CyberWire Daily
Subscribed: 26,469Played: 1,250,335
Subscribe
© 2023 N2K Networks, Inc.
Description
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
2462 Episodes
Reverse
1Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.”
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles.
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic.
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships.
We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House.
Links to resources:
Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog
National Cybersecurity Strategy 2023
CyberWire Daily podcast host Dave Bittner is joined by CyberWire editor John Petrik for an extended discussion about the Russian invasion of Ukraine and its effect on cybersecurity at the one year anniversary. John and his team have covered the Ukrainian conflict with daily news stories since the invasion began, and in fact, had quite a lot of coverage prior to the invasion. They take stock of where things stand, what has happened, and what we expected versus reality.
Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. They discussed the Navy’s cybersecurity advances and how they have implemented them.
Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020 where they protect, detect, and respond to global cyber threats against Navy networks.
Captain J. Steve Correia is the Commanding Officer of Naval Network Warfare Command and the Commander of Task Force 1010 under the U.S. Navy’s Fleet Cyber Command where they execute tactical-level command and control to direct, operate, maintain and secure Navy communication and network systems.
Cybersecurity interview with ChatGPT.
In part one of CyberWire’s Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community.
ChatGPT is a chatbot launched by OpenAI and built on top of OpenAI’s GPT-3 family of large language models.
Cyber questions answered by ChatGPT in part one of the interview.
What were the most significant cybersecurity incidents up through 2021?
What leads you to characterize these specific events as significant?
What were the specific technical vulnerabilities associated with these incidents?
Who were the cyber actors involved in each of these attacks?
Do you think it's valuable to attribute cyber attacks to specific actors?
At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry.
Listen in as the panel discusses:
What works and doesn’t work in getting a security executive’s attention.
Message trust, message fatigue, and what you can do about it.
Trusted information sources and how security executives use them.
Positioning and messaging that is actually meaningful to decision makers.
The security executive’s purchasing behavior and why skepticism is the driving force.
Stay tuned until the end to hear us answer some additional bonus questions submitted by attendees.
A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a “significant forensic discrepancy” in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/105
Selected reading.
Supply Chain Risk from Gigabyte App Center backdoor (Eclypsium)
Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox)
Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB)
Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop)
Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal)
Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga)
2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (Reddit)
An In-Depth Look at Cuba Ransomware (Avertium)
Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (The Record)
Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters)
Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (The New York Times
SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites see abuse by malicious actors. A look into identity security trends. People may be overconfident in their ability to detect deepfakes. Deepen Desai from Zscaler describes a campaign targeting Facebook users. CW Walker from Spycloud outlines identity exposure in the Fortune 1000. And a blurring of the lines between criminal, hacktivist, and strategic motivations.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/104
Selected reading.
SeroXen RAT for sale (AT&T Cybersecurity)
Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users (The Hacker News)
DogeRAT: The Android Malware Campaign Targeting Users Across Multiple Industries (CloudSek)
Ghost Sites: Stealing Data From Deactivated Salesforce Communities (Varonis)
2023 Trends in Securing Digital Identities (Identity Defined Security Alliance)
Jumio 2023 Online Identity Consumer Study (Jumio)
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals (Trend Micro)
Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware (The Hacker News)
New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from Russia's war, while the EU draws lessons from Ukraine's performance against Russia. Joe Carrigan explains Mandiant research on URL obfuscation. Mr. Security Answer Person John Pescatore plays security whack-a-mole. And NoName disrupts a British airport.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/103
Selected reading.
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices (Unit 42)
US officials believe Chinese hackers may still have access to key US computer networks (CNN)
Chinese state-sponsored hackers infiltrated U.S. naval infrastructure, secretary of the Navy says (CNBC)
US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise (SC Magazine)
Senegalese government websites hit with cyber attack (Reuters)
DOD Transmits 2023 Cyber Strategy (US Department of Defense)
Fact Sheet: 2023 DOD Cyber Strategy (US Department of Defense)
Lessons from the war in Ukraine for the future of EU defence (European Union External Action)
Investigation Launched After London City Airport Website Hacked (Simple Flying)
Maryland high school listed on Zillow for $42K in ‘creative’ senior prank (New York Post)
CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/102
Selected reading.
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory)
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)
China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC)
Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado)
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (Hacker News)
CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA)
China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications of ChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/101
Selected reading.
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory)
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)
Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters)
Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point)
Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (The Record)
Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz)
Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky Security)
Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor)
Buhti: New Ransomware Operation Relies on Repurposed Payloads (Symantec)
Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII (SentinelOne)
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile (Akamai)
Fresh Phish: ChatGPT Impersonation Fuels a Clever Phishing Scam (INKY)
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia Inquirer. CERT-UA identifies a probable Russian cyberespionage campaign. Ireland views cyber assistance to Ukraine as a contribution to collective security. Ann Johnson from Afternoon Cyber Tea speaks with Tyrance Billingsley about Black Tech. Our guest is Oz Alashe from CybSafe on raising VC money amidst a down economy. And KillNet's underperforming hacktivists.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/100
Selected reading.
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit (SentinelOne)
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (The Hacker News)
Meet the GoldenJackal APT group. Don’t expect any howls (Kaspersky)
Follina — a Microsoft Office code execution vulnerability (DoublePulsar)
YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner (FortiGuard Labs)
Arms maker Rheinmetall confirms BlackBasta ransomware attack (Bleeping Computer)
Inquirer and forensics team investigating computer disruptions to publishing (Philadelphia Inquirer)
Cuba ransomware claims cyberattack on Philadelphia Inquirer (Bleeping Computer)
Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549) (CERT-UA)
Ukraine Identifies Central Asian Cyberespionage Campaign (BankInfoSecurity)
Ireland’s cyber security agency has been providing ‘non-lethal aid’ to Ukraine (Irish Times)
AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/99
Selected reading.
Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET)
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET)
BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro)
Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso)
Uncle Sam strangles criminals' cashflow by reining in money mules (The Register)
German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post)
Israel Torpedoed Morocco Spyware Deal - and NSO Competitor QuaDream Shut Down (Haaretz)
He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times)
The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944 uses SIM swapping to gain access to Azure admin accounts. A Turla retrospective. Rick Howard tackles workforce development. Our guest is Andrew Peterson of Fastly to discuss the intricate challenges of secure software development. And the FBI was found overstepping its surveillance authorities.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/98
Selected reading.
Meta Fined $1.3 Billion Over Data Transfers to U.S. (Wall Street Journal)
Meta fined record $1.3 billion and ordered to stop sending European user data to US (AP News)
Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks (The Hacker News)
Researchers tie FIN7 cybercrime family to Clop ransomware (The Record)
Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware (Security Affairs)
PyPI new user and new project registrations temporarily suspended. (Python)
PyPI repository restored after temporarily suspending new activity (Computing)
RATs found hiding in the NPM attic (ReversingLabs)
Legitimate looking npm packages found hosting TurkoRat infostealer (CSO Online)
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack (Mandiant)
Mozilla Explains: SIM swapping (Mozilla)
The Underground History of Russia’s Most Ingenious Hacker Group (WIRED)
Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service (US Department of Justice)
Hunting Russian Intelligence “Snake” Malware (CISA)
FBI misused intelligence database in 278,000 searches, court says (Reuters)
FBI misused controversial surveillance tool to investigate Jan. 6 protesters (The Record)
FBI broke rules in scouring foreign intelligence on Jan. 6 riot, racial justice protests, court says (AP News)
Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking at the marvel that is modern video encoding standards such as H.264 for vulnerabilities and ultimately hidden security risks.
The research states "We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files." Using H26FORCE, they were able to uncover insecurities in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS and video accelerator and application processor kernel memory bugs in Android devices.
The research can be found here:
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
Section 230 survives SCOTUS. Lemon Group's pre-infected devices. The IRS is sending cyber attachés to four countries in a new pilot program. A Wisconsin man is charged with stealing DraftKings credentials. Russian hacktivists conduct DDoS attacks against Polish news outlets. An update on RedStinger. Grayson Milbourne from OpenText Cybersecurity discusses IoT and the price we pay for convenience. Our guest is Matthew Keeley with info on an open source domain spoofing tool, Spoofy. And war principles and hacktivist auxiliaries.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/97
Selected reading.
“Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives (Just Security)
A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks (Wired)
CloudWizard APT: the bad magic story goes on (SecureList)
Ukraine at D+441: Skirmishing along the line of contact, and in cyberspace. (The CyberWire)
Russian dissident gets three years in prison colony for DDoS attacks on military website (Cybernews)
Europe: The DDoS battlefield (Help Net Security)
Russian hackers hit Polish news sites in DDoS attack (Cybernews)
18-year-old charged with hacking 60,000 DraftKings betting accounts (Bleeping Computer)
Garrison Complaint (Department of Justice)
IRS-CI deploys 4 cyber attachés to locations abroad to combat cybercrime (IRS)
IRS deploys cyber attachés to fight cybercrime abroad (The Hill)
Cybercrime gang pre-infects millions of Android devices with malware (Bleeping Computer)
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide (The Hacker News)
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices (Trend Micro)
Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against Ukraine. Executive digital protection. Deepen Desai of Zscaler explains security risks in OneNote. Our guest is Ajay Bhatia of Veritas Technologies with advice for onboarding new employees. And news organizations as attractive targets.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/96
Selected reading.
Leveraging Dropbox to Soar Into Inbox (Avanan)
MalasLocker ransomware targets Zimbra servers, demands charity donation (Bleeping Computer)
Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprises (Business Wire)
APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution (PR Newswire)
Evolving Cyber Operations and Capabilities (CSIS)
Following the long-running Russian aggression against Ukraine. (The CyberWire)
Executive Digital Protection whitepaper (Agency)
The Philadelphia Inquirer’s operations continue to be disrupted by a cyber incident (The Philadelphia Inquirer)
Cyberattack at the Philadelphia Inquirer. (The CyberWire)
Cyber agencies warn of BianLian ransomware. There’s a new gang using leaked Baduk-based ransomware. Chinese government-linked threat actors target TP-link routers with custom malware. ChatGPT-themed fleeceware is showing up in online stores. Ukraine is now a member of NATO's Cyber Centre. Tim Starks from the Washington Post shares insights on section 702 renewal. Our guest is Ismael Valenzuela from BlackBerry sharing the findings from their Global Threat Intelligence Report. And the CIA's offer to Russian officials may have had some takers.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/95
Selected reading.
#StopRansomware: BianLian Ransomware Group (Cybersecurity and Infrastructure Security Agency CISA)
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code (Cisco Talos Blog)
The Dragon Who Sold His Camaro: Analyzing Custom Router Implant (Check Point Research)
Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Sophos Reports (GlobeNewswire News Room)
Ukraine joins NATO Cyber Centre (Computing)
Russian Officials Unnerved by Ukraine Bloodshed Are Contacting CIA, Agency Says (Wall Street Journal)
Download from Google Play
Download from App Store
United States
I've been hard at it all night trying to trace how this happened but I fear I'm only gonna make the problem worse due to my inexperienced
any chance yell could help me
I sure hope he had a great time contributing to innocent Palestinian deaths!
.k. ti. lm j . . . m.p nm w m .. p ..n n. k .u nm o
Re: Ransom DDoS episode... not only did that dude mispronounce technology names (indicating lack of technical knowledge), he used the phrase “or their [law enforcement counterparts] in other civilized countries”. In saying this, he effectively implies that hackers who write in broken English are savages from uncivilized countries. The implicit racial connotations in making a statement like that are seriously offensive (equating being ‘civilized’ with speaking English well). Really surprising and disappointing.
✌Deb.
Great Podcast, Thank you for sharing Deb.✌
Excellent Podcast and I'm shocked at this time and point we should have this covered by now.So enjoyed Deb.
Awesome, Podcast Thanks so much for sharing Deb👍🏼✌
Larry , Dave I really appreciate all the work and information it's about time that they finally get something done about this.Really enjoyed Deb👌✌
Bollocks means balls as in testicles. It is a slang term for as you say someone talking nonsense / hogwash Just came across the podcast good stuff 👍👍
12:07: make sure you are updated to chrome 77
Ahahaa! Verry well tought off!
it made my morning! 😊
I have been bingeing this podcast and recommending this to everyone. especially the non tech folks since they are more target prone.
I couldn't help notice how pro-israel the host is over the last few shows
good
;D <3
Awesome episode. Ryan Olson spoke so well. Made things simple to understand even for someone who is new to "cryptojacking"
Awesome book list! I'm set for the summer.