Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman. The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the L...
Nov 04, 2023•23 min•Season 7Ep. 306
An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evidence of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a ...
Nov 03, 2023•33 min•Season 7Ep. 1941
Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SEC’s case against Solar Winds. I...
Nov 02, 2023•31 min•Season 7Ep. 1940
The Hamas-Israel war continues to be marked by hacktivism. Arid Viper's exploitation of Arabic speaker's Android devices. Iran shows improved cyberespionage capabilities. A URL shortener in the C2C market. Taking down the Mozi botnet. Ransomware in healthcare. Two are Russians arrested on treason charges, accused of hacking for Ukraine. In our sponsored Industry Voices segment, Anna Belak from Sysdig shares a new threat framework for the cloud. Rick Howard previews his new online course on cyber...
Nov 01, 2023•28 min•Season 7Ep. 1939
Malicious packages are found attached to NuGet. Russia will establish its own substitute for VirusTotal. Commodity tools empower low-grade Russian cybercriminals. Malware mealkits, and other notes from the cyber underground. Insights from a Cybersecurity workforce study. Mr Security Answer Person John Pescatore looks at MFA. Drew Rose from Living Security on the very scary human side of cyber attacks. And more details from President Biden’s Executive Order on artificial intelligence. For links t...
Oct 31, 2023•26 min•Season 7Ep. 1938
The Hive ransomware gang may be back, and rebranded. Coinminers exploit AWS IAM credentials. LockBit claims to have obtained sensitive information from Boeing. Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory, while internet and telecoms are down in Gaza. Deepfakes have an effect even when they're not used. Joe Carrigan explains executive impersonations on social media. Our guest is David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security...
Oct 30, 2023•28 min•Season 7Ep. 1937
Enjoy this CyberWire classic. They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices
Oct 30, 2023•3 min
Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique ...
Oct 29, 2023•9 min•Season 4Ep. 173
Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware called HiatusRAT that targeted business-grade routers. The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observed reconnaissance against a U.S. military procurement system, and targeting of Taiwan-...
Oct 28, 2023•23 min•Season 7Ep. 305
Eastern European gangs overcome their reservations about working with anglophone criminals. Mirth Connect is vulnerable to a critical flaw. A look at a mercenary spyware strain. “PepsiCo” as phishbait. Ben Yelin explains the FCC’s renewed interest in Net Neutrality. Our guest is Wade Baker from the Cyentia Institute with insights on measuring risk. And Europol thinks police should take a good look at quantum computing and law enforcement. For links to all of today's stories check out our CyberWi...
Oct 27, 2023•28 min•Season 7Ep. 1936
StripedFly gets reclassified. YoroTrooper is interested in the Commonwealth of Independent States. The current state of DDoS attacks. Ukrainian hacktivists deface Russian artists' Spotify pages. Trolls amplify a Musky meme. In our Industry Voices segment, Matt Howard from Virtru explains securing data at the employee edge. Our guest is Seth Blank from Valimail, to discuss email security and DMARC. And while trolls might like Mr.Musk, the crooks heart Mr. Gosling. For links to all of today's stor...
Oct 26, 2023•30 min•Season 7Ep. 1935
Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And ...
Oct 25, 2023•30 min•Season 7Ep. 1934
DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank. How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexit...
Oct 24, 2023•28 min•Season 7Ep. 1933
Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in pre...
Oct 23, 2023•30 min•Season 7Ep. 1932
This week, we welcome Jennifer Reed, a Principal Solutions Architect at Amazon Web Services (AWS) to sit down and share her amazing story. After Jennifer graduated high school, she immediately went into Marine Corps training, which she shared was a shock to her because she was the only woman when she got out into the fleet and every single place that she went. She eventually moved on from the military after learning some programming tools, and went into the financial services industry doing syst...
Oct 22, 2023•8 min•Season 4Ep. 172
Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation." Attackers are targeting what are typically considered secure AWS services, like AWS Fargate and Amazon SageMaker. This means that defenders generally aren’t as concerned with their security from end-to-end. The research states "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more...
Oct 21, 2023•18 min•Season 7Ep. 304
Hacktivism and influence operations in the Hamas-Israel war. An OilRig cyberespionage campaign prospects a Middle Eastern government. Emailed bomb threats in the Baltic. Darkweb advertising yields insight into ExelaStealer malware. Casio discloses breach of customer data. The FCC proposes a return to net neutrality, while Consumer Financial Protection Bureau proposes data-handling rules under Dodd-Frank. Deepen Desai from ZScaler shares insights on MOVEit transfer vulnerabilities. Our own Simone...
Oct 20, 2023•32 min•Season 7Ep. 1931
Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On today’s Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick ...
Oct 19, 2023•32 min•Season 7Ep. 1930
Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator’s ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a lar...
Oct 18, 2023•35 min•Season 7Ep. 1929
A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measu...
Oct 17, 2023•30 min•Season 7Ep. 1928
Hacktivism and disinformation in the war between Hamas and Israel. LockBit claims an attack on CDW. Shadow PC's breach. Void Rabisu deploys a lightweight RomCom backdoor against the Brussels conference. Rick Howard describes Radical Asymmetric Distribution. Our guest is Jason Birmingham from Broadridge Financial Solutions with a look at asset management. And coin mining as a potential front for espionage or a staging area for sabotage. For links to all of today's stories check out our CyberWire ...
Oct 16, 2023•31 min•Season 7Ep. 1927
Susan Hinrichs, Chief Scientist at Aviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and academic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect at Cisco where she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for e...
Oct 15, 2023•8 min•Season 4Ep. 171
Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat research team identified a new threat referred to as QwixxRAT. The Uptycs team discovered this tool being widely distributed by the threat actor through Telegram and Discord platforms. The research states "QwixxRAT is meticulously designed to harvest an expansive range of information from browser histories and credit card details, to keylogging insight...
Oct 14, 2023•17 min•Season 7Ep. 303
Hacktivism and nation-state involvement in the cyber phases of war in the Middle East, and the use of Telegram. Russian groups squabble online. Healthcare cybersecurity and its implications for patient care. The Looting of FTX on the day of its bankruptcy. Joe Carrigan shares research from the Johns Hopkins University Information Security Institute. Our guest is Mike Walters from Action1, marking the 20th anniversary of Patch Tuesday. And CISA releases two new resources against ransomware. For l...
Oct 13, 2023•29 min•Season 7Ep. 1926
Hacktivists join both sides of Hamas's renewed war. Disinformation and content control in social media. Storm-0062 exploits an Atlassian 0-day. Curl and Libcurl vulnerabilities. Betsy Carmelite from Booz Allen on how to expand and diversify the Cyber Talent Pool. Our guest is Kuldip Mohanty, CIO of North Dakota. And some further reflections on hacktivism and the laws of war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/dail...
Oct 12, 2023•33 min•Season 7Ep. 1925
Cyber operations in Hamas's war, Cryptocurrency as a source of funding, and Russian hacktivist auxiliaries shifting their focus. Not all influence operations involve disinformation. Rapid Reset is a Novel DDoS attack. A resurgent credential phishing campaign. Ann Johnson from Afternoon Cyber Tea speaks with Ram Shankar Siva Kumar and Dr. Hyrum Anderson about the promise, peril, and impact of AI. Our own Rick Howard talks cyber intelligence in the medical vertical with Taylor Lehmann of Google. A...
Oct 11, 2023•28 min•Season 7Ep. 1924
Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheon’s Jon Check about supporting and shaping the next generation of the cyber w...
Oct 10, 2023•32 min•Season 7Ep. 1923
Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. You can view the video of this interview here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Oct 09, 2023•21 min•Season 4Ep. 180
Susie Squier, President of the Retail and Hospitality ISAC, or Information Sharing and Analysis Center, sits down to share her incredible story starting to get her into the cyber community. She first started getting into PR through an internship she did in college, then moved around a few times gaining experience everywhere she went. Susie shares some wise advice, discussing not only her managing style, but also how she handles situations, along with how she deals with adversity. She says "I als...
Oct 08, 2023•8 min•Season 4Ep. 170
Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collection operation to decode DuckTail’s maneuvers. Through an intensive three-month period of monitoring, Zscaler was able obtain unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. The research states "DuckTail threat actors primarily target users working in the digital m...
Oct 07, 2023•15 min•Season 7Ep. 302
