. Threat actors have their insider threats, too. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-...
Sep 22, 2022•30 min•Season 6Ep. 1668
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors use to compromise OT/ICS assets. It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA and CISA encourage OT and ICS owners and operators to apply the recommendations in this documentation. AA22-265A Alert, Technical Details, and Mitigati...
Sep 22, 2022•3 min•Season 1Ep. 32
