Back
Explore every episode of the podcast CyberWire Daily
Dive into the complete episode list for CyberWire Daily. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Tom Gorup: Fail fast and fail forward. [Operations] | 01 Sep 2024 | 00:06:59 | |
Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| The impact of CISO Circles and cultivating a security culture. | 01 Sep 2024 | 00:24:56 | |
In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| MaaS infrastructure exposed. [Research Saturday] | 24 Aug 2024 | 00:25:39 | |
Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds.
By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud.
The research can be found here:
Mule-as-a-Service Infrastructure Exposed
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| CISA's calls for a JCDC makeover. | 06 Jun 2024 | 00:29:38 | |
CSAC recommends key changes to the Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report.
Selected Reading
CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record)
CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register)
Snowflake says users with single-factor authentication targeted in attack (SC Media)
Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer)
Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives)
FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic)
Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit (GB Hackers)
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (Trend Micro)
Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA | 06 Apr 2022 | 00:24:32 | |
There’s a maneuver lull in Russia’s hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is...
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/66
Selected reading.
Russian military ‘weeks’ from being ready for new push as war takes its toll (The Telegraph)
Russia's failure to take down Kyiv was a defeat for the ages (AP NEWS)
U.S. Cyber Command providing cyber expertise and intelligence in Ukraine's fight against Russia (FedScoop)
Cyber Command chief: U.S. has 'stepped up' to protect Ukraine's networks (The Record by Recorded Future)
How Ukraine has defended itself against cyberattacks – lessons for the US (FIU News)
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity (Symantec)
Fake e‑shops on the prowl for banking credentials using Android malware (WeLiveSecurity)
CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog (The Record by Recorded Future)
LifePoint Informatics Patient Portal (CISA)
Rockwell Automation ISaGRAF (CISA)
Johnson Controls Metasys (CISA)
Philips Vue PACS (Update A) (CISA)
Treasury Sanctions Russia-Based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (U.S. Department of the Treasury)
Most Common Passwords 2022 - Is Yours on the List? (CyberNews)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware. | 05 Apr 2022 | 00:22:29 | |
Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someone’s carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/65
Selected reading.
Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times)
Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations (Intezer)
Germany takes down Hydra, world's largest darknet market (BleepingComputer)
LAPSUS$ hacks continue despite two hacker suspects in court (Naked Security)
FIN7 hackers evolve toolset, work with multiple ransomware gangs (BleepingComputer)
Notorious hacking group FIN7 adds ransomware to its repertoire (CyberScoop)
Hackers breach MailChimp's internal tools to target crypto customers (BleepingComputer)
Email marketing giant Mailchimp has confirmed a data breach (TechCrunch)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU. | 04 Apr 2022 | 00:28:50 | |
Doxing, trolling, and censorship in a hybrid war. Western organizations remain on alert for a Russian cyber campaign. Known Russian threat actors continue operations against Ukraine proper. Borat RAT described. Welcome the US State Department’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Your wild ways will break your mother’s heart. Rick Howard weighs in on Shields Up. Josh Ray from Accenture on ideological differences on underground forums. And fast food as an OPSEC issue (and an OSINT source).
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/64
Selected reading.
Ukraine intelligence leaks names of 620 alleged Russian FSB agents (Security Affairs)
Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church (Security Affairs)
Listen Now: Deputy national security adviser talks about the risk of Russia waging cyberwar (NPR One)
Inside Cyber Front Z, the ‘People’s Movement’ Spreading Russian Propaganda (Vice)
Ukraine Accuses Russia of Using WhatsApp Bot Farm to Ask Military to Surrender (Vice)
‘It’s like 1937’: Informants denounce anti-Ukraine war Russians (The Telegraph)
Cyber Espionage Actor Deploying Malware Using Excel (Bank Info Security)
New Borat remote access malware is no laughing matter (BleepingComputer)
Deep Dive Analysis – Borat RAT (Cyble)
Establishment of the Bureau of Cyberspace and Digital Policy (United States Department of State)
Supply Chain Integrity Month (CISA) April is National Supply Chain Integrity Month.
As Russia Plots Its Next Move, an AI Listens to the Chatter (Wired)
Data leak from Russian delivery app shows dining habits of the secret police (The Verge)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes] | 03 Apr 2022 | 00:05:53 | |
Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all about kind of this relentless pursuit of justice" and how the risks in his life has helped to right the wrongs of the world. We thank Michael for sharing his story.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Living security: the current state of XDR. [CyberWire-X] | 03 Apr 2022 | 00:30:28 | |
In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| A popular malware scheme and pay-per-install services. [Research Saturday] | 02 Apr 2022 | 00:19:20 | |
Guest Michael DeBolt from Intel 471 joins Dave Bittner on this episode to discuss one of the most popular commodity malware loaders on the underground – PrivateLoader. The blog provides an analysis of campaigns since May 2021, full details on a Pay-per-install (PPI) malware service, the methods operators employ to obtain “installs,” and insights on the malware families the service delivers.
On Intel 471's blog, it shows the breakdown of how the PrivateLoader download is delivered and how it works. The blog states "Visitors are lured into clicking a “Download Crack” or “Download Now” button to obtain an allegedly cracked version of the software." Michael explains more about this popular commodity malware loader.
The research can be found here:
PrivateLoader: The first step in many malware schemes
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking. | 01 Apr 2022 | 00:24:46 | |
Attempting to evolve rules of cyber conduct during a hot hybrid war. Waiting for major Russian cyber operations. Viasat terminals were hit by wiper malware. Patches and detection scripts for Spring4shell. Warning of ransomware threat to local governments. Emergency data requests under Senatorial scrutiny. NSA employee charged with mishandling classified material. Andrea Little Limbago from Interos on Bots, Warriors and Trolls. Rick Howard speaks with Maretta Morovitz on cyber deception. And no April Foolin’ here
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/63
Selected reading.
Russia’s War Lacks a Battlefield Commander, U.S. Officials Say (New York Times)
Putin may be self-isolating from his military advisers, says White House (The Telegraph)
Confronting Russian Cyber Censorship (Wilson Center)
Zelensky Fires Two Generals (Wall Street Journal)
French intelligence chief Vidaud fired over Russian war failings (BBC News)
Cyber War Talks Heat Up at UN With Russia at Table (Bloomberg.com)
Foreign Ministry statement on continued cyberattack by the “collective West” (Ministry of Foreign Affairs of the Russian Federation)
New Protestware Found Lurking in Highly Popular NPM Package (Checkmarx.com)
Russia targeting Ukraine, countries opposing war in cyberspace (Jerusalem Post)
Conti Leaks: Examining the Panama Papers of Ransomware (Trellix)
British intelligence agencies: Moscow continuously attacks Ukraine in cyberspace (The Times Hub)
AcidRain | A Modem Wiper Rains Down on Europe (SentinelOne)
SentinelOne finds ties between Viasat hack and Russian actor (SC Magazine)
ExtraHop CEO: Expect a Russian cyber response to sanctions (Register)
Treasury sanctions Russian research center blamed for Trisis malware (CyberScoop)
Treasury Targets Sanctions Evasion Networks and Russian Technology Companies Enabling Putin’s War (U.S. Department of the Treasury)
Evgeny Viktorovich Gladkikh – Rewards For JusticeArtboard 4Artboard 4 (Rewards for Justice)
Spring confirms ‘Spring4Shell’ zero-day, releases patched update (The Record by Recorded Future)
Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day? (Cyber Security Works)
Ransomware Attacks Straining Local US Governments and Public Services (IC3)
Senate’s Wyden Probes Use of Forged Legal Requests by Hackers (Bloomberg)
NSA Employee Charged with Mishandling Classified Material (Military.com)
National Security Agency Employee Indicted for Willful Transmission and Retention of National Defense Information (US Department of Justice)
National Security Agency Employee Facing Federal Indictment for Willful Transmission and Retention of National Defense Information (US Department of Justice)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity. | 31 Mar 2022 | 00:22:21 | |
Russian cyber operators collect against domestic targets. More details on the Viasat hack. Ukrainian hacktivists say they can interfere with Russian geolocation. Spring4shell is another remote-code-execution problem. The Remcos Trojan is seeing a resurgence. Malicious links distributed via Calendly. Johannes Ullrich from SANS on attack surface detection. Our guest is Fleming Shi from Barracuda on cybersecurity champions. Phishing with “emergency data requests.” Lapsus$ may be back from vacation.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/62
Selected reading.
Vladimir Putin is being lied to by his advisers, says GCHQ (The Telegraph)
U.S. intelligence suggests that Putin’s advisers misinformed him on Ukraine. (New York Times)
White House: Intel shows Putin misled by advisers on Ukraine (AP NEWS)
Russian troops sabotaging their own equipment and refusing orders in Ukraine, UK spy chief says (CNBC)
Phishing campaign targets Russian govt dissidents with Cobalt Strike (BleepingComputer)
KA-SAT Network cyber attack overview (Viasat.com)
Tracking cyber activity in Eastern Europe (Google)
Ukrainian Hackers Take Aim at Russian Artillery, Navigation Signals (Defense One)
Russian efforts in Ukraine have not yet spilled over into cyberattacks on US, says lawmaker (C4ISRNet)
New Spring Framework RCE Vulnerability Confirmed - What to do? (Sonatype)
New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared (Contrast Security)
Spring Core on JDK9+ is vulnerable to remote code execution (Praetorian)
Spring4Shell: No need to panic, but mitigations are advised (Help Net Security)
Remcos Trojan: Analyzing the Attack Chain (Morphisec)
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg)
Fresh Phish: Phishers Schedule Victims on Calendar App (INKY)
Lapsus$ claims Globant as its latest breach victim (TechCrunch)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs. | 30 Mar 2022 | 00:23:29 | |
Taking down bot farms. Russia says the US is the aggressor in cyberspace. Influence operations, arriving at Mach 10. The call is coming from inside the house! Cyber incidents affect aviation services. CISA posts ICS control system advisories. I welcome Tim Eades from the Cyber Mentor Fund. Our guest is Alex Holland from HP Wolf Security describing a new wave of attacks. And Sanctions are also biting Russian cyber gangs.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/61
Selected reading.
Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards (BleepingComputer)
Russia accuses U.S. of massive 'cyber aggression' (Reuters)
Russia Has Fired 'Multiple' Hypersonic Missiles Into Ukraine, US General Confirms (Defense One)
BREAKING: Russian Aviation Authority Suffers Cyberattack (Mentour Pilot)
Bradley Airport Website Suffers Cyber Attack (NBC Connecticut)
Philips e-Alert (CISA)
Rockwell Automation ISaGRAF (CISA)
Omron CX-Position (CISA)
Hitachi Energy LinkOne WebView (CISA)
Modbus Tools Modbus Slave (CISA)
Delta Electronics DIAEnergie (CISA)
“Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions (Digital Shadows)
Sanctions Hitting Russian Cyber-Criminals Hard (Infosecurity Magazine)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance. | 29 Mar 2022 | 00:28:19 | |
A cyberattack takes down a major Ukrainian Internet provider. GhostWriter is said to deploy Cobalt Strike against the Ukrainian government. Anonymous makes some large claims. This just in: spies drive drunk: Ukrainian intelligence doxes FSB officers. Conventional criminals continue to exploit sympathy for Ukraine in social engineering scams. Red-Lili automates software supply-chain attacks. Ben Yelin considers Russian cyber capabilities. Mr. Security Answer Person John Pescatore addresses security automation. And CISA offers mitigation guidance on risks to uninterruptible power supplies.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/60
Selected reading.
Russia says it will scale back near Kyiv as talks progress (AP NEWS)
Ukraine Claims Some Battle Successes as Russia Focuses on Another Front (New York Times)
Ukrainian telecom company's internet service disrupted by 'powerful' cyberattack (Reuters)
‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider (Forbes)
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon (Security Affairs)
Secret World of Pro-Russia Hacking Group Exposed in Leak (Wall Street Journal)
Anonymous is working on a huge data dump that will blow Russia away (Security Affairs)
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio (Security Affairs)
Names and addresses of 620 FSB officers published in data breach (Times)
Russian spies unmasked in embarrassing blow for Vladimir Putin (The Telegraph)
New Conversation Hijacking Campaign Delivering IcedID (Intezer)
Spoofed Invoice Used to Drop IcedID (Fortinet Blog)
A Beautiful Factory for Malicious Packages (Checkmarx)
School of Hard Knocks: Job Fraud Threats Target University Students (Proofpoint)
Mitigating Attacks Against Uninterruptible Power Supply Devices (CISA Insights)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Opening up on hidden secrets. | 05 Jun 2024 | 00:31:48 | |
OpenAI insiders describe a culture of recklessness and secrecy. Concerns over Uganda’s biometric ID system. Sophos uncovers a Chinese cyberespionage operation called Crimson Palace. Poland aims to sure up cyber defenses against Russia. Zyxel warns of critical vulnerabilities in legacy NAS products. Arctic Wolf tracks an amateurish ransomware variant named Fog. A TikTok zero-day targets high profile accounts. Cisco patches a Webex vulnerability that exposed German government meetings. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 7, Security Operations. A Canadian data breach leads to a class action payday.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 7, Security Operations, and tackle the following question:
Which of the following is the MOST important goal of Disaster Recovery Planning?
Business continuity
Critical infrastructure restoration
Human Safety
Regulatory compliance
Selected Reading
OpenAI Whistle-Blowers Describe Reckless and Secretive Culture (The New York Times)
Uganda: Yoweri Museveni's Critics Targeted Via Biometric ID System (Bloomberg)
Chinese South China Sea Cyberespionage Campaign Unearthed (GovInfo Security)
Palau confirms 'major' cyberattack, points to China (Digital Journal)
Poland to invest $760 million in cyberdefense as Russian pressure mounts (The Record)
'NsaRescueAngel' Backdoor Account Again Discovered in Zyxel Products (SecurityWeek)
Arctic Wolf sniffs out new ransomware variant (CSO Online)
CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs (Security Affairs)
Cisco Patches Webex Bugs Following Exposure of German Government Meetings (SecurityWeek)
ICBC must pay $15K to all who had data breached before JIBC attacks (Vancouver Sun)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog. | 28 Mar 2022 | 00:23:58 | |
Preparing for the spread of cyberattacks. A look at Cyber operations in the hybrid war. C3 and electronic warfare. The Republic of the Marshall Islands suffers rolling DDoS attacks. Okta gives a detailed account of its experience with the Lapsus$ Group. Lapsus$ under the law enforcement microscope. The FCC sanctions Kaspersky. Malek Ben Salem from Accenture on getting full potential from deception systems. Our guest is Greg Scasny of Blueshift Cybersecurity with remote workforce security concerns. And CISA adds to its Known Exploited Vulnerabilities Catalog.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/59
Selected reading.
‘Preparation, not panic’: Top US cyber official asks Americans to look out for Russian hacking efforts CNN
Russia hacked Ukrainian satellite communications, officials believe BBC News
Chinese cyberattacks on NATO countries increase 116% since Russia's invasion of Ukraine: study Fox Business
Why hasn't Russia used its 'full scope' of electronic warfare?Breaking Defense
Russian troops’ tendency to talk on unsecured lines is proving costly Washington Post
Marshall Islands telecom service hit by cyber attack RNZ
Okta: "We made a mistake" delaying the Lapsus$ hack disclosure BleepingComputer
Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech's Biggest Companies? Gizmodo
FCC puts Kaspersky on security threat list, says it poses “unacceptable risk“ Ars Technica
U.S. FCC adds Russia's Kaspersky, China telecom firms to national security threat list Reuters
CISA Adds 66 Known Exploited Vulnerabilities to Catalog CISA
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday] | 26 Mar 2022 | 00:19:21 | |
Guest Dick O'Brien from Symantec joins Dave Bittner on this episode to discuss how "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine." The Russia-linked Shuckworm group (aka Gamaredon, Armageddon) has been active since 2013 and is known to use phishing emails to distribute either freely available remote access tools.
In July 2021, Symantec observed Shuckworm activity on an organization in Ukraine and this continued until August 2021. According to a November 2021 report from the Security Service of Ukraine (SSU), since 2014 the Shuckworm group has been responsible for over 5,000 attacks against more than 1,500 Ukrainian government systems. Dick walks us through Symantec's investigation.
The research can be found here:
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case. | 25 Mar 2022 | 00:25:03 | |
Fears of Russian escalation as Ukraine’s counteroffensive sees successes. Warnings of possible Russian cyberattacks gain context from attribution of the Viasat incident and two US unsealed indictments. CISA continues to recommend best practices. North Korean APTs exploit Chrome vulnerabilities. Mustang Panda is back. David Dufour from Webroot on ransomware gangs and cartels. Our guest is Liliana Monge of Sabio Coding Bootcamp on creating opportunities for those looking to pursue a career in tech. And boy, boy, your wild ways will break your mother’s heart.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/58
Selected reading.
Ukrainian forces advance east of Kyiv as Russians fall back (Reuters)
Counteroffensive in Ukraine Shifts Dynamic of War (New York Times)
Ukrainian forces claim to destroy a Russian landing ship. (New York Times)
Putin's war in Ukraine nearing possibly more dangerous phase (AP NEWS)
Syrians watch in horror as Putin deploys the Aleppo playbook in Ukraine (CNN)
Joe Biden: We will respond in kind if Vladimir Putin uses chemical weapons in Ukraine (The Telegraph)
A month into the Russian invasion, Ukraine is still mostly online (The Record by Recorded Future)
Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say (Washington Post)
Hackers Attacked Satellite Terminals Through Management Network, Viasat Officials Say (Air Force Magazine)
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide (US Department of Justice)
US charges four Russian hackers over cyber-attacks on global energy sector (the Guardian)
North Korean Actors Exploited Chrome Flaw to Target U.S. Orgs (Decipher)
Countering threats from North Korea (Google)
New Mustang Panda hacking campaign targets diplomats, ISPs (BleepingComputer)
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection (Threatpost)
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC News)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim. | 24 Mar 2022 | 00:25:45 | |
Concerns persist that President Putin will take his revenge in cyberspace for sanctions. Wiper attacks reported continuing in Ukraine. Russia also sustains cyberattacks. Lapsus$--living at home, with Mom. A carder kingpin finds his way onto the FBI’s Most Wanted List. Andrea Little Limbago from Interos on collective resilience. Our guest is Amit Shaked from Laminar Security on shadow data. Anonymous says it hit Nestlé, but Nestlé says it never happened.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/57
Selected reading.
As Ukraine invasion stalls, Putin looks to cyber for revenge attack on US (Newsweek)
Threat looms of Russian attack on undersea cables to shut down West’s internet (France 24)
A Mysterious Satellite Hack Has Victims Far Beyond Ukraine (Wired)
Anonymous hacks unsecured printers to send anti-war messages across Russia (HackRead)
'We want them to go to the Stone Age': Ukrainian coders are splitting their time between work and cyber warfare (CNBC)
Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind (Bloomberg)
Nestlé denies Anonymous hack, claiming it accidentally leaked data dump itself (Fortune)
Nestlé says 'Anonymous' data leak actually a self-own (Register)
Nestlé: You Can't Hack Us, We Leaked Our Own Data (Gizmodo)
FBI adds Russian cybercrime market owner to most wanted list (BleepingComputer)
United States of America v. Igor Dekhtyar (US District Court for the Eastern District of Texas)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Insider Risk Excellence Awards. [CyberWire-X] | 24 Mar 2022 | 00:22:36 | |
In this CyberWire-X episode, host Dave Bittner chats with the judges of the Insider Risk Excellence Awards. The inaugural awards program, announced during last September's Insider Risk Summit, recognizes the best of the best in Insider Risk Management. They honor the work of individuals and organizations as they address Insider Risk in the most collaborative work environment we’ve ever seen. Judges Joe Payne, President and CEO, Code42 and Chairman, Insider Risk Summit and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader, Optiv, talk about the growing Insider Risk problem, reveal the winners of each award category and pull back the curtain on how each of these Insider Risk trailblazers are making an impact.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem. | 23 Mar 2022 | 00:25:35 | |
The US and the UK warn of impending Russian cyberattacks, and Russia responds with warnings against “banditry,” crime, and bad manners. CISA issues two new ICS advisories. Microsoft confirms a Lapsus$ gang incident, and so does Okta, but Okta’s case is more complicated. Josh Ray from Accenture on the cyber workforce. Our guest is Tom Gaffney from F-Secure with some ways to reduce digital anxietySecureworks takes a look at the criminal ecosystem around Conti.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/56
Selected reading.
Ukraine war has put our relationship with US at breaking point - Russia (Daily Post Nigeria)
Kremlin dismisses U.S. warning of potential Russian cyber attacks (Reuters) .
As Biden puts US on alert, Russia seeks talks to help prevent cyber war (Newsweek)
U.K. echoes Biden warning on Russian cyberattacks (The Record by Recorded Future)
Biden: Russia mulling cyberattacks on US (C4ISRNet)
National Security Advisor details new intelligence on potential Russian cyberattacks (FOX 5 DC)
The Threat of Russian Cyberattacks Looms Large (The New Yorker)
FBI sees growing Russian hacker interest in US energy firms (AP NEWS)
CISA Call with Critical Infrastructure Partners on Potential Russian Cyberattacks Against the U.S. (YouTube)
CISA highlights new reporting hotline amid warnings about potential Russian cyber attacks (Federal News Network)
Delta Electronics DIAEnergie (CISA)
Delta Electronics DIAEnergie (Update B) (CISA)
Microsoft, Okta Investigating Data Theft Claims (SecurityWeek)
Hackers hit authentication firm Okta, customers 'may have been impacted' (Reuters)
'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack (Wired).
Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach (The Record by Recorded Future)
Okta Investigates Report of Security Breach, Says It Finds No Evidence of New Attack (Wall Street Journal)
Fury As Okta—The Company That Manages 100 Million Logins—Fails To Tell Customers About Breach For Months (Forbes)
Cloudflare’s investigation of the January 2022 Okta compromise (Cloudflare Blog).
Updated Okta Statement on LAPSUS$ (Okta)
GOLD ULRICK leaks reveal organizational structure and relationships (Secureworks)
Details of Conti ransomware affiliate released (ComputerWeekly.com)
More can be done to curb misuse of Cobalt Strike, expert says (VentureBeat)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed. | 22 Mar 2022 | 00:24:29 | |
White House warns of large-scale Russian cyberattacks. Browser-in-the-Browser attacks. New Conti affiliate described. Android malware “Facestealer” described. Android malware “Facestealer” described. Microsoft and Okta investigate possible Lapsus$ attacks. Arid Gopher is out in the wild. Our guest is Swathi West of Barr Advisory on opportunities for the underrepresented in cybersecurity. Joe Carrigan wonders if we can’t just get rid of passwords once and for all. And advancing censorship by finding “extremism” and “Russophobia” in Meta’s platforms.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/55
Selected reading.
Russia's hybrid war with Ukraine: strategy, norms, and alliances (The CyberWire)
Statement by President Biden on our Nation’s Cybersecurity (The White House)
FACT SHEET: Act Now to Protect Against Potential Cyberattacks (The White House)
Statement from CISA Director Easterly on Potential Russian Cyberattacks Against the United States (CISA)
Press Briefing by Press Secretary Jen Psaki and Deputy NSA for Cyber and Emerging Technologies Anne Neuberger, March 21, 2022 (The White House)
Statement from Secretary Mayorkas on Cybersecurity Preparedness (US Department of Homeland Security)
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email… (eSentire)
New Phishing toolkit lets anyone create fake Chrome browser windows (BleepingComputer).
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable (The Hacker News)
Arid Gopher: Newest Micropsia Malware Variant (Deep Instinct)
Spyware dubbed Facestealer infects 100,000+ Google Play users (Pradeo)
Okta confirms investigation into potential breach (The Record by Recorded Future)
Microsoft investigating alleged Lapsus$ hack of Azure DevOps source code repositories (Computing)
Russian War Report: Meta officially declared “extremist organization” in Russia (Atlantic Council)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware. | 21 Mar 2022 | 00:26:17 | |
The widely expected, intense Russian cyber campaign has yet to appear. "Protestware" as a dangerous turn in hacktivism. Information operations and the persistence of independent channels of news. Social media as an opsec problem.Lapsus$ may have hit Microsoft. A second Brazilian gang tries its hand at extortion. A snakey backdoor afflicts French organizations. AD Bryan Vorndran of the FBI Cyber Division on what the agency brings to the table in the cyberspace. Rick Howard considers infrastructure as code. Emsisoft offers a free decryptor for Diavol ransomware.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/54
Selected reading.
Volodymyr Zelensky tells Russia to seek ‘meaningful’ peace talks or face catastrophic losses (The Telegraph)
Cyber threats and the Ukraine conflict (Avast)
Cyber ‘cold war’ rages online but Russia holds back on massive digital attacks (Times of Israel)
Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict (Security Affairs)
Former CIA officer shows what a Russian cyberattack on the US would look like (Fox News)
EU and US agencies warn that Russia could attack satellite communications networks (Security Affairs)
Banks on alert for Russian reprisal cyberattacks on Swift (Ars Technica)
Activists are targeting Russians with open-source “protestware” (MIT Technology Review)
Cyber warfare gets real for satellite operators (SpaceNews)
More Conti ransomware source code leaked on Twitter out of revenge (BleepingComputer)
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (Vice)
Anonymous has unleashed a successful cyberwar to undermine Putin's Ukraine invasion (Fortune)
Some Russians are breaking through Putin’s digital iron curtain — leading to fights with friends and family (Washington Post)
On Russia's VK, anti-war messages defy Vladimir Putin's Ukraine censors (Newsweek)
Why Russia’s anti-war movement matters (Atlantic Council)
Telegram Thrives Amid Russia’s Media Crackdown (Wall Street Journal)
British soldiers are ordered off WhatsApp amid fears that sensitive military details could be accessed by Russian hackers (Daily Mail)
Microsoft Investigating Claim of Breach by Extortion Gang (Vice)
Hacking group that went after NVIDIA may have also attacked Microsoft (Windows Central)
Microsoft Allegedly Breached by LAPSUS Group (Cyber Kendra)
Lapsus$ gang sends a worrying message to would-be criminals (Register)
TransUnion cyber attack – hackers demand R225 million ransom (Business Tech).
TransUnion Confirms Data Breach at South Africa Business (SecurityWeek)
UPDATE | TransUnion believes breach of 54 million SA records unrelated to current hack (Fin24)
Banks move to protect consumers in wake of TransUnion cyberattack (TechCentral)
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain (Proofpoint)
Emsisoft releases free decryptor for the victims of the Diavol ransomware (Security Affairs)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes] | 20 Mar 2022 | 00:07:53 | |
Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together. Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the field. He hopes to have made a real dent, or "hopefully a crater" in cyber crime when he ends his career. We thank Derek for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Implications of data leaks of sensitive OT information. [Research Saturday] | 19 Mar 2022 | 00:22:53 | |
Guest Nathan Brubaker from Mandiant joins Dave Bittner on this episode to discuss Mandiant Threat Intelligence's research: "1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information." Data leaks have always been a concern for organizations. The exposure of sensitive information can result in damage to reputation, legal penalties, loss of intellectual property, and even impact the privacy of employees and customers. However, there is little research about the challenges posed to industrial organizations when threat actors disclose sensitive details about their OT security, production, operations, or technology.
In 2021, Mandiant Threat Intelligence continued observing ransomware operators attempting to extort thousands of victims by disclosing terabytes of stolen information on shaming sites. This trend, which Mandiant Threat Intelligence refers to as “Multifaceted Extortion,” impacted over 1,300 organizations from critical infrastructure and industrial production sectors in just one year. Nathan walks us through their research and findings.
The research can be found here:
1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Ransomware hit causes pathology paralysis. | 04 Jun 2024 | 00:33:43 | |
Ransomware disrupts London hospitals. Researchers discover serious vulnerabilities in Progress' Telerik Report Server and Atlassian Confluence Data Center and Server. Over three million people are affected by a breach at a debt collection agency. A report finds Rural hospitals vulnerable to ransomware. An Australian mining firm finds some of its data on the Dark Web. Google patches 37 Android vulnerabilities. Russian threat actors target the Summer Olympics in Paris. On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. The Amazon rainforest goes online.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. You can learn more about Sonrai’s work in this area by reviewing their Quantifying Cloud Access Risk: Overprivileged Identities and Zombie Identities report.
Selected Reading
Critical incident declared as ransomware attack disrupts multiple London hospitals (The Record)
CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server (Tenable)
Atlassian’s Confluence hit with critical remote code execution bugs (CSO Online)
Debt collection agency FBCS leaks information of 3 million US citizens (Malwarebytes)
Rural hospitals are particularly vulnerable to ransomware, report finds (CyberScoop)
Australian rare earths miner hit by cybersecurity breach (Mining Weekly)
37 Vulnerabilities Patched in Android (SecurityWeek)
Russia used fake AI Tom Cruise in Olympic disinformation campaign (Computer Weekly)
The Internet's Final Frontier: Remote Amazon Tribes (New York Times)
Listen to our newest podcast, “Only Malware in the Building.”
N2K and Proofpoint have teamed up to launch “Only Malware in the Building,” the newest podcast on the N2K CyberWire network. Each month our hosts Selena Larson, Proofpoint’s staff threat researcher, and N2K’s Rick Howard and Dave Bittner, explore the mysteries around today’s most intriguing cyber threats. Listen to the first episode and subscribe now.
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft. | 18 Mar 2022 | 00:24:14 | |
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism that affects software supply chains may go too far. An initial access broker in the criminal-to-criminal market. BlackMatter may be working with BlackCat. CISA offers a warning and advice to SATCOM operators. NIST offers some guidance on industrial control system security. Johannes Ullrich reminds us to patch our backup tools. Our guest is Armando Saey from MISI with insights on maritime port security. And Rear Admiral Mehoff, call your office.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/53
Selected reading.
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion (The Hacker News)
Software Supply Chain Weakness: Snyk Warns of 'Deliberate Sabotage' of NPM Ecosystem (SecurityWeek)
Russian government websites face ‘unprecedented’ wave of hacking attacks, ministry says (Washington Post)
Ukraine’s Digital Ministry Is a Formidable War Machine (Wired)
Exposing initial access broker with ties to Conti (Google)
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (The Hacker News)
Strengthening Cybersecurity of SATCOM Network Providers and Customers (CISA)
NIST SPECIAL PUBLICATION 1800-10 Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector (NIST)
Hoax caller claiming to be Ukrainian PM got through to UK defence secretary (the Guardian)
Russians target Priti Patel and Ben Wallace with fake video calls (The Telegraph)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing. | 17 Mar 2022 | 00:23:39 | |
Not-so-deepfakes debunked. Hacktivism and information warfare in Russia’s war against Ukraine. The prospect of an age of “splinternets.” Germany warns of risks from Kaspersky security products. Disruption of Ukrainian ISPs. David Dufour from Webroot on cyberattacks hitting the automotive sector. Carole Theriault ponders parental disclosure of tracking their kids. Three new wrinkles to social engineering.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/52
Selected reading.
Russia and Ukraine ‘draw up 15-point peace plan’ (The Telegraph)
Deepfake video of Zelenskyy could be 'tip of the iceberg' in info war, experts warn (NPR.org)
The Russia-Ukraine War And The Revival Of Hacktivism (Digital Shadows)
In a Chilling Threat, Putin Vows to Rid Russia of ‘Traitors’ (Bloomberg)
Russia is risking the creation of a “splinternet”—and it could be irreversible (MIT Technology Review)
Traffic interception and MitM attacks among security risks of Russian TLS certs (CSO Online)
Germany's BSI warns against Kaspersky AV over spying concerns (CSO Online)
Major Ukrainian Internet Provider Triolan Suffers Severe Cyber Attacks and Infrastructure Destruction During Russian Invasion (CPO Magazine)
The Attack of the Chameleon Phishing Page (Trustwave)
The Email Bait … and Phish: Instagram Phishing Attack (Armorblox)
Using CAPTCHA Forms to Bypass Filters (Avanan)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest. | 16 Mar 2022 | 00:24:08 | |
Ukrainian President Zelenskyy addresses the US Congress, as intelligence services, contractors, and hacktivists wage their part of a hybrid war. BlackBerry describes LokiLocker, a new strain of ransomware that’s not Iranian, but would have you think it is. CISA and the FBI warn of a Russian cyber campaign. Nigeria arrests an alleged advance-fee scam artist (he’s been wanted for some time.)
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/51
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime. | 15 Mar 2022 | 00:27:46 | |
Biowar disinformation. A new wiper is discovered in Ukrainian systems. Cyber criminals look for letters of marque from both sides (and some of them are looking like hacktivists). Ukrainian cybersecurity firms and intelligence services mobilize against Russia. Ben Yelin evaluates cyber engagements in the crisis. A protester crashes a Russian news broadcast. DDoS attack takes down Israeli sites. China claims to have “captured” NSA hacking tools. Our guest is Ben Brook CEO of Transcend with a look at data privacy. Recent trends in cybercrime.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/50
Selected reading.
Researchers find new destructive wiper malware in Ukraine (The Verge)
Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks (Aqua Security)
Financially motivated threat actors willing to go after Russian targets (Help Net Security)
Kyiv’s hackers seize their wartime moment (POLITICO)
Global Incident Report: Threat Actors Divide Along Ideological Lines over the Russia-Ukraine Conflict on Underground Forums (Accenture)
Political fallout in cybercrime circles upping the threat to Western targets (CyberScoop)
A protester storms a live broadcast on Russia’s most-watched news show, yelling, ‘Stop the war!’ (New York Times)
Denial-of-service attack knocked Israeli government sites offline (CyberScoop)
China claims it captured NSA spy tool that already leaked (Register)
Ransomware Variants Q4 2021 (Intel471.com)
Cequence Security Releases Report Revealing Top 3 Attack Trends in API Security (Cequence)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual. | 14 Mar 2022 | 00:26:01 | |
The situation in Russia’s war against Ukraine, and Mr. Putin’s frustration with his intelligence services. Provocations, state-hacking, and influence operations in a hybrid war. Lapsus$ hits Ubisoft with ransomware. LockBit hits Bridgestone America. The Escobar banking Trojan is out in the wild. Kaspersky source apparently not compromised after all. Dan Prince wonders if we are properly preparing for the roles of tomorrow? Rick Howard is pulling on the kill chain. And the wayward aim of public opinion.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/49
Selected reading.
After more than two weeks of war, the Russian military grinds forward at a heavy cost (Washington Post)
Ukraine war latest: Talks resume as Russia strikes Kyiv (BBC News)
US view of Putin: Angry, frustrated, likely to escalate war (AP NEWS)
Kremlin arrests FSB chiefs in fallout from Ukraine chaos (Times)
Russian Cyber Restraint in Ukraine Puzzles Experts (SecurityWeek)
Russia's cyber offensive against Ukraine has been limited so far. Experts are divided on why (KESQ) ‘
Not the time to go poking around’: How former U.S. hackers view dealing with Russia (POLITICO)
We're seeing 800% increase in cyberattacks, says MSP (Register)
Russia makes claims of US-backed biological weapon plot at UN (the Guardian)
Russian media spreading disinformation about US bioweapons as troops mass near Ukraine (Bulletin of the Atomic Scientists)
Russian TikTok Influencers Are Being Paid to Spread Kremlin Propaganda (Vice)
The White House is briefing TikTok stars about the war in Ukraine (Washington Post)
Android malware Escobar steals your Google Authenticator MFA codes (BleepingComputer)
Google Attempts to Explain Surge in Chrome Zero-Day Exploitation (SecurityWeek) Google: We're spotting more Chrome browser zero-day flaws in the wild. Here's why (ZDNet).
Ubisoft says it experienced a ‘cyber security incident’, and the purported Nvidia hackers are taking credit (The Verge)
UPDATE 1-Japan's Denso hit by apparent ransomware attack - NHK (Reuters)
LockBit ransomware group claims to have hacked Bridgestone Americas (Security Affairs)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Kristin Strand: Be firm in your goals. [Consultant] [Career Notes] | 13 Mar 2022 | 00:06:11 | |
Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity. Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It will come around. We thank Kristin for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| The story of REvil: From origin to beyond. [Research Saturday] | 12 Mar 2022 | 00:32:26 | |
Guest Jon DiMaggio, Chief Security Strategist at Analyst1, joins Dave Bittner to discuss his team's research "A History of REvil" that chronicles the rise and fall of REvil. The REvil gang is an organized criminal enterprise based primarily out of Russia that runs a Ransomware as a Service (RaaS) operation. The core members of the gang reside and operate out of Russia. REvil leverages hackers for hire, known as affiliates, to conduct the breach, steal victim data, delete backups, and infect victim systems with ransomware for a share of the profits. Affiliates primarily stem across eastern Europe, though a small percentage operate outside that region. In return, the core gang maintains and provides the ransomware payload, hosts the victim data leak/auction site, facilitates victim communication and payment services, and distributes the decryption key. In simpler terms, the core gang are the service provider and persona behind the operation, while the affiliates are the hired muscle facilitating attacks. Jon walks us through the team's findings and details REvil's story.
The research can be found here:
A History of REvil
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case. | 11 Mar 2022 | 00:25:47 | |
An update on the hybrid war in Ukraine. Allegations of war crimes and Russian disinformation. Chemical, biological, and radiological weapons disinformation. Preparing for cyberattacks. Cyber operations against Russia. GPS interference reported along Finland’s border. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. Malek Ben Salem from Accenture on deception systems. Our guest is Joe Payne from Code42 on data exposure. An extradition in the NetWalker case.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/48
Selected reading.
Russia 'did not attack Ukraine' says Lavrov after meeting Kuleba (euronews)
Read the latest cybersecurity analysis (Accenture)
Where conflict is reported in Ukraine right now (The Telegraph)
How U.S. Bioweapons in Ukraine Became Russia’s New Big Lie (Foreign Policy)
Russian embassy demands Meta stop 'extremist activities' (NASDAQ:FB) (SeekingAlpha)
Transparency Org Releases Alleged Leak of Russian Censorship Agency (Vice)
SecurityScorecard Discovers new botnet, ‘Zhadnost,’ responsible for… (SecurityScorecard)
Inside the Russian cyber war on Ukraine that never was (Task & Purpose)
Report: Recent 10x Increase in Cyberattacks on Ukraine (KrebsOnSecurity)
Russian defense firm Rostec shuts down website after DDoS attack (BleepingComputer)
The Spectacular Collapse of Putin’s Disinformation Machinery (Wired)
Will Russians Choose Truth or Lies? Ukraine’s Fate Depends on Them (Bloomberg)
Finnish govt agency warns of unusual aircraft GPS interference (BleepingComputer)
Corporate website contact forms used to spread BazarBackdoor malware (BleepingComputer)
U.S. Warns of Conti Ransomware Attacks as Gang Deals With Leak Fallout (SecurityWeek)
Ex Canadian government worker extradited to U.S. to face more ransomware charges (CBC)
Former Canadian Government Employee Extradited to the United States to Face Charges for Dozens of Ransomware Attacks Resulting in the Payment of Tens of Millions of Dollars in Ransoms (US Department of Justice)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas. | 10 Mar 2022 | 00:29:14 | |
Prebunking a provocation. A spot report on the cyber phases of a hybrid war. Google stops a Judgment Panda campaign against US Government Gmail users. Symantec continues to track the origins and uses of the Daxin backdoor. CISA updates its Conti alert. Josh Ray from Accenture has tips on Log4J. Our guest is Chetan Conikee of ShiftLeft with strategies for reducing attackability. And law northeast of the Pecos, as an alleged member of REVil is arraigned in Texas.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/47
Selected reading.
Vladimir Putin ‘plotting chemical weapons attack in Ukraine’ (The Telegraph)
White House warns Russia could use chemical weapons in Ukraine (TheHill)
Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm (eSecurityPlanet)
More Than 5 Million Anti-Propaganda Text Messages Sent to Russians in Anonymous Information Warfare (Hstoday)
Anonymous hacked Russian cams, websites, announced a clamorous leak (Security Affairs)
EXCLUSIVE BNP Paribas bars Russia-based staff from computer systems as cyber attack fears grow (Reuters)
CISA updates Conti ransomware alert with nearly 100 domain names (BleepingComputer)
Google Blocks Chinese Phishing Campaign Targeting U.S. Government (SecurityWeek)
Symantec tracked down one developer of ‘China’s most advanced piece of malware’ (Sc Magazine)
Daxin Backdoor: In-Depth Analysis, Part One (Symantec)
Daxin Backdoor: In-Depth Analysis, Part Two (Symantec)
Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas (US Department of Justice)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday. | 09 Mar 2022 | 00:27:13 | |
Zelenskyy addresses the House of Commons. Cyber operations in Russia's war against Ukraine. Chinese cyber espionage campaign hits six US state governments (but it might be an APT side-hustle). A surge in mobile malware. Joe Carrigan looks at derestricting your software. Our guest Bob Dudley discusses cyberattacks against the European energy sector. And a quick look back at Patch Tuesday.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/46
Selected reading.
Volodymyr Zelensky speech: Ukrainian President vows to fight Russians in 'forests, fields and on shores' as he channels Winston Churchill (The Telegraph)
Putin’s Endgame Starts to Look Like Reducing Ukraine to Rubble (Bloomberg
Live Updates: Biden Bans Russian Oil Imports and Major U.S. Brands Close Outlets (New York Times)
The March 2022 Security Update Review (Zero Day Initiative)
EU countries call for cybersecurity emergency response fund -document (Reuters)
Annual Threat Assessment of the U.S. Intelligence Community (Office of the Director of National Intelligence)
PTC Axeda agent and Axeda Desktop Server | (CISA)
AVEVA System Platform (CISA)
Sensormatic PowerManage (CISA)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake. | 03 Jun 2024 | 00:28:34 | |
Signs point to a major cybersecurity event at cloud provider Snowflake. Hugging Face discloses "unauthorized access" to its Spaces platform. Australian legislation seeks jail time for deepfake porn. CISA adds two vulnerabilities to the KEV catalog. Spanish police investigate a potential breach of drivers license info. NSA shares mobile device best practices. Everbridge crisis management software company reports a data breach. N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins us to preview CSO Perspectives Season 14 which launches today! Google tries to explain those weird AI search results.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins Dave to preview CSO Perspectives Season 14 which launches today! The first episode explores SolarWinds and the SEC. This episode of CSO Perspectives has a companion essay. You can find it here. Not an N2K Pro subscriber? You can catch the first half of the episode here.
Selected Reading
The Ticketmaster Data Breach May Be Just the Beginning (WIRED)
Hugging Face says it detected 'unauthorized access' to its AI model hosting platform (TechCrunch)
Jail time for those caught distributing deepfake porn under new Australian laws (The Guardian)
CISA warns of actively exploited Linux privilege elevation flaw (Bleeping Computer)
Spanish police investigate whether hackers stole millions of drivers' data (Reuters)
The NSA advises you to turn your phone off and back on once a week - here's why (ZDNET)
Everbridge warns of corporate systems breach exposing business data (Bleeping Computer)
Google’s AI Overview is flawed by design, and a new company blog post hints at why (Ars Technica)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities. | 08 Mar 2022 | 00:25:45 | |
Updates from the UK’s Ministry of Defense on Russia’s War in Ukraine. Influence operations: the advantage still seems to go to Ukraine, as Russian efforts look inward. Assessing the effects of hacktivism and cyber operations in the hybrid war. Privateering: Conti, Ragnar Locker, and (probably) others. Mustang Panda rears up in European diplomatic networks. Ransomware hits a Romanian fuel distributor. Andrea Little Limbago from Interos on data traps. Carole Theriault tracks the fight against deepfakes. Vulnerabilities found in UPS devices.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/45
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back). | 07 Mar 2022 | 00:27:14 | |
Russian influence operations fail as few support Russia's war of aggression. Ukraine will become a "contributing participant" in NATO's CCDCOE. Ukrainian cyberattacks, and the marshaling of hacktivists. Russian cyberattacks: surprisingly restrained and unsurprisingly supported by criminal organizations like Conti. The FBI’s Bryan Vorndran joins us with insights on the work his team did on Sodinokibi. Rick Howard looks at vulnerability management. Lapsu$ gang releases data taken from NVIDIA and Samsung in separate extortion incidents.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/44
Selected reading.
What Happened on Day 11 of Russia’s Invasion of Ukraine (New York Times)
Putin says Ukraine's future in doubt as cease-fires collapse
After temporary cease-fires break down, Putin threatens Ukraine’s government (AP NEWS)
Ukraine to join NATO cyber defence centre as 'contributing participant' (Reuters)
Putin Is Raising an Iron Firewall Around Russia (Bloomberg)
Three reasons Moscow isn't taking down Ukraine's cell networks (POLITICO)
Hacktivists Stoke Pandemonium Amid Russia’s War in Ukraine (Wired)
DDoS hacktivism: A highly risky exercise (Avast)
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites (The Record by Recorded Future)
Ukraine Cyber Official: We Only Attack Military Targets (SecurityWeek)
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge (New York Times)
Russia shares list of 17,000 IPs allegedly DDoSing Russian orgs (BleepingComputer)
Ukraine's 'IT army' targets Belarus railway network, Russian GPS (Reuters)
HawkEye 360 detects GPS interference in Ukraine (SpaceNews)
Hackers are being forced to pick sides in the Russia-Ukraine war (KTVH)
Nvidia allegedly hacks back (Avast)
Credentials of 71,000 NVIDIA Employees Leaked Following Cyberattack (SecurityWeek)
Leaked stolen Nvidia cert can code-sign Windows malware (Register)
Hackers claim massive Samsung leak, including encryption keys and source code (Android Police)
Lapsus$ group leaks 190GB of Samsung data, source code (Computing)
Samsung’s secret data leaks after devastating cyberattack (SamMobile)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| HEAT: Examining the next-class of browser-based attacks. [CyberWire-X] | 06 Mar 2022 | 00:35:32 | |
Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and services to the cloud to enable hybrid and remote workforces, the “new” office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser – that’s where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Advanced Threats (HEAT).
During this episode of CyberWire-X, the CyberWire's Dave Bittner speaks with Dan Prince, Senior Lecturer in Security and Protection Science at the School of Computing and Communications at Lancaster University, about the topic. Show Sponsor Menlo Security's Nick Edwards and Dave explore what HEAT attacks are, how they work, and why they’re resulting in the rise of ransomware attacks and account takeovers.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes] | 06 Mar 2022 | 00:08:44 | |
Founder and CTO of ShiftLeft, Chetan Conikee shares his story from computer science to founding his own company. When choosing a career, Chetan notes that "the liking and doing has to matter and be in conjunction with each other." Explaining the parallels in his home country of India and where he studied his for his masters in the US, Chetan stresses the need to find someone who inspires you to follow and learn from. On being an entrepreneur, he says, "The entrepreneurial mindset is a sum total of many sufferings that lead to success." Chethan advises you take time out to write narratives so that you are remembered and so that others following a similar path may learn from you. We thank Chetan for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| An abuse of trust: Potential security issues with open redirects. [Research Saturday] | 05 Mar 2022 | 00:22:36 | |
Guest Mike Benjamin, VP of Security Research at Fastly, joins Dave Bittner to talk about the Fastly Security Research Team's work on "Open redirects: real-world abuse and recommendations." Open URL redirection is a class of web application security problems that makes it easier for attackers to direct users to malicious resources. This vulnerability class, also known as “open redirects,” arises when an application allows attackers to pass information to the app that results in users being sent to another location. That location can be an attacker-controlled website or server used to distribute malware, trick a user into trusting a link, execute malicious code in a trusted way, drive ad fraud, or even perform SEO manipulation. Knowing how an open redirect can be abused is helpful — but knowing how to design around it in the first place is even more important.
Mike walks us through what his team uncovered, explains how redirects are used, how they can be abused, and how you can prevent that abuse.
The research can be found here:
Open redirects: real-world abuse and recommendations
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft. | 04 Mar 2022 | 00:25:30 | |
Propaganda engagements in Russia’s hybrid war against Ukraine. ICANN will not block the Internet in Russia. Hacktivists, real and pretended, achieve a nuisance-level of success in Russia’s war. Scams and misinformation circulate in Telegram. NVIDIA gets a most curious demand from a cyber gang. CISA’s ICS advisories. Johannes Ullrich looks at phishing pages on innocent websites. Our guest is Chase Snyder from ExtraHop to discuss implications of the cyber talent shortage. And, hey, newsflash, no matter what the texts on your phone might say, there’s no military draft in the US.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/43
Selected readings.
Putin Thought Ukraine Would Fall Quickly. An Airport Battle Proved Him Wrong (Wall Street Journal)
Russia's chaotic and confusing invasion of Ukraine is baffling military analysts (CNBC)
Last Vestiges of Russia’s Free Press Fall Under Kremlin Pressure (New York Times)
Don’t mention the war: Russian state media sells the lie of Ukrainians shelling their own cities (The Telegraph)
Russian troops in disarray and ‘crying’ in combat, radio messages reveal (The Telegraph)
Demoralised Russian soldiers tell of anger at being ‘duped’ into war (the Guardian)
The propaganda war has eclipsed cyberwar in Ukraine (MIT Technology Review)
Ukraine's request to cut off Russia from the global internet has been rejected (CNN)
No, the Army isn’t sending Ukraine draft notices via text (Army Times)
Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online (Hacker News)
Hackers warn Nvidia to open-source their GPU drivers or face data leak (Computing)
Cybercriminals who breached Nvidia issue one of the most unusual demands ever (Ars Technica)
BD Pyxis (CISA)
BD Viper LT (CISA)
IPCOMM ipDIO (CISA)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions. | 03 Mar 2022 | 00:29:24 | |
The UN condemns Russia’s war in Ukraine. Ukraine’s cyber volunteers appear to be operating under the direction of Kyiv’s Ministry of Defense, and may be targeting Russian infrastructure. Belarusian cyber operators are phishing with stolen Ukrainian credentials in a cyberespionage campaign. Task Force KleptoCapture. Infusion pumps found vulnerable to cyberattack. TeaBot is found in the Play Store. TCP middlebox reflection. Dan Prince from Lancaster University on trustworthy autonomous systems. Our guest is John Shegerian from ERI on the security angle of e-recycling. And no more Harleys for Mr. Putin.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/42
Selected reading.
Cyber Realism in a Time of War
Russian Hybrid War Report: Social platforms crack down on Kremlin media as Kremlin demands compliance
Russia's war spurs corporate exodus, exposes business risks
Using DDoS, DanaBot targets Ukrainian Ministry of Defense
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
Phishing campaign targets European officials assisting in refugee operations
Anonymous vs. Russia: Hackers Say Space Agency Breached, More Than 1,500 Websites Hit
Conti Ransomware Source Code Leaked
Hacker Group Anonymous Vows to Disrupt Russia's Internet — RT Websites Become 'Subject of Massive DDoS Attacks'
Ukrainian cyber resistance group targets Russian power grid, railways
Army of Cyber Hackers Rise Up to Back Ukraine
U.S. Officials Detail Efforts to Enforce Raft of New Russia Rules
TCP Middlebox Reflection: Coming to a DDoS Near You
TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps
Infusion Pump Vulnerabilities: Common Security Gaps
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations. | 02 Mar 2022 | 00:28:29 | |
Russia’s invasion in Ukraine is still slow, but it’s grown more brutal. Sanctions are beginning to hit Russia hard. The cyber phase of this hybrid war seems more informational than destructive, which is surprising. Big Tech has taken Ukraine’s side, and some Russian companies face a tough balancing act. Our guest is Lavi Lazarovitz from CyberArk with predictions on supply chain security. Malek Ben Salem from Accenture on deploying effective deception systems. And ransomware continues to pester major corporations.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/41
Selected reading.
Ukraine at D+6: Shocking and awful. (The CyberWire)
The Fog of Cyberwar Descends on Ukraine and Russia (Bloomberg)
Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’ (Vice)
Western Sanctions Bite Russian Economy, but Pose Unpredictable Risks (Wall Street Journal)
Targeted APT Activity: BABYSHARK Is Out for Blood (Huntress)
5 New Vulnerabilities Discovered in PJSIP Open Source Library (JFrog)
Nvidia says hackers are leaking company data after ransomware attack (TechCrunch)
Insurer Aon falls victim to a cyber attack (Computing)
Toyota to restart Japan production after cyberattack on supplier triggers one-day halt (The Edge Markets)
Cyberattack on Toyota's supply chain shuts all its factories in Japan for 24 hours (CNN)
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing. | 01 Mar 2022 | 00:28:47 | |
Stalled columns, rocket fire, and negotiation over Ukraine. Two new pieces of malware found in use against Ukrainian targets. Ben Yelin joins us with analysis. Dealing with WhisperGate and HermeticWiper. The muted cyber phases of a hybrid war. Leaked files reveal Conti as a privateer. Sanctions move from deterrence to economic "war of attrition." Daxin: a backdoor that hides in normal network traffic. Registration-bombing lets fraud hide in the weeds. Our guest is Tresa Stephens from Allianz on the elevated concern for cyber risk among business leaders. And Razzlekhan talking a deal?
Resources
Ukraine Fighting Overshadows Chance of Russia Talks’ Success (Bloomberg) Both sides agree to second set of talks even as fighting rages. Russia suffers market seizure as ruble plunges on sanctions.
After a Fumbled Start, Russian Forces Hit Harder in Ukraine (New York Times) After days of miscalculation about Ukraine’s resolve to fight, Russian forces are turning toward an old pattern of opening fire on cities and mounting sieges.
The dire predictions about a Russian cyber onslaught haven’t come true in Ukraine. At least not yet. (Washington Post) For more than a decade, military commanders and outside experts have laid out blueprints for how cyberwar would unfold: military and civilian networks would be knocked offline, cutting-edge software would sabotage power plants, and whole populations would be unable to get money, gas or refrigerated food.
A Free-for-All But No Crippling Cyberattacks in Ukraine War (SecurityWeek) In the early days of the war in Ukraine, Russia's ability to create mayhem through malware hasn’t had much of a noticeable impact
CISA, FBI Issue Warnings on WhisperGate, HermeticWiper Attacks (SecurityWeek) The two U.S. agencies warn that both malware families were used in destructive cyberattacks targeting organizations in Ukraine.
Anonymous Hacker Group Targets Russian State Media (SecurityWeek) Hacker group Anonymous claimed responsibility on for disrupting the work of websites of pro-Kremlin Russian media in protest of the invasion of Ukraine.
Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory (Wired) The country has enlisted thousands of cybersecurity professionals in the war effort against Russia.
After Conti backs war, ransomware gangs realize peril of patriotism amid infighting (SC Magazine) Ransomware is actually a complex global economy. Different groups design ransomware and license that ransomware for use in attacks, with the latter often using many different vendors of the former. So while the designers of Conti may be Russian, the affiliate groups using Conti may include Ukrainians. And like in any business, there is peril in angering the consumer.
A ransomware group paid the price for backing Russia (The Verge) Is proximity to the Putin regime becoming a liability?
U.N. General Assembly set to isolate Russia over Ukraine invasion (Reuters) The 193-member United Nations General Assembly began meeting on the crisis in Ukraine on Monday ahead of a vote this week to isolate Russia by deploring its "aggression against Ukraine" and demanding Russian troops stop fighting and withdraw.
Russia defends invasion during emergency UN General Assembly (Deutsche Welle) A clear majority of UN member states are expected to vote to condemn Russia's actions as Moscow becomes increasingly isolated internationally.
The New Russian Sanctions Playbook (Foreign Affairs) Deterrence is out, and economic attrition is in.
Russia seeks to halt investor stampede as sanctions hammer economy (Reuters) Russia said it was placing temporary curbs on foreigners seeking to exit Russian assets on Tuesday, putting the brakes on an accelerating investor exodus driven by crippling Western sanctions imposed over the invasion of Ukraine.
For links to all of today's stories check out CyberWire daily news briefing for March 1, 2022.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking. | 28 Feb 2022 | 00:26:08 | |
Ukrainian resistance may have stalled the Russian advance at key points. Cyber operations against Ukraine (and Russia). Diplomacy, now short of surrender? A SWIFT kick. Return of the privateers, now in the guise of patriotic hacktivists. Not all hacking is war-related. Josh Ray from Accenture on KillACK Backdoor Malware Continues to Evolve. Rick Howard revisits the cyber sand table. Criminals exploit Ukraine's suffering in social engineering campaigns.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/39
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition] | 03 Jun 2024 | 00:25:34 | |
As part of our series on the 2024 NICE Conference, we turn our focus to the one of the keynote speakers of the conference. This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap.
In her keynote coming up on Tuesday, June 4th, Deneen DeFiore, Chief Information Security Officer of United Airlines, will discuss "A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career."
Prior to the conference, Simone Petrella, N2K President, caught up with Deneen DeFiore. They discussed Deneen's history with NICE, the importance of prioritizing cyber talent and workforce issues, what stakeholders need to more effectively tackle the cyber skills and experience gap across the profession, and more.
Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Listen to our podcast about the update. Stay tuned for our coverage of the 2024 NICE Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Sloane Menkes: What is the 2%? [Consultant] [Career Notes] | 27 Feb 2022 | 00:08:26 | |
Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career. Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first started to get interested in cybersecurity. She shares what she loves about the consulting role is that the environment is constantly changing, and she offers some advice for women interested in cybersecurity. We thank Sloane for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
| Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday] | 26 Feb 2022 | 00:20:19 | |
Guest Dick O'Brien, Principal Editor at Symantec, joins Dave to discuss their team's research, "Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware." Noberus is new ransomware used in mid-November attack, ConnectWise was likely infection vector.
Symantec, a division of Broadcom Software, tracks this ransomware as Ransom.Noberus and our researchers first spotted it on a victim organization on November 18, 2021, with three variants of Noberus deployed by the attackers over the course of that attack. This would appear to show that this ransomware was active earlier than was previously reported, with MalwareHunterTeam having told BleepingComputer they first saw this ransomware on November 21.
Noberus is an interesting ransomware because it is coded in Rust, and this is the first time we have seen a professional ransomware strain that has been used in real-world attacks coded in this programming language. Noberus appears to carry out the now-typical double extortion ransomware attacks where they first steal information from victim networks before encrypting files. Noberus adds the .sykffle extension to encrypted files.
The research can be found here:
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware
Learn more about your ad choices. Visit megaphone.fm/adchoices | |||
© My Podcast Data