In today’s world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldn’t there be a standard way to protect sensitive data regardless of where it resides or who it’s been shared with? It’s c...
May 17, 2023•33 min•Season 1Ep. 46
DDoS "carpet bombing." Lancefly infests Asian targets. Cyber insurance trends. Infostealers in the C2C market. A Russian espionage service is masquerading as a criminal gang. KillNet’s running a psyop radio station of questionable quality. Joe Carrigan describes baiting fraudsters with fake crypto. Our guest is Gemma Moore of Cyberis talking about how red teaming can upskill detection and response teams. And geopolitical DDoS. For links to all of today's stories check out our CyberWire daily new...
May 16, 2023•26 min•Season 7Ep. 1824
Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email c...
May 15, 2023•32 min•Season 7Ep. 1823
Steve Benton, Vice President at Anomali Threat Research & GM Belfast, sits down to share his story as a cybersecurity expert with a surplus of strategic leadership experience across cyber and physical security rooted in substantial operational directorship and accountability. Steve shares his beginnings, where he wanted to grow up to be a rockstar, slowly moving into the world of tech with his first ever computer and falling in love with it. After graduating from Queens University with a degree ...
May 14, 2023•8 min•Season 3Ep. 149
Aleksandar Milenkoski and Juan Andres Guerrero-Saade from SentinelOne's SentinelLabs join Dave to discuss their research "Operation Tainted Love | Chinese APTs Target Telcos in New Attacks." Researchers found initial phases of attacks against telecommunication providers in the Middle East in Q1 in 2023. The research states "We assess that this activity represents an evolution of tooling associated with Operation Soft Cell." While the exact grouping is unclear, researchers think it is highly like...
May 13, 2023•23 min•Season 7Ep. 281
FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, software applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without credentials. AA23-131A Alert, Technical Details, and Mitigations PaperCut: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) Huntress: Critic...
May 12, 2023•3 min•Season 2Ep. 48
Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible networks and coordination of strategic cyber risks. Our cyberwire producer Liz Irvin speaks with Crystle-Day Villanueva, Learning and Development Specialist for Lumu Technologies. And KillNet’s short-lived venture, with a...
May 12, 2023•28 min•Season 7Ep. 1822
A Ransomware report highlights targeting and classification. Phishing remains a major threat. Cisco addresses an expired certificate issue. LockBit and Medusa hit school districts with ransomware. US and Canadian cyber units wrap up a hunt-forward mission in Latvia. Ben Yelin on NYPD surveillance. Our CyberWire producer Liz Irvin interviews Damien Lewke, a graduate student at MIT. And an unknown threat actor is collecting against both Russia and Ukraine. For links to all of today's stories check...
May 11, 2023•25 min•Season 7Ep. 1821
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or FSB, for long-term intelligence collection on sensitive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories ...
May 11, 2023•3 min•Season 2Ep. 47
The Five Eyes disrupt Russia’s FSB Snake cyberespionage infrastructure. Shifting gears: from DDoS to cryptojacking. Trends in ransomware. Our guest is Steve Benton from Anomali with insights on potential industry headwinds. Ann Johnson from Afternoon Cyber Tea speaks with Roland Cloutier about risk and resilience in the modern era. And yesterday’s Patch Tuesday is now in the books, including a work-around for a patch from this past March. For links to all of today's stories check out our CyberWi...
May 10, 2023•28 min•Season 7Ep. 1820
An analysis of Royal ransomware. PaperCut vulnerability detection methods can be bypassed. Man-in-the-middle phishing attacks are on the rise. A new wave of BEC attacks from an unexpected source. Thomas Etheridge from CrowdStrike, has the latest threat landscape trends. Our guest is Dan Amiga of Island with insights on the enterprise browser category. And a look into recent Russian cyberattacks against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: http...
May 09, 2023•26 min•Season 7Ep. 1819
ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments i...
May 08, 2023•27 min•Season 7Ep. 1818
Shelley Ma, Incident Response Lead at Coalition sits down to share her story, starting all the way back when she was a kid and fell in love with playing the game "NeoPets" that ended up paving the way for her future in cybersecurity. After starting this journey, she shares how she became intrigued with crime and mystery shows, which ultimately spawned an interest in forensic science. She ended up signing up for an internship program that she was able to get into, which she says was a pivotal cha...
May 07, 2023•8 min•Season 3Ep. 148
Ryan Robinson from Intezer to discuss his team's work on "Phishing Campaign Targets Chinese Nuclear Energy Industry." The research team discovered activity targeting the nuclear energy industry in China. Researchers attributed the activity to Bitter APT, a South Asian APT that is known to target the energy, manufacturing and government sectors, mainly in Pakistan, China, Bangladesh, and Saudi Arabia. The article states "We identified seven emails pretending to be from the Embassy of Kyrgyzstan, ...
May 06, 2023•21 min•Season 7Ep. 280
Kimsuki has a new reconnaissance tool. The Biden administration shares plans for AI. Reports on the ransomware taskforce report. KillNet recommits to turning a profit. Deepen Desai from Zscaler has the latest stats on Phishing. Our guest is Karen Worstell from VMware with a conversation about inclusivity. And the former CSO at Uber is sentenced. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/87 Selected read...
May 05, 2023•37 min•Season 7Ep. 1817
An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Department’s Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat In...
May 04, 2023•31 min•Season 7Ep. 1816
Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at le...
May 03, 2023•33 min•Season 7Ep. 1815
LOBSHOT is a cryptowallet stealer abusing Google Ads. Coronation phishbait. A known CCTV vulnerability is currently being exploited. T-Mobile discloses another, smaller data breach. New Magecart exploits. Preliminary lessons from cyber operations during Russia's war. Rob Boyce from Accenture shares insights from RSA Conference. Our special guest is NSA Director of Cybersecurity Rob Joyce. And Europol announces a major dark web market takedown. For links to all of today's stories check out our Cy...
May 02, 2023•31 min•Season 7Ep. 1814
The FDA warns of a vulnerability affecting biomedical devices. Ransomware's effects continue to trouble the US Marshals Service. The US Justice Department shifts how it deals with large scale cybercrime. Fresh phish from the GRU. Caleb Barlow looks at unicorns and zombiecorns. Our guest Manoj Sharma from Symantec explains the differences between Zero Trust and SASE. And KillNet runs an ask-me-anything session. For links to all of today's stories check out our CyberWire daily news briefing: https...
May 01, 2023•35 min•Season 7Ep. 1813
Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and host of the 8th Layer Insights podcast, sits down to share his story trying different paths, before ultimately switching over to the cyber industry. After trying to go down the paths of music and law and finding neither were what he wanted to do, he decided to take an internship to get more into computer programming. That led him to getting his first job. After his first job, he moved onto other big name companies like Walmart...
Apr 30, 2023•9 min•Season 3Ep. 147
This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering HinataBot: A Deep Dive into a Go-Based Threat." The team discovered a new Go-based, DDoS-focused botnet. They found it was named after the popular anime show "Naruto," they are calling it "HinataBot" In the research it says "HinataBot was seen being distributed during the first three months of 2023 and is actively being updated by the authors/oper...
Apr 29, 2023•27 min•Season 7Ep. 279
Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine ar...
Apr 28, 2023•29 min•Season 7Ep. 1812
Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsoft’s Ann Johnson stops by with her take on the RSA conference. And bots want new kicks. For links to all of today's stories c...
Apr 27, 2023•29 min•Season 7Ep. 1811
BellaCiao is malware from Iran's IRGC, while PingPull is malware used by the Chinese government affiliated Tarus Group. Ransomware continues to be a pervasive international threat. An overview of hacktivism. Our guest is CyberMindz founder Peter Coroneos, discussing the importance of mental health in cybersecurity. Johannes Ullrich shares insights from his RSAC panel discussions. And Ukraine continues to collect evidence of Russian war crimes. For links to all of today's stories check out our Cy...
Apr 26, 2023•29 min•Season 7Ep. 1810
BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. Our guest is Marc van Zadelhoff, CEO of Devo, with insigh...
Apr 25, 2023•31 min•Season 7Ep. 1809
3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shar...
Apr 24, 2023•27 min•Season 7Ep. 1808
T-Minus Deep Space Guest Scott Stalker, Command Senior Enlisted Leader at US Space Command, shares how the combatant command is adapting to new challenges in the digital era of space operations, new operational concepts, and building the force to deter aggression. You can follow US Space Command on LinkedIn and Twitter, and you can follow MGySgt Scott Stalker on LinkedIn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelli...
Apr 23, 2023•23 min•Season 1Ep. 16
Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where...
Apr 23, 2023•7 min•Season 3Ep. 146
Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai have been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies. The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or ...
Apr 22, 2023•19 min•Season 7Ep. 278
Daggerfly APT targets an African telecommunications provider. EvilExtractor is an alleged teaching tool apparently gone bad. A Chinese speaking threat group is active against Taiwan and South Korea. Europe’s air traffic control is under attack. Cecilia Marinier from RSAC and Barmak Meftah, a judge of ISB, discuss the RSA innovation sandbox. Awais Rashid from University of Bristol on the cybersecurity of smart farming. Forget about those evil maids. What about these evil sys admins? For links to ...
Apr 21, 2023•30 min•Season 7Ep. 1807
