The US Marshals Service sustains a data breach. Blind Eagle is a phish hawk. Dish continues to work toward recovery. OneNote attachments are used to distribute Qakbot. Ben Yelin has analysis on the Supreme Court’s hearing on a section 230 case. Mr Security Answer Person John Pescatore has thoughts on Chat GPT. And CISA Director Easterly urges vendors to make software secure-by-design. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsle...
Feb 28, 2023•27 min•Season 7Ep. 1769
Social engineering with generative AI. Mylobot and BHProxies. PureCrypter is deployed against government organizations and staged through Discord. Dish Network reports disruption. Third-party app and software as a service risk. Further assessments of the cyber phase of Russia's war so far, with warnings to stay alert. Are tough times coming in gangland? Comments on NIST's revisions to its Cybersecurity Framework are due this Friday. AJ Nash from ZeroFox on Mis/Dis/and Malinformation. Rick Howard...
Feb 27, 2023•26 min•Season 7Ep. 1768
Mike Fey, CEO and co-founder of Island.io, joins to share his story, falling in love with technology and being fascinated by it at a young age. Mike quickly started working for companies where he grew in his role, becoming CTO of McAfee and then GM of the Enterprise business, stepping out to then become president and COO of Blue Coat, which was eventually acquired by Symantec, eventually wanting to get into his own business. He shares that being a small business owner is a lot of hard work and v...
Feb 26, 2023•8 min•Season 3Ep. 138
Andy Patel from WithSecure Labs joins with Dave to discuss their study that demonstrates how GPT-3 can be misused through malicious and creative prompt engineering. The research looks at how this technology, GPT-3 and GPT-3.5, can be used to trick users into scams. GPT-3 is a user-friendly tool that employs autoregressive language to generate versatile natural language text using a small amount of input that could inevitably interest cybercriminals. The research is looking for possible malpracti...
Feb 25, 2023•25 min•Season 7Ep. 270
CISA advises increased vigilance on the first anniversary of Russia's war. CERT-UA reports current Russian cyberattacks were prepared in December 2021. How the war has changed the cyber underworld. Air raid alerts sound in nine Russian cities; Russia blames hacking. Our space correspondent Maria Varmazis speaks with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US. Kathleen Smith of ClearedJobs.Net clears mispercepti...
Feb 24, 2023•31 min•Season 7Ep. 1767
Cyberattacks in Russia's war so far, and their future prospects. The Lazarus Group may be employing a new backdoor. Clasiopa targets materials research organizations. Ransomware interferes with food production. Evernote is used in a BEC campaign to bypass security filters. Identity-based cyberattacks. Pirated versions of Final Cut Pro deliver cryptominers. Caleb Barlow has thoughts on Twitter, Mudge, and lessons learned. Marc Van Zadelhoff from Cyber CEOs Decoded podcast speaks with Amanda Rente...
Feb 23, 2023•29 min•Season 7Ep. 1766
CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast....
Feb 22, 2023•29 min•Season 7Ep. 1765
GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last week’s cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students. Our guests are Max Shuftan & Monisha Bush from the SANS Institute,...
Feb 21, 2023•28 min•Season 7Ep. 1764
Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. They discussed the Navy’s cybersecurity advances and how they have implemented them. Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020 where they protect, detect, and respond to global cyber threats against Navy networks. Captain J. Steve C...
Feb 20, 2023•21 min•Season 8Ep. 48
Rachel Tobac, CEO from SocialProof Security sits down to share her amazing story on becoming what's known in the industry as an ethical hacker and CEO of a company. Rachel shares how she was always fascinated with spy movies and as she grew older that fascination turned into a real desire. Finding out she liked learning how the human brain works, she decided to start off in neuroscience. Wanting a change and with the help of her husband she was able to start getting more into hacking, finding sh...
Feb 19, 2023•8 min•Season 3Ep. 137
Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilience. Wendy talks through some of the key findings based off of the report, and after surveying 4,751 active information security and privacy professionals from 26 countries, we find out some of the top priorities to achie...
Feb 18, 2023•20 min•Season 7Ep. 269
The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbel...
Feb 17, 2023•32 min•Season 7Ep. 1763
North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen. Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist. And Grand Theft Auto is now also a TikTok challeng...
Feb 16, 2023•25 min•Season 7Ep. 1762
SideWinder is an APT with possible origins in India. MortalKombat ransomware debuts. The GoAnywhere zero day was exploited in a data breach. Belarusian Cyber-Partisans release Russian data. Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. Our guest is Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwir...
Feb 15, 2023•29 min•Season 7Ep. 1761
"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And it’s Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams. For links to all of today's stories c...
Feb 14, 2023•27 min•Season 7Ep. 1760
CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can yo...
Feb 13, 2023•25 min•Season 7Ep. 1759
Jaden Dicks, a new intern at CyberVista, a company that merged with CyberWire to become N2K Networks, shares his story as a young man growing up trying to get into the cyber community. From a very young age, Jaden hoped to become part of the cybersecurity field, He recalls growing up constantly being surrounded by technology, and now with the help of Urban Alliance, Jaden was able to secure this internship with CyberVista. Urban Alliance is a nonprofit that connects young adults with paid work e...
Feb 12, 2023•8 min•Season 3Ep. 136
Pascal Ackerman, OT Security Strategist from Guidepoint Security, joins Dave to discuss his work on discovering a vulnerability in the integrity of common HMI client-server protocol. This research is a Proof of Concept (PoC) attack on the integrity of data flowing across the industrial network with the intention of intercepting, viewing, and even manipulating values sent to (and from) the HMI, ultimately trying to trick the user into making a wrong decision, ultimately affecting the proper opera...
Feb 11, 2023•20 min•Season 7Ep. 268
US and Republic of Korea agencies outline the DPRK ransomware threat. Reddit is breached. CISA releases six ICS advisories. Flaws are found in IIoT devices. Dinah Davis from Arctic Wolf shares cybersecurity stats every IT professional should know. Our guest is Kayla Williams from Devo autonomous SOCs. And, it’s almost Valentine’s Day. Have you noticed? (The hoods have.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-bri...
Feb 10, 2023•29 min•Season 7Ep. 1758
CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense Security Agency are issuing this alert to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities. AA23-040A Alert, Technical Details, and Mitigations CISA’s North Korea Cyber Threat Overview and Advisories webpage. Stairwell provided a YARA rule to identify ...
Feb 10, 2023•3 min•Season 2Ep. 41
War-floating. A phishing campaign pursues Ukrainian and Polish targets. Pakistan's navy is under cyberattack. A new criminal threat-actor uses screenshots for recon. ESXiArgs is widespread, but its effects are still being assessed. The UK and US issue joint sanctions against Russian ransomware operators. Robert M. Lee from Dragos addresses attacks to electrical substations. Our guest is Denny LeCompte from Portnox discussing IoT security segmentation strategies. And is LockBit next on law enforc...
Feb 09, 2023•29 min•Season 7Ep. 1757
CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors are exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware. AA23-039A Alert, Technical Details, and Mitigations CISA has released an ESXiArgs recovery script at github.com/cisagov/ESXiArgs-Recover VMware Security Response Center (vSR...
Feb 09, 2023•3 min•Season 2Ep. 40
CISA releases an ICS security advisory affecting a smart facility system. LockBit threatens to release Royal Mail data tomorrow. Cl0p ransomware expands to Linux-based systems. A vulnerability is identified in Toyota's GSPIMS. There’s an ESXiArgs update: new trackers and mitigation tools are available. Russia is running two new cyberespionage campaigns against Ukraine. Our guest is Roya Gordon from Nozomi Networks discusses the ICS Threat Landscape. And The Washington Post’s Tim Starks provides ...
Feb 08, 2023•30 min•Season 7Ep. 1756
VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards. Joe Carrigan tracks pig butchering apps in online app stores. Our guest is David Liebenberg from Cisco Talos, to discuss incident response trends. And, in sportsball, it’s gonna be the Chiefs by a couple of hat tricks, or something. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/25 Selected reading. R...
Feb 07, 2023•27 min•Season 7Ep. 1755
New ransomware exploits a VMware ESXi vulnerability. Roasted 0ktapus squads up. LockBit says ION paid the ransom. Russian cyber auxiliaries continue attacks against healthcare organizations. Attribution on the Charlie Hebdo attack. Deepen Desai from Zscaler describes recent activity by Ducktail malware. Rick Howard looks at cyber threat intelligence. And the top US cyber diplomat says his Twitter account was hacked. For links to all of today's stories check out our CyberWire daily news briefing:...
Feb 06, 2023•24 min•Season 7Ep. 1754
Yasmin Abdi, a Security Engineering Manager at Snapchat and the CEO and Founder of NoHack, sits down to share her story on how she got to be in her amazing current roles. From a young age, Yasmin was fascinated by the overlap of cybersecurity and crime and law. In her time in college, she was able to intern at big tech companies like Snapchat, Google, and Facebook. She decided to stick with Snapchat, which had the security aspect and security composure that she wanted. In her role at Snapchat, s...
Feb 05, 2023•9 min•Season 3Ep. 135
Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by app...
Feb 05, 2023•27 min•Season 1Ep. 45
Tom Bonner and Eoin Wickens from HiddenLayer's SAI Team to discuss their research on weaponizing machine learning models with ransomware. Researchers at HiddenLayer’s SAI Team have developed a proof-of-concept attack for surreptitiously deploying malware, such as ransomware or Cobalt Strike Beacon, via machine learning models. The attack uses a technique currently undetected by many cybersecurity vendors and can serve as a launchpad for lateral movement, deployment of additional malware, or the ...
Feb 04, 2023•19 min•Season 7Ep. 267
CISA has released six ICS Advisories. A look at a North Korean cyberespionage campaign. ChatGPT and its attack potential. A new Python-based supply chain attack. There’s traffic on the Static Expressway: ClickFunnels seen in use for redirection. KillNet continues its campaign against hospitals. Ransomware as misdirection for cyberespionage. Part two of my conversation with Kathleen Smith of ClearedJobs.Net discussing trends in the cleared space. Our guest is Eric Bassier of Quantum talking about...
Feb 03, 2023•29 min•Season 7Ep. 1753
Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring that’s launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors. For links to all of today's stories check out our Cyb...
Feb 02, 2023•30 min•Season 7Ep. 1752
