Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cy...
Sep 07, 2023•27 min•Season 7Ep. 1901
There’s a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefi...
Sep 06, 2023•31 min•Season 7Ep. 1900
A New variant of Chae$ malware is described. A "Smishing Triad" impersonates postal services. A MinIO storage exploit reported. Okta warns of attackers seeking senior admin privileges. LockBit compromises a UK security contractor. DDoS takes down a German financial regulator's site. Infamous Chisel as GRU combat support. Joe Carrigan on Meta uncovering a Chinese influence effort. Our guest is Connie Stack, CEO of Next DLP, discussing data breach notification procedure. And please -PLEASE- rememb...
Sep 05, 2023•29 min•Season 7Ep. 1899
This interview from August 25th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Jeff Welgan, Chief Learning Officer at N2K Networks, to expand on the NICE framework in strategic workforce intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 04, 2023•12 min•Season 4Ep. 164
This week's guest is Rick Doten, the VP of Information Security at Centene Corporation, he sits down to share his story and provide wise words of wisdom after conquering this industry for 30 years. Rick, like many others in the field started off not knowing what he wanted to do, so he tried out a few things, including doing in-user training and desktop support, eventually evolving to do systems analysis work and designing software. Rick shares that his main day to day roles are spending time hel...
Sep 03, 2023•8 min•Season 4Ep. 165
Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. Posing threats to organizations in the software automation, BPO, telecommunications and technology industries, Muddled Libra is a threat group that favors targeting large outsourcing firms se...
Sep 02, 2023•30 min•Season 7Ep. 297
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marré from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is rele...
Sep 01, 2023•32 min•Season 7Ep. 1898
China deploys tools used against Uyghurs in broader espionage. The Five Eyes call out a GRU cyberespionage campaign. Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter. A Spring-Kafka zero-day is discovered. Deepen Desai from Zscaler explains RedEnergy Stealer-as-a-Ransomware attacks. Luke Nelson of UHY Consulting on ransomware’s impact on schools. And, hey, go Wolverines: the University of Michigan overcomes a cyberattack that delayed the academic year. Fo...
Aug 31, 2023•27 min•Season 7Ep. 1897
An international operation takes down Qakbot. Chinese threat actors anticipated Barracuda remediations. A look at adversary-in-the-middle attacks, making phishbait more effective and the emergence of a new ransomware threat. Narrative themes in Russian influence operations. My conversation with Natasha Eastman from (CISA), Bill Newhouse from (NIST), and Troy Lange from (NSA) to discuss their recent joint advisory on post-quantum readiness. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks ...
Aug 30, 2023•30 min•Season 7Ep. 1896
In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography. You can find the joint advisory here: Quantum-Readiness: Migration to Post-Quantum Cryptography Quantum comp...
Aug 30, 2023•23 min•Season 8Ep. 53
Name collision as a DNS risk. A LockBit derivative is active against targets in Spain. QR codes as phishbait. Cybersecurity trends in Healthcare. A Russian hacktivist auxiliary hits Polish organizations, while investigation of railroad incidents in Poland continues. Ben Yelin looks at the SEC cracking down on NFTs. Mr. Security Answer Person John Pescatore opens up the listener mail bag. And a look at a probably accidental glitch affecting air travel in the UK. For links to all of today's storie...
Aug 29, 2023•26 min•Season 7Ep. 1895
The DPRK's Lazarus Group exploits ManageEngine issues. A Data breach at Kroll is traced to SIM swapping. Unusually destructive ransomware hits CloudNordic. Spawn of LockBit. Polish trains are disrupted by hacktivists. Rick Howard looks at the MITRE attack framework. Our guests are Andrew Hammond and Erin Dietrick from the International Spy Museum. And Influence laundering as a long-term disinformation tactic. For links to all of today's stories check out our CyberWire daily news briefing: https:...
Aug 28, 2023•28 min•Season 7Ep. 1894
This week, we welcome Dina Haines, an Industry Partnership Manager with the National Security Agency's Cybersecurity Collaboration Center. Dina found from a young age, she was always interested in the field, taking after her father who worked in the space industry, paving the way for her to fall in love with the field. She worked in the private sector for a bit, moving around every now and again, eventually landing the position she works now. Dina says her day to day job is helping the NSA to be...
Aug 27, 2023•8 min•Season 4Ep. 164
Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users. The research states "The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively...
Aug 26, 2023•17 min•Season 7Ep. 296
Telekopye and the rise of commodified phishing kits. Lazarus Group fields new malware. Implications of China's campaign against vulnerable Barracuda appliances. Abhubllka ransomware's targeting and low extortion demands. Malek Ben Salem of Accenture outlines generative AI Implications to spam detection. Jeff Welgan, Chief Learning Officer at N2K Networks, unpacks the NICE framework and strategic workforce intelligence. And a new hacktivist group emerges, and takes a particular interest in NATO m...
Aug 25, 2023•27 min•Season 7Ep. 1893
There’s a new sophistication in BEC campaigns. Trends in brand impersonation–crooks still like to pretend they’re from Redmond. The future of Russian influence operations in the post-Prigozhin era. Andrea Little Limbago from Interos shares insights on the new cyber workforce strategy. In our latest Threat Vector segment David Moulton of Palo Alto Networks is joined by Stephanie Ragan, Senior Consultant at Unit 42 to discuss Muddled Libra. And more on the doxing of a deputy Duma chair, who seems ...
Aug 24, 2023•27 min•Season 7Ep. 1892
The Smoke Loader botnet has a creepy new payload. Ransomware gets faster. How AI has evolved in malicious directions. The Snatch ransomware gang threatens to snitch. The FSB continues to use both USBs and phishing emails as attack vectors. A ransomware attack shutters Belgian social service offices. Tim Starks from the Washington Post explains a Biden administration win in a DC court. Our guest Ben Sebree of CivicPlus describes how the public sector could combat cybercrime during cloud adoption....
Aug 23, 2023•29 min•Season 7Ep. 1891
HiatusRAT shifts its targets. Ecuador's difficulties with voting is attributed to cyberattacks. Carderbee is an APT targeting Hong Kong. auDA (OOO-duh) turns out not to have been breached. Ukrainian hacktivists claim to dox a senior member of Russia's Duma. Russian influence operations take aim at NATO's July summit. Joe Carrigan describes attacks on LinkedIn accounts. Our guest is John Hernandez from Quest to discuss why he believes the MOVEit flaw is a wakeup call for CISOs. Security, not by o...
Aug 22, 2023•30 min•Season 7Ep. 1890
The DPRK's Kimsuky attempts to hit joint military exercises. Australian domain administrator auDA (OW-duh) may have been breached. WoofLocker's version of a tech support scam. The US Intelligence Community warns of cyber threats to space systems. Rick Howard looks at forecasting cyber risk. Deepen Desai from Zscaler shares ransomware trends. And more wartime disinformation out of Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/new...
Aug 21, 2023•23 min•Season 7Ep. 1889
This week, our guest is Luke Vander Linden, Vice President of Membership & Marketing from RH-ISAC and host of the RH-ISAC podcast here at the CyberWire. Luke sits down to share his story all the way back to when he was a very young age where he was a child model and actor to where he is now working in the cyber industry. Luke fell into the marketing field after his time as a child actor, where he really started to find his passion. After finding his passion, he decided to branch out to different...
Aug 20, 2023•7 min•Season 4Ep. 163
Dmitry Bestuzhev from Blackberry joins to discuss their work on "RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine." Research suggests that the RomCom threat team has been tracked carefully following the geopolitical events surrounding the war in Ukraine, and are now targeting politicians in Ukraine who are working closely with Western countries. This group is different from others in that their focus is more on secrets or inform...
Aug 19, 2023•23 min•Season 7Ep. 295
Phishing for Zimbra credentials. PlayCrypt ransomware described. The Cuba ransomware group adopts new tools. #NoFilter. Cyber criminals threaten security researchers. Our guest is Kevin Paige from Uptycs with thoughts on the Blackhat conference. Eric Goldstein, Executive Assistant Director at CISA joins us discussing next steps on the Secure by Design journey. And Russian disinformation takes on "Anglo-Saxonia." For links to all of today's stories check out our CyberWire daily news briefing: htt...
Aug 18, 2023•30 min•Season 7Ep. 1888
Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it’s never too late to stop manifesting a...
Aug 17, 2023•31 min•Season 7Ep. 1887
China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K’s Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/...
Aug 16, 2023•31 min•Season 7Ep. 1886
New targets of Chinese cyberespionage are uncovered. Monti ransomware is back. An evasive phishing campaign exposed. A Realtors' network taken down by cyberattack. A closer look at NoName057(16). Perspective on cyberwar - remember Pearl Harbor, but don’t see it everywhere. Ben Yelin on the Consumer Financial Protection Bureau’s plans to regulate surveillance tech. Microsoft’s Ann Johnson and Charlie Bell ponder the future of security. And scammers are targeting kids playing Fortnite and Roblox. ...
Aug 15, 2023•28 min•Season 7Ep. 1885
An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster d...
Aug 14, 2023•27 min•Season 7Ep. 1884
Dr. Georgianna Shea, the Chief Technologist at the Transformative Cyber Innovation Lab at the Foundations for Defensive Democracies (FDD) sits down to share her incredible story, moving around to different roles and how that has lead her to where she is today. Her careers have taken her to many different states throughout the years, as she has learned and grew into the roles she took on, from Hawaii to D.C., Dr. Shea has done it all. Sharing some advice, Dr. Shea says "My words of wisdom are tak...
Aug 13, 2023•10 min•Season 4Ep. 162
Alex Delamotte from SentinelLabs joins Dave to discuss their work on "Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP." As actors find more ways to profit from compromising services, SentinelLabs finds that cloud service credentials are becoming increasingly targeted. The lack of threats explicitly targeting Azure and GCP credentials up to this point means there are likely many fresh targets. The research states "These campaigns share similarity with tools ...
Aug 12, 2023•18 min•Season 7Ep. 294
Charming Kitten collects against Iranian expatriate dissidents. The Cyber Safety Review Board reports on Lapsus$. A Call for comment on open-source, memory-safe standards. How NSA is coping with the cyber labor market. Yandex is restructuring. The Washington Post’s Tim Starks joins us with the latest cyber security efforts from the DOD. Our guest is Dan L. Dodson, CEO of Fortified Health Security with insights on protecting patient data. And How Viasat was hacked. For links to all of today's sto...
Aug 11, 2023•31 min•Season 7Ep. 1883
A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo ...
Aug 10, 2023•31 min•Season 7Ep. 1882
