Rick explains the network defender evolution from defense-in-depth in the 1990s, to intrusion kill chains in 2010, to too many security tools and SOAR in 2015, and finally to devsecops somewhere in our future.
SOAR – a first principle idea.
↧
↧
Andy Greenberg on the Sandworm Indictments.
This interview from November 6th, 2020 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Andy Greenberg on the Sandworm Indictments.
↧
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.
The research can be found here:
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
↧
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Vice President of Global Systems Engineering Ellen Sundra shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in it. Ellen recommends keeping your eyes open for how your skill set fits into cybersecurity. Find your perspective and really embrace it! We thank Ellen for sharing her story with us.
↧
Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.
Updates on the spreading consequences of Solorigate, including Microsoft’s disclosure that threat actors gained access to source code repositories. A hard-coded backdoor is found in Zyxel firewalls and VPNs. Kawasaki Heavy Industries says parties unknown accessed sensitive corporate information. Slack has been having troubles today. Andrea Little Limbago from Interos on democracies aligning against global techno-dictators. Our guest is Drew Daniels from Druva with a look at the true value of data. And a British court declines to extradite WikiLeaks’ Julian Assange to the United States.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/1
↧
↧
It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.
More assessments of the Solorigate affair, with an excursus on Pearl Harbor. Shareholders open a class action suit against SolarWinds, but no signs of an enforcement action for speculated insider trading. Emissary Panda seems to be working an APT side hustle. Kevin Magee has insights from the Microsoft Digital Defense Report. Our guest is Jason Passwaters from Intel 471 with a look at the growing range of ransomware as a service offerings. And to-ing and fro-ing on Chinese telecoms at the New York Stock Exchange.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/2
↧
Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.
The US Cyber Unified Coordination Group says the Solorigate APT is “likely Russian in origin.” Threat actors are scanning for systems potentially vulnerable to exploitation through a Zyxel backdoor. ElectroRAT targets crypto wallets. Babuk Locker is called the first new ransomware strain of 2021. The New York Stock Exchange re-reconsiders delisting three Chinese telcos. Joe Carrigan from Johns Hopkins joins us with the latest clever exploits from Ben Gurion University. Our guest is Jens Bothe from OTRS Group the importance of the US establishing standardized data privacy regulations. And Julain Assange is denied bail.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/3
↧
CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.
CISA updates its guidance on Solorigate, and issues an alert that the threat actor may have used attack vectors other than the much-discussed SolarWinds backdoor. Some reports suggest that a widely used development tool produced by a Czech firm may have been compromised. The cyberespionage campaign is now known to have extended to the Department of Justice and the US Federal Courts. Robert M. Lee shares lessons learned from a recent power grid incident in Mumbai. Our guest is Yassir Abousselham from Splunk on how attackers find new ways to exploit emerging technologies. Cyber implications of the Capitol Hill riot.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/4
↧
The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.
Solorigate and its effect on sensitive corporate information. The DC riots show the cybersecurity consequences of brute physical access to systems. A North Korean APT resurfaces with the RokRat Trojan. Ransomware remains very lucrative, and why? Because people continue to pay up. Thomas Etheridge from CrowdStrike on The Role of Outside Counsel in the IR Process.Our guest is Larry Lunetta from Aruba HPE on how enterprises can bolster security in the era of hybrid work environments. And a criminal hacker gets twelve years in US Federal prison.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/8
↧
↧
Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]
Deep Instinct's Shimon Oren joins us to talk about his team's research on "Why Emotet's latest wave is harder to catch than ever before - Part 2." Emotet appears to have reemerged more evasive than before, this time with a payload delivered from a loader that security tools aren’t equipped to handle.
Emotet, the largest malware botnet today, started in 2014 and continues to be one of the most challenging threats in today’s landscape. This botnet causes huge damage by spreading ransomware and info stealers to its infected systems. Recently, a rise in the number of Emotet infections was observed in France, Japan, and New Zealand. The high number of infections shows the effectiveness of the Emotet malware at staying undetected.
Shimon joins us to discuss how Deep Instinct investigated the payload that was encrypted inside the loader, analyzes the next steps in the infection process, and discovers the techniques used to make this malware difficult to analyze.
The original blog post and updated post on the research can be found here:
↧
Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us.
↧
More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.
Similarities are found between Sunburst backdoor code and malware used by Turla. CISA expands advice on dealing with Solorigate. Courts revert to paper...and USB drives. More members of the US Congress report devices stolen during last week’s riot. Online inspiration for violence seems distributed, not centralized. Caleb Barlow examines protocols for handling inbound intel. Rick Howard looks at Solorigate through the lens of first principles. And platforms as publishers?
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/6
↧
Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
A cyberespionage campaign, so far not attributed to any threat actor, continues to prospect government and industry targets in Colombia. A new bit of malware is found in the SolarWinds backdoor compromise. Mimecast certificates are compromised in another apparent software supply chain incident. Ubiquiti tells users to reset their passwords. A brief Capitol Hill riot update. Bidefender releases a free DarkSide ransomware decryptor. Ben Yelin revisits racial bias in facial recognition software. Our guest is Jessi Marcoff from Privitar on trend toward Chief People Officers. And Europol announces the takedown of the DarkMarket.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/7
↧
↧
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor. Notes on Patch Tuesday. Joe Carrigan has thoughts on a WhatsApp ultimatum. Our guest is Andrew Cheung of 01 Communique with an update on quantum computing. And farewell to an infosec good guy.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/8
↧
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
There are other things going on besides Solorigate and deplatforming. There’s news about the SideWinder threat actor and its interest in South Asian cyberespionage targets. Google’s Project Zero describes a complex and expensive criminal effort. CISA discusses threats to cloud users, and offers some security recommendations. A scam-as-a-service affiliate network spreads from Russia to Europe and North America. Awais Rashid looks at shadow security. Our own Rick Howard speaks with Christopher Ahlberg from Recorded Future on Cyber Threat Intelligence. And SolarLeaks looks more like misdirection, Guccifer 2.0-style.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/9
↧
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with greed. Ring patches a bug that could have exposed users’ geolocation (and their reports of crime). Advice on cyber best practices from CISA and NSA. Robert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence. And an ethics officer is accused of cyberstalking.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/10
↧
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations.
Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations.
Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides crucial materials, products, and medicine and is classified as critical infrastructure. Due to the interconnected nature of facilities and operations, an attack on a manufacturing entity can have ripple effects across the supply chain that relies on timely and precise production to support product fulfillment, health and safety, and national security objectives.
Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve.
The research can be found here:
↧
↧
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us.
↧
Encore: You will pay for that one way or another. [Caveat]
Dave's got the story of a landlord who may run afoul of the Computer Fraud and Abuse Act, Ben wonders if the big tech CEOs could be held liable for contact tracking apps, and later in the show my conversation with Joseph Cox. He is a Senior Staff Writer at Motherboard and will be discussing his recent article How Big Companies Spy on Your Emails.
While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.
Links to stories:
- Apple and Google CEOs should be held responsible for protecting coronavirus tracking data, says GOP Sen. Hawley
- The twitter thread from Dave's story
Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com or simply leave us a message at (410) 618-3720. Hope to hear from you.
↧
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
The European Medicines Agency says stolen emails about vaccine development were altered before being dumped online. Another backdoor is found associated with the SolarWinds supply chain campaign. DNS cache poisoning vulnerabilities are described. FBI renews warnings about vishing. Iran’s “Enemies of the People” disinformation campaign. Vishing is up. Rick Howard previews his hashtable discussion on Solarigate. Verizon’s Chris Novak looks at cyber espionage. And the FBI makes an arrest in connection with a laptop taken during the Capitol Hill riot.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/11
↧
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.
Another security company discloses a brush with the threat actor behind Solorigate. Advice on hardening Microsoft 365 against that same threat actor. Chimera turns out to be interested in airlines as well as semiconductor manufacturing intellectual property. Former President Trump’s last Executive Order addresses foreign exploitation of Infrastructure-as-a-Service products. Joe Carrigan looks at a hardware key vulnerability. Our guest is Chris Eng from Veracode with insights from their State of Software Security report. And investigation of that laptop stolen from the Capitol continues.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/12
↧
↧
Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
Microsoft researchers detail the lengths to which the Solorigate threat actor went to stay undetected and establish persistence. LuckyBoy malvertising is described. Business email compromise as a reconnaissance technique? More reminders about the risks that accompany remote work. Ben Yelin looks at cyber policy issues facing the Biden administration. Rick Howard speaks with Frank Duff from Mitre on their ATT&CK Evaluation Program. And good riddance to the Joker’s Stash (we hope).
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/13
↧
Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
Twice, it’s maybe an indicator. Once, it’s nuthin’ at all...to the machines. The Reserve Bank of New Zealand works to clean up its data sources. Wormy student laptops. Daily Food Diary is a glutton for your data. Ransom DDoS. Caleb Barlow examines how we handle disinformation in our runbooks and response plans. Our guest Ron Gula from Gula Tech Adventures shares his thoughts on proper public cyber response to the SolarWinds attack. And should we worry about that White House Peloton?
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/14
↧
Trickbot may be down, but can we count it out? [Research Saturday]
Guest Mark Arena from Intel471 joins us to discuss his team's research into Trickbot and its evolution from a banking trojan to a long-standing, most likely well-resourced operation that was taken down last year. Mark shares some insight into Trickbot's order of operations and what went on behind the scenes that his team working with Brian Krebs were able to discover.
Since the separate and independent actions taken against Trickbot, Intel471 has observed successful disruption of its command and control infrastructure. However, the actors linked to Trickbot have not ceased their criminal activities. These actors have continued engaging in ransomware activity, using BazarLoader instead of Trickbot. Intel471 is unable to assess the long-term impact of the Trickbot disruption activity or whether Trickbot will continue to be used by cybercrime groups. This analysis covers the period from Sept. 22, 2020 until Nov. 6, 2020.
The research can be found here:
↧
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us.
↧
↧
The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.
Russia’s FSB warns businesses to be on the lookout for American cyberattacks after the White House says it’s reserving its right to respond to the Solorigate cyberespionage campaign. SonicWall investigates an apparent compromise of its systems. Senator asks the US DNI for an explanation of DIA purchases of geolocation data from commercial vendors. OPC issues described. Andrea Little Limbago from Interos on the tech "naughty list" of restricted or sanctioned companies. Rick Howard previews his first principles analysis of Microsoft Azure. And a happy birthday to the word “robot,” now one-hundred years young.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/15
↧
Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?
Google reports North Korean social engineering of vulnerability researchers. Anonymous resurfaces, maybe, and tells Malaysia’s government it’s not happy with them. Notes on false credentialism and workforce development from the National Governors Association cyber summit. Kevin Magee from Microsoft Canada on the launch of the Rogers Cybersecurity Catalyst at Ryerson University to support Canadian Cybersecurity Startups. Our guest is James Stanger from CompTIA on their ultimate DDoS guide. And does America need a Cyber Force? Some think so.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/16
↧
Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.
Europol leads an international, public-private, takedown of Emotet. Four security companies describe their brushes with the compromised SolarWinds Orion supply chain. Solorigate is one of the issues US President Biden raised in his first phone call with Russian President Putin. New vulnerabilities and threats described. Our guest Michael Hamilton of CI Security questions how realistic CISA's latest guidance on agency forensics may be. Joe Carrigan looks at bad guys taking advantage of Google Forms. And the Internet is back in business on the US East Coast.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/17
↧
Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.
Updates from CISA on Supernova. US Cyber Command recommends patching Sudo quickly. US and Bulgarian authorities take down the NetWalker ransomware-as-a-service operation. Influencers drive a big short-squeeze in the stock market. Thomas Etheridge from CrowdStrike on Recovering from a ransomware event. Our guest Zack Schuler from Ninjio examines the security challenges of Work From Anywhere. And another influencer is charged with conspiracy to deprive people of their right to vote.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/18
↧
↧
Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.
Lebanon Cedar is quietly back, and running a cyberespionage campaign through vulnerable servers. Social engineering of vulnerability researchers is now attributed to the Lazarus Group. That “SolarWinds” incident is a lot bigger than SolarWinds. Notes on social media and the short squeeze. Verizon’s Chris Novak looks at the changing landscape of ransomware payments. Our guest Professor Brian Gant from Maryville University examines cybersecurity threats of the new U.S. administration. And the GAO thinks the US State Department should use “data and evidence.”
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/19
↧
The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]
Guest Yonatan Striem-Amit joins us from Cybereason to share their Nocturnus Team research into Kimsuky. The Cybereason Nocturnus Team has been tracking various North Korean threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe.
The research can be found here:
↧
Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]
For 20 years, the cybersecurity practitioner’s goto move when confronted with a new risk or compliance requirement has been to install a technical tool somewhere in the security stack to cover it. Over time, the number of tools that the infosec team has to manage has slowly grown. With the advent of bring-your-own device to the workplace, CIOs choosing SaaS applications to do work that has been traditionally handled in the data center, and organizations rushing to deploy their services into hybrid cloud environments, the number of individual data islands where company material information is routinely stored and must be covered by the security stack has increased. The complexity of this situation is immense. Two strategies have emerged to address this problem. The first is to continue down the path of installing more technical tools in each data island to cover the risk and having the infosec team manually process the telemetry of all the security devices with bigger teams and helper-automation-tools like SOAR platforms and SIEM databases. The second strategy is to choose a security vendor's platform that performs most of the security tasks on all the data islands but now makes the organization reliant on a single point of failure.
Joining Rick Howard from the CyberWire's Hash Table's group of experts to consider the matter are Mike Higgins from Haven Health and Greg Notch from the National Hockey League, and later in the show, Rick speaks with Lior Div of Cybereason, who gives their point of view on this debate.
↧
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us.
↧
↧
Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.
Untangling Solorigate, and distinguishing primary targets from collateral damage (or maybe side benefits, or maybe battlespace preparation). Congress asks NSA for background on an earlier supply chain incident. The Cyberspace Solarium Commission offers the new US Administration some transition advice. Rick Howard hears from the hash table on Microsoft Azure. Andrea Little Limbago from Interos on the intersection of COVID and cyber vulnerabilities. And the week gets off to a rough start for smart Britons.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/20
↧
Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.
Myanmar’s junta jams the Internet. Operation NightScout looks like a highly targeted cyberespionage campaign delivered through a compromised supply chain. SonicWall zero day is being actively exploited in the wild. StrangeU and RandomU are filling a niche in the criminal-to-criminal market. Ben Yelin ponders whether the Solarwinds attack can be considered an act of war. Our guest Jamie Brown from Tenable on the National Cyber Director position and what it means for the Biden administration. Another data breach is associated with Accellion FTA. And it’s Groundhog Day, campers.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/21
↧
China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.
It appears Chinese intelligence services have been exploiting a vulnerability in SolarWinds to steal data from a US Government payroll system. The presumed Russian intrusion into SolarWinds may have been going on for nine months or more. Three new SolarWinds vulnerabilities are disclosed and patched. Amnesty accuses South Sudan of abusing intercept tools. BEC compromise is involved in gift card scams. Joe Carrigan has thoughts on opt-in privacy policies. Our guest is Dale Ludwig from CHERRY on USB attacks and hardware security. And carders steal from other carders.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/22
↧
Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.
Hildegard malware is targeting Kubernetes clusters. Remote access flaws found in consumer security devices. A brief update on the spreading software supply chain incidents. Project Zero sees incomplete patches at the root of most successful zero-day attacks. Recruiting a privateer’s crew. The current mood among ransomware victims. We’ll search for the truth about 5G with Rob Lee and Rick Howard. And who’s behind zoom-bombing remote learning? A hint: the kids aren’t alright.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/23
↧
↧
Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.
Lazarus Group seems to have had an IE zero day. Brazilian power utility discloses a ransomware attack on business systems. TrickBot’s back. Automated attacks are going after web applications. Two security firms report breaches. Patching notes. A look at life in the cleared community. Caleb Barlow from CynergisTek with protocols and best practices for handling inbound intel. And Washington and Moscow hold the usual frank discussions--the Americans, at least, talked about cybersecurity.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/24
↧
"Follow the money" the cybersecurity way. [Research Saturday]
Guest Joe Slowik joins us from Domain Tools to share their research "Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity" where they examined technical artifacts emerging around the 2020 conflict between Armenia and Azerbaijan in the Caucasus region.
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Based on precedent, analysts can identify developments in adversary operations and technical capabilities by tracking identifiers related to major events and conflict zones. Identifying capabilities deployed to take advantage of such items can yield insights into fundamental attacker tradecraft and behaviors, and enable defense and response for incidents which may strike far closer to home at a later date.
The research can be found here:
↧
In the clear: what it's like working as a woman in the cleared community. [Special Edition]
This special edition podcast highlights three women, Priyanka, Ashley and Lauren, who chose to focus their careers in cybersecurity for the mission-based organization Northrop Grumman. Kathleen Smith from ClearedJobs.Net joins us as our panel moderator. The CyberWire's Jennifer Eiben hosts the event. We are excited to share this look into the world of women in cybersecurity.
↧
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us.
↧
↧
A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?
Myanmar blocks data networks. Notes on offensive cyber operations, from present and former Five Eyes officials. SilentFade seems to be back, with more ad fraud. Iranian cyber operators up their surveillance game. Brazil’s big data breach remains under investigation. Company towns may make a return in Nevada. Rick Howard casts his gaze on the AWS cloud. We welcome Dinah Davis from Arctic Wolf as our newest industry partner. And why in the world are hackers interested in other people’s colonoscopies?
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/25
↧
Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.
Florida water treatment plant sustains cyberattack: the hack was successful, the sabotage wasn’t. A new malware strain is associated with Chinese intelligence services. Ben Yelin tracks a surveillance plane who’s funding has fallen. Our guest is Col. Stephen Hamilton from Army Cyber Institute at West Point. And Huawei’s CEO says, sure, he’d take a call from President Biden.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/26
↧
Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
What’s North Korea doing with all that money the Lazarus Group steals? Buying atom bombs, apparently. Iran’s Domestic Kitten is scratching at some international surveillance targets. Not everyone who says they’re a Bear really is one. Parking malware in Discord. Notes on Patch Tuesday. Joe Carrigan details a gift card scam that hit a little close to home. Our guest is Saket Modi, CEO of Safe Security with thoughts on quantifying risk. And the latest on the water system cyber sabotage down in Florida.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/27
↧
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
Spyware in the Subcontinent. Some crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The US now has a point person for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason University. Our guest is Chris Cochran from Hacker Valley Studio with a preview of their Black Excellence in Cyber podcast.And there’s no attribution yet in the Oldsmar, Florida, water system cybersabotage, but it’s increasingly clear that the utility wasn’t a hard target.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/28
↧
↧
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.
Bloomberg revives its reporting on hardware backdoors on chipsets. Has someone bought the source code for the Witcher and Cyberpunk? CISA issues ICS alerts. The FBI and CISA offer advice about water system cybersabotage as state and local utilities seek to learn from the Oldsmar attack. Verizon’s Chris Novak ponders if you should get your Cybersecurity DIY, managed, or co-managed? Our guest is David Barzilai from Karamba Security on the growing importance of IoT security. And, looking for love on Valentine’s Day? Look carefully...and don’t give that intriguing online stranger money, We know, we know, they seem nice, but still...
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/29
↧
Using the human body as a wire-like communication channel. [Research Saturday]
Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. Instead of inserting a card or scanning a smartphone to make a payment, what if you could simply touch the machine with your finger? A prototype developed by Purdue University engineers would essentially let your body act as the link between your card or smartphone and the reader or scanner, making it possible for you to transmit information just by touching a surface.
The research can be found here:
↧
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in. And, we thank Jessica for sharing her story with us.
↧
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [Special Edition Update]
In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space.
February 2021 Update: we revisit the topic with guest Hank Thomas to hear the latest on SPACs.
↧
↧
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space.
February 2021 Update: we revisit the topic with guest Hank Thomas to hear the latest on SPACs.
↧
More Pages to Explore .....
