CyberWire Daily – Details, episodes & analysis

Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds. By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud. The research can be found here: Mule-as-a-Service Infrastructure Exposed Learn more about your ad choices. Visit megaphone.fm/adchoices

CSAC recommends key changes to the  Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report.  Selected Reading CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record) CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register) Snowflake says users with single-factor authentication targeted in attack (SC Media) Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer) Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives) FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic)  Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit (GB Hackers) Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (Trend Micro) Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

There’s a maneuver lull in Russia’s hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is... For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/66 Selected reading. Russian military ‘weeks’ from being ready for new push as war takes its toll (The Telegraph) Russia's failure to take down Kyiv was a defeat for the ages (AP NEWS) U.S. Cyber Command providing cyber expertise and intelligence in Ukraine's fight against Russia (FedScoop)  Cyber Command chief: U.S. has 'stepped up' to protect Ukraine's networks (The Record by Recorded Future)  How Ukraine has defended itself against cyberattacks – lessons for the US (FIU News)  Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity (Symantec)  Fake e‑shops on the prowl for banking credentials using Android malware (WeLiveSecurity)  CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog (The Record by Recorded Future)  LifePoint Informatics Patient Portal (CISA)  Rockwell Automation ISaGRAF (CISA)  Johnson Controls Metasys (CISA)  Philips Vue PACS (Update A) (CISA) Treasury Sanctions Russia-Based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (U.S. Department of the Treasury) Most Common Passwords 2022 - Is Yours on the List? (CyberNews) Learn more about your ad choices. Visit megaphone.fm/adchoices

Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someone’s carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/65 Selected reading. Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times)  Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations (Intezer)  Germany takes down Hydra, world's largest darknet market (BleepingComputer) LAPSUS$ hacks continue despite two hacker suspects in court (Naked Security)  FIN7 hackers evolve toolset, work with multiple ransomware gangs (BleepingComputer) Notorious hacking group FIN7 adds ransomware to its repertoire (CyberScoop) Hackers breach MailChimp's internal tools to target crypto customers (BleepingComputer)  Email marketing giant Mailchimp has confirmed a data breach (TechCrunch)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Doxing, trolling, and censorship in a hybrid war. Western organizations remain on alert for a Russian cyber campaign. Known Russian threat actors continue operations against Ukraine proper. Borat RAT described. Welcome the US State Department’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Your wild ways will break your mother’s heart. Rick Howard weighs in on Shields Up. Josh Ray from Accenture on ideological differences on underground forums. And fast food as an OPSEC issue (and an OSINT source). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/64 Selected reading. Ukraine intelligence leaks names of 620 alleged Russian FSB agents (Security Affairs)  Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church (Security Affairs)  Listen Now: Deputy national security adviser talks about the risk of Russia waging cyberwar (NPR One)  Inside Cyber Front Z, the ‘People’s Movement’ Spreading Russian Propaganda (Vice) Ukraine Accuses Russia of Using WhatsApp Bot Farm to Ask Military to Surrender (Vice) ‘It’s like 1937’: Informants denounce anti-Ukraine war Russians (The Telegraph)  Cyber Espionage Actor Deploying Malware Using Excel (Bank Info Security) New Borat remote access malware is no laughing matter (BleepingComputer) Deep Dive Analysis – Borat RAT (Cyble) Establishment of the Bureau of Cyberspace and Digital Policy (United States Department of State)  Supply Chain Integrity Month (CISA) April is National Supply Chain Integrity Month. As Russia Plots Its Next Move, an AI Listens to the Chatter (Wired)  Data leak from Russian delivery app shows dining habits of the secret police (The Verge)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all about kind of this relentless pursuit of justice" and how the risks in his life has helped to right the wrongs of the world. We thank Michael for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Michael DeBolt from Intel 471 joins Dave Bittner on this episode to discuss one of the most popular commodity malware loaders on the underground – PrivateLoader. The blog provides an analysis of campaigns since May 2021, full details on a Pay-per-install (PPI) malware service, the methods operators employ to obtain “installs,” and insights on the malware families the service delivers. On Intel 471's blog, it shows the breakdown of how the PrivateLoader download is delivered and how it works. The blog states "Visitors are lured into clicking a “Download Crack” or “Download Now” button to obtain an allegedly cracked version of the software." Michael explains more about this popular commodity malware loader. The research can be found here: PrivateLoader: The first step in many malware schemes Learn more about your ad choices. Visit megaphone.fm/adchoices