CyberWire Daily (N2K Networks)

Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber and cryptologists worldwide for the nation. Diane encourages those who love to learn to join the multidisciplinary cybersecurity field. Our thanks to Diane for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates on the spreading consequences of Solorigate, including Microsoft’s disclosure that threat actors gained access to source code repositories. A hard-coded backdoor is found in Zyxel firewalls and VPNs. Kawasaki Heavy Industries says parties unknown accessed sensitive corporate information. Slack has been having troubles today. Andrea Little Limbago from Interos on democracies aligning against global techno-dictators. Our guest is Drew Daniels from Druva with a look at the true value of data. And a British court declines to extradite WikiLeaks’ Julian Assange to the United States. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/1 Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on CDK Global. CISA Alerts Over 100,000 Individuals of Potential Data Breach in Chemical Security Tool Hack. SquidLoader targets Chinese organizations through phishing. A new nonprofit aims to establish certification standards in maritime cybersecurity. A sneak peek of our latest podcast, Only Malware in the Building. Using the court system for customer support. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Selena Larson, joined by Dave Bittner and Rick Howard, hosts the new podcast "Only Malware in the Building." This monthly collaboration between N2K CyberWire and Proofpoint delves into the most impactful and intriguing malware stories. Selena makes complex cybersecurity info fun and digestible, offering tech professionals clear, actionable insights.  Selected Reading Biden bans US sales of Kaspersky software over Russia ties (Reuters) Exclusive: Accenture says data leak claims false, only 3 affected (Cyber Daily) Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find (CyberScoop) Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) (Help Net Security) CDK warns: threat actors are calling customers, posing as support (bleepingcomputer) Personal and Chemical Facility Information Potentially Accessed in CISA Hack (SecurityWeek) New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document (gbhackers) New body IMCSO to elevate standards and streamline provisioning of cybersecurity services in Maritime (itsecurityguru) US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region (Industrial Cyber) How small claims court became Meta's customer service hotline (engadget). The curious case of the missing IcedID (Only Malware in the Building) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ian Ahl from Permiso's PØ Labs joins Dave to discuss their research on "Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor." First observing the group in 2021, they discovered GUI-vil is a financially motivated threat group primarily focused on unauthorized cryptocurrency mining activities. The research states "the group has been observed exploiting Amazon Web Services (AWS) EC2 instances to facilitate their illicit crypto mining operations." This group is dangerous because unlike many groups focused on crypto mining, GUI-Vil apply a personal touch when establishing a foothold in an environment. The research can be found here: Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor Learn more about your ad choices. Visit megaphone.fm/adchoices

Similarities are found between Sunburst backdoor code and malware used by Turla. CISA expands advice on dealing with Solorigate. Courts revert to paper...and USB drives. More members of the US Congress report devices stolen during last week’s riot. Online inspiration for violence seems distributed, not centralized. Caleb Barlow examines protocols for handling inbound intel. Rick Howard looks at Solorigate through the lens of first principles. And platforms as publishers? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/6 Learn more about your ad choices. Visit megaphone.fm/adchoices

Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate about getting more diversity, equity and inclusion into industry. We thank MK for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russia’s FSB warns businesses to be on the lookout for American cyberattacks after the White House says it’s reserving its right to respond to the Solorigate cyberespionage campaign. SonicWall investigates an apparent compromise of its systems. Senator asks the US DNI for an explanation of DIA purchases of geolocation data from commercial vendors. OPC issues described. Andrea Little Limbago from Interos on the tech "naughty list" of restricted or sanctioned companies. Rick Howard previews his first principles analysis of Microsoft Azure. And a happy birthday to the word “robot,” now one-hundred years young. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/15 Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit claims to have hit the Federal Reserve. CDK Global negotiates with BlackSuit to unlock car dealerships across the U.S. Treasury proposes a rule to restrict tech investments in China. An LA school district confirms a Snowflake related data breach. Rafel RAT hits outdated Android devices. The UK’s largest plutonium stockpiler pleads guilty to criminal charges of inadequate cybersecurity. Clearview AI settles privacy violations in a deal that could exceed fifty million dollars. North Korean hackers target aerospace and defense firms. Rick Howard previews CSOP Live. Our guest is Christie Terrill, CISO at Bishop Fox, discussing how organizations can best leverage offensive security tactics. Bug hunting gets a little too real. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Christie Terrill, CISO at Bishop Fox, joins to discuss how organizations can leverage offensive security tactics not just as strategies to prevent cyber incidents, but as a critical component of a cyberattack recovery process.  Rick Howard sits down with Dave to share a preview of what’s to come at our upcoming CSOP Live event this Thursday, going beyond the headlines with our panel of Hash Table experts for an insightful discussion on emerging industry trends, recent threats and events, and the evolving role of executives in our field.   Selected Reading LockBit claims the hack of the US Federal Reserve (securityaffairs) Why are threat actors faking data breaches? (Help Net Security) CDK Global outage caused by BlackSuit ransomware attack (bleepingcomputer) US proposes rules to stop Americans from investing in Chinese technology with military uses (AP News) Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer) Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer) Sellafield Pleads Guilty to Historic Cybersecurity Offenses (Infosecurity Magazine) Sellafield nuclear waste site pleads guilty to IT security breaches (Financial Times) Facial Recognition Startup Clearview AI Settles Privacy Suit (SecurityWeek) New North Korean Hackers Attack Aerospace and Defense Companies (cybersecuritynews) Spatial Computing Hack (Ryan Pickren) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google reports North Korean social engineering of vulnerability researchers. Anonymous resurfaces, maybe, and tells Malaysia’s government it’s not happy with them. Notes on false credentialism and workforce development from the National Governors Association cyber summit. Kevin Magee from Microsoft Canada on the launch of the Rogers Cybersecurity Catalyst at Ryerson University to support Canadian Cybersecurity Startups. Our guest is James Stanger from CompTIA on their ultimate DDoS guide. And does America need a Cyber Force? Some think so. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/16 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that they're hoping in Australia that backup tapes made it to the shredder, and didn't fall off the truck. Equifax's board of directors gets reelected. Are China's espionage services preparing the battlespace for a supply chain attack. New Spectre-like vulnerabilities are found in Intel chips. Google and Amazon clamp down on domain fronting, and anti-censorship advocates are unhappy. Here Kitty…we have Monero for you. And a change of command at NSA and US Cyber Command. Johannes Ullrich from SANS and the Internet Stormcast podcast, reviewing the history of hardware flaws. Guest is Philip Tully from ZeroFox with a recap of a talk he gave at RSA on AI.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The European Medicines Agency says stolen emails about vaccine development were altered before being dumped online. Another backdoor is found associated with the SolarWinds supply chain campaign. DNS cache poisoning vulnerabilities are described. FBI renews warnings about vishing. Iran’s “Enemies of the People” disinformation campaign. Vishing is up. Rick Howard previews his hashtable discussion on Solarigate. Verizon’s Chris Novak looks at cyber espionage. And the FBI makes an arrest in connection with a laptop taken during the Capitol Hill riot. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/11 Learn more about your ad choices. Visit megaphone.fm/adchoices

Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. "Government OS." Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberespionage campaign, so far not attributed to any threat actor, continues to prospect government and industry targets in Colombia. A new bit of malware is found in the SolarWinds backdoor compromise. Mimecast certificates are compromised in another apparent software supply chain incident. Ubiquiti tells users to reset their passwords. A brief Capitol Hill riot update. Bidefender releases a free DarkSide ransomware decryptor. Ben Yelin revisits racial bias in facial recognition software. Our guest is Jessi Marcoff from Privitar on trend toward Chief People Officers. And Europol announces the takedown of the DarkMarket. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/7 Learn more about your ad choices. Visit megaphone.fm/adchoices

The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters)  Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi’s Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

More assessments of the Solorigate affair, with an excursus on Pearl Harbor. Shareholders open a class action suit against SolarWinds, but no signs of an enforcement action for speculated insider trading. Emissary Panda seems to be working an APT side hustle. Kevin Magee has insights from the Microsoft Digital Defense Report. Our guest is Jason Passwaters from Intel 471 with a look at the growing range of ransomware as a service offerings. And to-ing and fro-ing on Chinese telecoms at the New York Stock Exchange. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/2 Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Cyber Unified Coordination Group says the Solorigate APT is “likely Russian in origin.” Threat actors are scanning for systems potentially vulnerable to exploitation through a Zyxel backdoor. ElectroRAT targets crypto wallets. Babuk Locker is called the first new ransomware strain of 2021. The New York Stock Exchange re-reconsiders delisting three Chinese telcos. Joe Carrigan from Johns Hopkins joins us with the latest clever exploits from Ben Gurion University. Our guest is Jens Bothe from OTRS Group the importance of the US establishing standardized data privacy regulations. And Julain Assange is denied bail. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/3 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Facebook has kicked some Russian trolls out from under its bridge. Why? Because they're Russian trolls, that's why. Facebook CEO Zuckerberg will testify about data security before a House panel next Wednesday. Privacy for the Old World, but maybe not as much for the new. The YouTube shooting may have been motivated by anger over the platform's policies. European air traffic control problems were a glitch, not a hack. Pipeline operators recovering from IT hack. Homeland Security tells the US Senate hostile intelligence services have stingrays in Washington. Panera Bread's response to its potential data exposure. Rick Howard from Palo Alto Networks on whether security platforms are putting all of your eggs in one basket. Guest is Jim Routh, CSO at Aetna, on Model-driven security and the rise of unconventional controls.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under GDPR.  Joining us in this week's Research Saturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach.  The research can be found here:  Virgin Media Disclosure Statement & Resources Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a convincing front company to do their deeds.  Nick Carr and Barry Vengerick are coauthors of the research, along with their colleagues Kimberly Goody and Steve Miller.  The research is titled On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. It can be found here: https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html   Learn more about your ad choices. Visit megaphone.fm/adchoices

Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor. Notes on Patch Tuesday. Joe Carrigan has thoughts on a WhatsApp ultimatum. Our guest is Andrew Cheung of 01 Communique with an update on quantum computing. And farewell to an infosec good guy. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/8 Learn more about your ad choices. Visit megaphone.fm/adchoices

Another security company discloses a brush with the threat actor behind Solorigate. Advice on hardening Microsoft 365 against that same threat actor. Chimera turns out to be interested in airlines as well as semiconductor manufacturing intellectual property. Former President Trump’s last Executive Order addresses foreign exploitation of Infrastructure-as-a-Service products. Joe Carrigan looks at a hardware key vulnerability. Our guest is Chris Eng from Veracode with insights from their State of Software Security report. And investigation of that laptop stolen from the Capitol continues. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/12 Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit drops files that may or may not be from the Federal Reserve. Progress Software patches additional flaws in MOVEit file transfer software. A popular polyfil open source library has been compromised. DHS starts staffing up its AI Corps. Legislation has been introduced to evaluate the manual operations of critical infrastructure during cyber attacks. Researchers discover a new e-skimmer targeting CMS platforms. A breach at Neiman Marchus affects nearly 65,000 people. South African health services grapple with ransomware amidst a monkeypox outbreak.  Medusa is back. On the Learning Layer, Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. The VA works to clear the backlog caused by the ransomware attack onChange Healthcare. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, which includes a simulated Computer Adaptive Test (CAT) final exam. Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. Good luck Joe! Selected Reading Lockbit Leaks Files for Evolve Bank & Trust in Its Alleged ‘Federal Reserve’ Data Dump (Metacurity) Progress Software warns of new vulnerabilities in MOVEit Transfer and MOVEit Gateway (Cyber Daily) Polyfill supply chain attack hits 100K+ sites (Sansec) Exclusive: DHS hires first 10 AI Corps members (Axios) US House bill seeks to assess manual operations of critical infrastructure during cyber attacks (Industrial Cyber) Caesar Cipher Skimmer targets popular CMS used by e-stores (Security Affairs) Neiman Marcus confirms breach. Is the customer data already for sale? (Malwarebytes) South Africa’s national health lab hit with ransomware attack amid mpox outbreak (The Record) New Medusa malware variants target Android users in seven countries (Bleeping Computer) After Crippling Ransomware Attack, VA Is Still Dealing with Fallout, Trying to Pay Providers (Military.com) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we look back at election hacking concerns in the US (most of which didn't happen) and we hear from some people who offer advice for the next administration's first 100 days. Fancy Bear is phishing with Adobe and Microsoft zero-days. Investigation of the Tesco fraud continues. It looks as if the Bangladesh Bank might recover some of its losses in the SWIFT heist. There's an OPM-themed phishing campaign afoot. Server database issues point up the importance of digital hygiene. More Yahoo troubles. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains new FCC privacy rules. Chuck Ames, Director of Cybersecurity for Maryland, describes new regulations for companies looking to do business with the government. Advice for the next US President. And, Marines, happy birthday and semper fi. Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol leads an international, public-private, takedown of Emotet. Four security companies describe their brushes with the compromised SolarWinds Orion supply chain. Solorigate is one of the issues US President Biden raised in his first phone call with Russian President Putin. New vulnerabilities and threats described. Our guest Michael Hamilton of CI Security questions how realistic CISA's latest guidance on agency forensics may be. Joe Carrigan looks at bad guys taking advantage of Google Forms. And the Internet is back in business on the US East Coast. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/17 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about the Panama Papers database. We also discuss updates concerning the Bangladesh Bank heist investigation. New ad-fraud malware, Viking Horde, shows up in the Google Play Store. In ransomware news, CryptXXX is no longer so easily decrypted, Bucbi exploits RDP vulnerabilities, and Triumfant shares what they've learned about Locky. We also talk to Accenture's Malek Ben Salem about big data security frameworks. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Yonatan Striem-Amit joins us from Cybereason to share their Nocturnus Team research into Kimsuky. The Cybereason Nocturnus Team has been tracking various North Korean threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe. The research can be found here: Back to the Future: Inside the Kimsuky KGH Spyware Suite Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates from CISA on Supernova. US Cyber Command recommends patching Sudo quickly. US and Bulgarian authorities take down the NetWalker ransomware-as-a-service operation. Influencers drive a big short-squeeze in the stock market. Thomas Etheridge from CrowdStrike on Recovering from a ransomware event. Our guest Zack Schuler from Ninjio examines the security challenges of Work From Anywhere. And another influencer is charged with conspiracy to deprive people of their right to vote. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/18 Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft researchers detail the lengths to which the Solorigate threat actor went to stay undetected and establish persistence. LuckyBoy malvertising is described. Business email compromise as a reconnaissance technique? More reminders about the risks that accompany remote work. Ben Yelin looks at cyber policy issues facing the Biden administration. Rick Howard speaks with Frank Duff from Mitre on their ATT&CK Evaluation Program. And good riddance to the Joker’s Stash (we hope). For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/13 Learn more about your ad choices. Visit megaphone.fm/adchoices

Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key.  CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail.  In our  'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here.  Selected Reading Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York) Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google) ‘Poseidon’ Mac stealer distributed via Google ads (Malwarebytes) Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek) Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online) CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek) Metallica’s X account hacked to promote crypto token (Cointelegraph) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

There are other things going on besides Solorigate and deplatforming. There’s news about the SideWinder threat actor and its interest in South Asian cyberespionage targets. Google’s Project Zero describes a complex and expensive criminal effort. CISA discusses threats to cloud users, and offers some security recommendations. A scam-as-a-service affiliate network spreads from Russia to Europe and North America. Awais Rashid looks at shadow security. Our own Rick Howard speaks with Christopher Ahlberg from Recorded Future on Cyber Threat Intelligence. And SolarLeaks looks more like misdirection, Guccifer 2.0-style. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/9 Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA updates its guidance on Solorigate, and issues an alert that the threat actor may have used attack vectors other than the much-discussed SolarWinds backdoor. Some reports suggest that a widely used development tool produced by a Czech firm may have been compromised. The cyberespionage campaign is now known to have extended to the Department of Justice and the US Federal Courts. Robert M. Lee shares lessons learned from a recent power grid incident in Mumbai. Our guest is Yassir Abousselham from Splunk on how attackers find new ways to exploit emerging technologies. Cyber implications of the Capitol Hill riot. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/4 Learn more about your ad choices. Visit megaphone.fm/adchoices

Solorigate and its effect on sensitive corporate information. The DC riots show the cybersecurity consequences of brute physical access to systems. A North Korean APT resurfaces with the RokRat Trojan. Ransomware remains very lucrative, and why? Because people continue to pay up. Thomas Etheridge from CrowdStrike on The Role of Outside Counsel in the IR Process.Our guest is Larry Lunetta from Aruba HPE on how enterprises can bolster security in the era of hybrid work environments. And a criminal hacker gets twelve years in US Federal prison. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/8 Learn more about your ad choices. Visit megaphone.fm/adchoices

TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don’t forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K’s Rick Howard at AWS re:Inforce event. They're discussing  cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Caitlyn Shim, Director of AWS Cloud Governance, joined N2K’s Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field  here.  Selected Reading TeamViewer investigating intrusion of corporate IT environment (The Record) Microsoft reveals further emails compromised by Russian hack (Engadget) Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek) Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24) Google to block sites using Entrust certificates in bombshell move (The Stack)  US House Subcommittee examines critical infrastructure vulnerabilities, role of cyber insurance in resilience efforts (Industrial Cyber)  FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe (The National Law Journal) This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security (ITPro) Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator (Bleeping Computer)  ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services (Cybersecurity News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services’ hold over Huawei. Marcus Hutchins, also known as MalwareTech, and famous as the sometime hero of the WannaCry kill-switch, has taken a guilty plea to charges connected with the distribution of Kronos banking malware. Joe Carrigan from JHU ISI on password research from WP Engine. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with greed. Ring patches a bug that could have exposed users’ geolocation (and their reports of crime). Advice on cyber best practices from CISA and NSA. Robert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence. And an ethics officer is accused of cyberstalking. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/10 Learn more about your ad choices. Visit megaphone.fm/adchoices

Twice, it’s maybe an indicator. Once, it’s nuthin’ at all...to the machines. The Reserve Bank of New Zealand works to clean up its data sources. Wormy student laptops. Daily Food Diary is a glutton for your data. Ransom DDoS. Caleb Barlow examines how we handle disinformation in our runbooks and response plans. Our guest Ron Gula from Gula Tech Adventures shares his thoughts on proper public cyber response to the SolarWinds attack. And should we worry about that White House Peloton? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/14 Learn more about your ad choices. Visit megaphone.fm/adchoices

Lebanon Cedar is quietly back, and running a cyberespionage campaign through vulnerable servers. Social engineering of vulnerability researchers is now attributed to the Lazarus Group. That “SolarWinds” incident is a lot bigger than SolarWinds. Notes on social media and the short squeeze. Verizon’s Chris Novak looks at the changing landscape of ransomware payments. Our guest Professor Brian Gant from Maryville University examines cybersecurity threats of the new U.S. administration. And the GAO thinks the US State Department should use “data and evidence.” For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/19 Learn more about your ad choices. Visit megaphone.fm/adchoices

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lazarus Group seems to have had an IE zero day. Brazilian power utility discloses a ransomware attack on business systems. TrickBot’s back. Automated attacks are going after web applications. Two security firms report breaches. Patching notes. A look at life in the cleared community. Caleb Barlow from CynergisTek with handling disinformation in our runbooks. And Washington and Moscow hold the usual frank discussions--the Americans, at least, talked about cybersecurity. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/24 Learn more about your ad choices. Visit megaphone.fm/adchoices

Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CSO Perspectives preview N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here.  Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register) Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bloomberg revives its reporting on hardware backdoors on chipsets. Has someone bought the source code for the Witcher and Cyberpunk? CISA issues ICS alerts. The FBI and CISA offer advice about water system cybersabotage as state and local utilities seek to learn from the Oldsmar attack. Verizon’s Chris Novak ponders if you should get your Cybersecurity DIY, managed, or co-managed? Our guest is David Barzilai from Karamba Security on the growing importance of IoT security. And, looking for love on Valentine’s Day? Look carefully...and don’t give that intriguing online stranger money, We know, we know, they seem nice, but still... For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/29 Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft wraps up its internal investigation of Solorigate, which the US Government continues to grapple with, and which has had some effect in Norway. An apparent Iranian APT has been hosting its command-and-control in two Netherlands data centers. Estonia’s annual intelligence report describes Russian and Chinese ambitions in cyberspace. Threat actors are hard at work against Apple’s new processors. Kevin Magee on the Canadian National Cyber Threat Assessment for 2020. Our guest is Mark Testoni from SAP National Security Services on the Biden administration’s first 100 days. Plus, lessons from the ice, and how hackers became cybercriminals. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/33 Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this software for encryption or because they want to scrape this information as a way to make even more money from this attack. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec.  The research can be found here:  Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Learn more about your ad choices. Visit megaphone.fm/adchoices

Oxford biology lab hacked. A Zoom impersonation phishing campaign afflicts targets in the EU. Senators disappointed in Amazon’s decision not to appear at this week’s SolarWinds hearing. NSA advocates adopting zero trust principles. CISA issues alerts on industrial control systems. The US Department of Homeland Security describes increases to its cybersecurity grant programs. Dinah Davis examines how healthcare is being targeted by ransomware. Our guest is Michael Hamilton from CI Security on the Public Infrastructure Security Cyber Education System. And NIST’s draft IoT security standards are still open for comment. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/38 Learn more about your ad choices. Visit megaphone.fm/adchoices

A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program.  Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Don’t Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Johannes Ullrich from SANS Technology Institute talking about defending against attacks affecting APIs and dangerous new attack techniques you need to know about. This conversation is based on Johannes’ presentations at the 2024 RSA Conference. You can learn more about them here:  Attack and Defend: How to Defend Against Three Attacks Affecting APIs The Five Most Dangerous New Attack Techniques You Need to Know About Selected Reading New regreSSHion OpenSSH RCE bug gives root on Linux servers (Bleeping Computer) US Supreme Court sidesteps dispute on state laws regulating social media (Reuters) China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices (The Record) HubSpot accounts breach under investigation (SC Media) Japanese anime and gaming giant admits data leak following ransomware attack (The Record) Exposing FakeBat loader: distribution methods and adversary infrastructure (Sekoia.io blog) Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker (Halcyon) Google launches Bug Bounty Program for KVM Hypervisor (Stack Diary) How to Get Root Access to Your Sleep Number Bed (Dillan Mills) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

FriarFox is a bad browser extension, and it’s interested in Tibet. Ukraine accuses Russia of a software supply chain compromise (maybe Moscow hired Gamaredon to do the work). Egregor hoods who escaped recent Franco-Ukrainian sweeps are thought responsible for DDoS against Kiev security agencies over the weekend. A look at Babuk, a new ransomware-as-a-service entry. VMware servers are patched. Verizon’s Chris Novak looks at the 2021 threat landscape. Our guest is Andrew Hammond from the International Spy Museum. And a US Executive Order on supply chain security. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/37 Learn more about your ad choices. Visit megaphone.fm/adchoices

Watch out for the WatchDog Monero cryptojacking operation. The US Justice Department describes North Korea as “a criminal syndicate with a flag.” CISA outlines the DPRK malware that figures in the AppleJeus toolkit. The Chair of the US Senate Intelligence Committee asks the FBI and EPA for a report on the Oldsmar water system cybersabotage incident. Egregor takes a hit from French and Ukrainian police. Dinah Davis has advice on getting buy-in from the board. Our guest is Bentsi Ben Atar from Sepio Systems on hardware attacks. And the Netherlands Police advise cybercriminals to just move on. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/32 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the US Army bans, immediately, all use of DJI commercial-off-the-shelf drones. We discuss two known unknowns and offer some background on Defense acquisition practices. Amazon will begin scanning AWS customers' buckets for publicly accessible data. Dale Drew from Level 3 Communications offers his view on hacking back. White hat hackers offer recommendations for election security. And Marcus Huchins, a.k.a. MalwareTech, pleads not guilty to Kronos-related charges and makes bail. Supported by E8 Security, Johns Hopkins University, and Domain Tools.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Spyware in the Subcontinent. Some crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The US now has a point person for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason University. Our guest is Chris Cochran from Hacker Valley Studio with a preview of their Black Excellence in Cyber podcast.And there’s no attribution yet in the Oldsmar, Florida, water system cybersabotage, but it’s increasingly clear that the utility wasn’t a hard target.  For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/28 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan’s CISSP certification journey. Avoiding an Independence Day grill-security flare-up.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K’s comprehensive CISSP training course. Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Splunk Patches High-Severity Vulnerabilities in Enterprise Product (SecurityWeek) Feds Hit Health Entity With $950K Fine in Ransomware Attack (GovInfo Security) How CISOs can protect their personal liability (CSO Online) Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 (Bishop Fox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hildegard malware is targeting Kubernetes clusters. Remote access flaws found in consumer security devices. A brief update on the spreading software supply chain incidents. Project Zero sees incomplete patches at the root of most successful zero-day attacks. Recruiting a privateer’s crew. The current mood among ransomware victims. We’ll search for the truth about 5G with Rob Lee and Rick Howard. And who’s behind zoom-bombing remote learning? A hint: the kids aren’t alright. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/23 Learn more about your ad choices. Visit megaphone.fm/adchoices

It appears Chinese intelligence services have been exploiting a vulnerability in SolarWinds to steal data from a US Government payroll system. The presumed Russian intrusion into SolarWinds may have been going on for nine months or more. Three new SolarWinds vulnerabilities are disclosed and patched. Amnesty accuses South Sudan of abusing intercept tools. BEC compromise is involved in gift card scams. Joe Carrigan has thoughts on opt-in privacy policies. Our guest is Dale Ludwig from CHERRY on USB attacks and hardware security. And carders steal from other carders. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/22 Learn more about your ad choices. Visit megaphone.fm/adchoices

In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways may receive a heavy fine under GDPR for its recent breach. The EU passes controversial copyright legislation. Russia says the accused Novichok hitmen didn't do nothin'. And watch out for Olivia on WhatsApp—she's not what she at first seems to be. Jonathan Katz from the University of Maryland, with a cryptocurrency bug story from the MIT media lab. Guest is Robert Block from SecureAuth + CoreSecurity, with best practices for securing Office 365.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_12.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected. Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai.  The research can be found here:  A Brief History of a Rootable Docker Image Learn more about your ad choices. Visit megaphone.fm/adchoices

What’s North Korea doing with all that money the Lazarus Group steals? Buying atom bombs, apparently. Iran’s Domestic Kitten is scratching at some international surveillance targets. Not everyone who says they’re a Bear really is one. Parking malware in Discord. Notes on Patch Tuesday. Joe Carrigan details a gift card scam that hit a little close to home. Our guest is Saket Modi, CEO of Safe Security with thoughts on quantifying risk. And the latest on the water system cyber sabotage down in Florida. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/27 Learn more about your ad choices. Visit megaphone.fm/adchoices

High Bitcoin valuation draws the attention of cybercriminals, and a number of those criminals work for Mr. Kim, of Pyongyang. Alleged criminals, we should say. Centreon offers an update of its investigation of the Sandworm incident ANSSI uncovered. Reports of the Big Hack are received with caution. Patches applied, pulled, and replaced. Joe Carrigan describes a legal dustup between Proofpoint and Facebook over lookalike domains. Our guest is Sinan Eren from Barracuda Networks on their state of cloud networking report. And Florida’s water system cybersabotage provides a good reminder to stay away from unsupported software. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/30 Learn more about your ad choices. Visit megaphone.fm/adchoices

As more organizations are affected by the Accellion FTA compromise, authorities issue some recommendations for risk mitigation. Ocean Lotus is back, and active against Vietnamese domestic targets. LazyScripter is phishing with COVID and air travel lures. SolarWinds hearings include threat information, exculpation, and calls for more liability protection. Turkey Dog is after bank accounts. Joe Carrigan ponders the ease with which new security flaws are discovered. Rick Howard speaks with our guest Michael Dick from C2A Security on Automotive Security. And some new ICS threat groups are identified. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/36 Learn more about your ad choices. Visit megaphone.fm/adchoices

If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. The year came to a close with the announcement of the Log4j zero day. Talk about saving the best for last. On this episode of CyberWire-X, the CyberWire's Rick Howard speaks with Tom Quinn CISO at T. Rowe Price, about the topic. Show Sponsor ExtraHop’s Head of Product, Ted Driggs, joins the CyberWire's Dave Bittner to examine what Log4Shell tells us about the state of cyber defense going into 2022, and what enterprises can do to prepare. Through these conversations, we explore the challenges that enterprises had in patching the vulnerability, take a closer look at the advanced post-compromise threat activity spotted in the wild, and glean lessons that can be learned to build resilience against the next Log4j-style zero day. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukrainian security services complain of DDoS from Russia. The Accellion compromise is attributed to an extortion gang. Digital Shadow tracks the rise of initial access brokers, new middlemen in the criminal-to-criminal market. A botmaster uses an agile C2 infrastructure to avoid takedowns. IT executives to appear at US Senate hearings on Solorigate. US DHS talks up its cyber strategies. Ben Yelin comments on the latest court ruling on device searches at the border. Rick Howard speaks with Ariel Assaraf from Coralogix on SOAR and SIEM. And don’t be deceived by bogus FedEx and DHL phishbait. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/35 Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape.  In this episode, we shift our point of view to provide guidance for an individual's first career or perhaps considering a career change transitioning into the field. We discuss a market-driven approach to career development. We also explore how to discover one’s niche in cybersecurity, including how to stand out in this competitive market and align personal interests with career goals. Lastly, we examine the role certifications play when navigating your path throughout the talent acquisition, development, and retention of the cybersecurity workforce management lifecycle.   Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant  Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar Learn more about your ad choices. Visit megaphone.fm/adchoices

France finds Sandworm’s trail in a software supply chain. Microsoft is impressed by the amount of effort Russian intelligence services put into the SolarWinds campaign. Pyongyang is reported to have attempted to steal COVID-19 vaccine information. Supermicro reiterates objections to Bloomberg's report on alleged hardware supply chain compromises. Static Kitten is phishing in the UAE. Updates on the Florida water utility cybersabotage. Ben Yelin examines to what degree the FBI can access Signal app messages. Rick Howard gathers the hash table to discuss AWS. And a new executive director arrives at our state cybersecurity association. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/30 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling and invites researchers to take a look. Researchers disclose flaws in D-Link and Linksys routers. Ghost Squad says that they downed YouTube the other day, but who knows? And if YouTube goes down, please don't call 911.  Dr. Charles Clancy from VA Tech’s Hume Center on cognitive electronic warfare. Guest is Mike Janke from DataTribe on Maryland’s aspirations to be the nation’s hub of cyber operations. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Myanmar’s junta jams the Internet. Operation NightScout looks like a highly targeted cyberespionage campaign delivered through a compromised supply chain. SonicWall zero day is being actively exploited in the wild. StrangeU and RandomU are filling a niche in the criminal-to-criminal market. Ben Yelin ponders whether the Solarwinds attack can be considered an act of war. Our guest Jamie Brown from Tenable on the National Cyber Director position and what it means for the Biden administration. Another data breach is associated with Accellion FTA. And it’s Groundhog Day, campers. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/21 Learn more about your ad choices. Visit megaphone.fm/adchoices

Florida water treatment plant sustains cyberattack: the hack was successful, the sabotage wasn’t. A new malware strain is associated with Chinese intelligence services. Ben Yelin tracks a surveillance plane who’s funding has fallen. Our guest is Col. Stephen Hamilton from Army Cyber Institute at West Point. And Huawei’s CEO says, sure, he’d take a call from President Biden. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/26 Learn more about your ad choices. Visit megaphone.fm/adchoices

Untangling Solorigate, and distinguishing primary targets from collateral damage (or maybe side benefits, or maybe battlespace preparation). Congress asks NSA for background on an earlier supply chain incident. The Cyberspace Solarium Commission offers the new US Administration some transition advice. Rick Howard hears from the hash table on Microsoft Azure. Andrea Little Limbago from Interos on the intersection of COVID and cyber vulnerabilities. And the week gets off to a rough start for smart Britons. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/20 Learn more about your ad choices. Visit megaphone.fm/adchoices

Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that Russians have been using in advance of the recently held elections in Ukraine. The research can be found here: https://www.eclecticiq.com/resources/fusion-center-report-situational-awareness-ukraine-elections Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft is phasing out Android use for employees in China. Mastodon patches a security flaw exposing private posts. OpenAI kept a previous breach close to the vest. Nearly 10 billion passwords are leaked online. A Republican senator presses CISA for more information about a January hack. A breach of the Egyptian Health Department impacts 122,000 individuals. South Africa's National Health Laboratory Service (NHLS) suffers a ransomware attack. Eldorado is a new ransomware-as-a-service offering. CISA adds a Cisco command injection vulnerability to its Known Exploited Vulnerabilities catalog. N2K’s CSO Rick Howard catches up with AWS’ Vice President of Global Services Security Hart Rossman to discuss extending your security around genAI.  Ransomware scrambles your peace of mind. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Recently N2K’s CSO Rick Howard caught up with AWS’ Vice President of Global Services Security Hart Rossman at the AWS re:Inforce event. They discussed extending your security around genAI. Watch Hart’s presentation from AWS re:Inforce 2024 - Securely accelerating generative AI innovation. Selected Reading Microsoft Orders China Staff to Switch From Android Phones to iPhones for Work (Bloomberg) Mastodon: Security flaw allows unauthorized access to posts (Stack Diary) A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too (The New York Times) “A treasure trove for adversaries”: 10 billion stolen passwords have been shared online in the biggest data leak of all time (ITPro) Senate leader demands answers from CISA on Ivanti-enabled hack of sensitive systems (The Record) Egyptian Health Department Data Breach: 120,000 Users' Data Exposed (GB Hackers) South African pathology labs down after ransomware attack (The Cape Independent) New Eldorado ransomware targets Windows, VMware ESXi VMs (Bleeping Computer) CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog (Security Affairs) New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Myanmar blocks data networks. Notes on offensive cyber operations, from present and former Five Eyes officials. SilentFade seems to be back, with more ad fraud. Iranian cyber operators up their surveillance game. Brazil’s big data breach remains under investigation. Company towns may make a return in Nevada. Rick Howard casts his gaze on the AWS cloud. We welcome Dinah Davis from Arctic Wolf as our newest industry partner. And why in the world are hackers interested in other people’s colonoscopies?  For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/25 Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook takes down Myanmar junta’s main page. APT31 clones Equation Group tools. Silver Sparrow’s up to...something or other. Bogus Flash Player update serves fake news and malware. Effects of supply chain compromises spread. Clubhouse’s privacy issues. VC firm breached. CrowdStrike releases its annual threat report. We welcome Josh Ray from Accenture security to our show. Rick Howard examines Google’s cloud services. And a Maryland school concludes its annual cyber challenge. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/34 Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK’s NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmaster’s Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Dave Bittner is joined by Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. You can learn more about the state of pentesting from Cobalt’s State of Pentesting 2024 report here.  Selected Reading The NCSC and partners issue alert about evolving techniques used by China state-sponsored cyber attacks (NCSC) ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (The Record) New group exploits public cloud services to spy on Russian agencies, Kaspersky says (The Record) Continued Progress Towards a Secure Open Source Ecosystem (CISA) Decrypted: DoNex Ransomware and its Predecessors (Avast Threat Labs) Neiman Marcus data breach: 31 million email addresses found exposed (Bleeping Computer) GuardZoo spyware used by Houthis to target military personnel (Help Net Security) Cybersecurity Funding Surges in Q2 2024: Pinpoint Search Group Report Highlights Year-Over-Year Growth (Pinpoint Search Group) Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese cyber engagement with Indian critical infrastructure is reported: the objective isn’t benign from India’s point of view, but exactly what the objective is, specifically, remains a matter of speculation. The US Governemnt declassifies its report on the murder of Saudi journalist Jamal Khashoggi. The SolarWinds supply chain compromise remains under investigation, with an intern making a special appearance. Maligh search engine optimizations. Rick Howard shares hash table opinions on Google Cloud. Josh Ray from Accenture on Cybercrime and the Cloud. And congratulations to the winner’s of CISA’s President’s Cup. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/39 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Qatar has accused the United Arab Emirates of a hacking and disinformation campaign—the UAE deny it. Russia's Foreign Ministry says it was hacked. Russia-experts in the US said to be receiving unwelcome attention from possible state intelligence services. Deterrence and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud combined in a single criminal campaign. Macs attacked by banking credential stealing malware. Johns Hopkins' Joe Carrigan reviews educational options for aspiring cyber security pros. Twitter bots driving traffic to dodgy adult sites. And Ashley Madison proposes a settlement for its 2015 breach. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSA in an international conference, with attendees and exhibitors from around the world. Andy Williams is the UK Cyber Envoy. His mission at RSA was to spread the word about his nation’s significant cyber capabilities, to help facilitate business relationships with companies in the US, and to promote the technologies that UK companies were showing at the conference. Telesoft Technologies is one of those companies, and Matthew George is their CTO. He’ll tell us about their effort to bring the speed of FPGA’s to the market.  And finally, we’ll hear from Ezequiel Gutesman, Director of Research at Onapsis Research Labs. He’ll share the findings from a Poneman report on security within German software giants SAP's offerings. Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat actors rush to exploit Exchange Server vulnerabilities before victims get around to patching--it’s like a worldwide fire sale. Rick Howard digs into third party platforms and cloud security. Robert M. Lee from Dragos shares insights on the recent Florida water plant event. The US mulls some form of retaliation against Russia for the SolarWinds supply chain campaign, and it will also need to consider how to respond to China’s operations against Exchange Server. (And another Chinese threat actor may have been exploiting SolarWinds late last year.) For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/44 Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft is looking for a possible leak behind the spread of Exchange Server exploits, and hackers piggyback on webshells placed by other threat actors. The US Government continues to mull how to respond to Holiday Bear and Hafnium. Britain’s PM calls for greater offensive cyber capabilities. India looks for ways of countering China in cyberspace. Sky Global executives indicted for alleged racketeering. Accenture’s Josh Ray takes on defending against nation states. Rick Howard aims the hash table at third party cloud security. And what does it cost to be on a do-not-call list? Nothing. Really. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/49 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about security in international banking, some developments in the world of malware, and how presidential impersonation and a big loss cost a CEO his job. Analysts like some of the bigger cyber players (and they're waiting for Palo Alto's results tonight). VCs back three security companies with new funding. The State Department IG's report on email retention and security is out. DARPA wants to secure legacy IT systems, and US SOCOM wants innovative cyber tools. Dale Drew from Level 3 Communications walks us through the negotiations of ransomware, and Danny Rogers from Terbium Labs explains how to search for something when you don't know what that something is. Learn more about your ad choices. Visit megaphone.fm/adchoices

Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Jack Cable, Senior Technical Advisor at CISA, joins us to share an update on CISA's Secure by Design Alert series. For some background, you can find CISA’s Secure by Design whitepaper here. Details on today’s update can be found here.  Selected Reading New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (Ars Technica) US Disrupts AI-Powered Russian Bot Farm on X (SecurityWeek) FTC says anonymous messaging app failed to stop ‘rampant cyberbullying’ (The Verge) NEA Approves AI Guidance, But It’s Vital for Educators to Tread Carefully (EducationWeek) Hackvists release two gigabytes of Heritage Foundation data (CyberScoop) Microsoft and Apple ditch OpenAI board seats amid regulatory scrutiny (The Verge) Australia instructs government entities to check for tech exposed to foreign control (The Record) Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (BleepingComputer) Graham Cluley ties the knot (Mastodon)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Indian authorities warn the country’s transportation sector that it may be a target for cyberespionage. Google’s Project Zero describes an elaborate and expensive campaign that exploited zero-day vulnerabilities. The SilverFish threat group is elaborate, well-resourced, and well-organized. Threat actors are quietly altering mailbox permissions. REvil is back. Some say “yes” to Moscow; others say “nyet.” Dinah Davis from Arctic Wolf on Security Metrics. Our guest is Graeme Bunton from the DNS Abuse Institute. And two Infraud operators are sentenced. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/54 Learn more about your ad choices. Visit megaphone.fm/adchoices

German politicians’ emails are under attack, and the GRU is the prime suspect. Australia’s Nine Network was knocked off the air by a cyberattack, and a nation-state operation is suspected. PHP takes steps to protect itself from an attempt to insert a backdoor in its source code. Apple fixes browser engine bugs. FatFace pays the ransom. Project Zero caught a Western counterterror operation. Betsy Carmelite from Booz Allen Hamilton on Zero Trust. Our guest is Tal Zamir of Hysolate on CISA's new ransomware guidelines. And a guilty plea for one, and almost five-hundred indictments for others. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/59 Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Administration continues to prepare its response to Holiday Bear’s romp through the SolarWinds supply chain. Congress is asking for details on what was compromised in the incident, and why the Department of Homeland Security failed to detect the intrusion. The UN offers some recommendations on norms of conduct in cyberspace. Ben Yelin on a New Jersey Supreme Court ruling that phone passcodes are not protected by 5th amendment. Our guest is Frank Kettenstock from FoxIT on the security of PDF files. Developments in ransomware, including Exchange Server exploitation, credible extortion, and attempts to enlist customers against victims.  For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/60 Learn more about your ad choices. Visit megaphone.fm/adchoices

Exchange Server patching is going well, they say, but they also say that patching isn’t enough. Crooks are continuing to look for unpatched instances, and even in the patched systems, you’ve got to check to make sure the bad actors have been found and ejected. AFCEA and Shell both disclose being affected by third-party breaches. Citizen Lab sees no particular problem with TikTok. Ben Yelin ponders possible US response to the Microsoft Exchange Server attacks. Our guest is Alex Gizis from Connectify using VPNs to thwart government internet restrictions in Myanmar. And a major manga fan site is down. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/55 Learn more about your ad choices. Visit megaphone.fm/adchoices

A major Pig Butchering marketplace has ties to the Cambodian ruling family. Lulu Hypermarket suffers a data breach. GitLab patches critical flaws. Palo Alto Networks addresses BlastRadius. ViperSoftX malware variants grow ever more stealthy. A New Mexico man gets seven years for SWATting. State and local government employees are increasingly lured in by phishing attacks. Hackers impersonate live chat agents from Etsy and Upwork. The GOP’s official platform looks to roll back AI regulation. On today’s Threat Vector, David Moulton from Palo Alto Networks Unit 42 discusses the evolving threats of AI-generated malware with experts Rem Dudas and Bar Matalon. NATO brings the social media influencers to Washington. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, hosted by David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, he explores the evolving world of AI-generated malware with guests, Rem Dudas, Senior Threat Intelligence Analyst, and Bar Matalon, Threat Intelligence Team Lead. From exploring the vulnerabilities in AI models to discussing the potential implications for cybersecurity, this episode offers a deep dive into the challenges and opportunities posed by this emerging threat. You can listen to the full episode here.  Selected Reading The $11 Billion Marketplace Enabling the Crypto Scam Economy (WIRED) Hackers steal data of 200k Lulu customers in an alleged breach (CSO Online) GitLab update addresses pipeline execution vulnerability (Developer Tech News) Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool (SecurityWeek) ViperSoftX malware covertly runs PowerShell using AutoIT scripting (Bleeping Computer) Man sentenced to 7 years for Westfield High School threat hoax (Current Publishing) State, local governments facing deluge of phishing attacks (SC Media) Hackers impersonate live chat support agents in new phishing scam (Cybernews) 2024 GOP platform would roll back tech regulations on AI, crypto (The Washington Post) NATO's newest weapon is online content creators (The Washington Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

McAfee describes Operation Diànxùn, a probable Chinese collection effort directed against telecoms and 5G technology. Organizations around the world continue to work to thwart exploitation of Exchange Server vulnerabilities. What’s a webshell, and what can it do? Ben Yelin looks at cell phone data gathered from the US Capitol riot. Our guest is Ross Rustici from ZeroFOX on the evolution of ransomware. And how much does it cost to redirect all your SMS messages to some goon? Said goon needs only sixteen bucks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/50 Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA urges everyone to take the Microsoft Exchange Server vulnerabilities seriously. The SolarWinds compromise is also going to prove difficult to mop up. The US is said to be preparing a response to Holiday Bear’s SolarWinds compromise (some of that response will be visible, but some will not). A plea for more OSINT. Ben Yelin from UMD CHHS ponders face scanning algorithms in the job application process. Our guest is Sam Crowther from Kasada, asking why are we still talking about bots? And dragnets haul in some cybercrooks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/45 Learn more about your ad choices. Visit megaphone.fm/adchoices

Indian authorities continue to investigate the possibility that Mumbai’s power grid was hacked last October. Apple’s walled garden’s security can inhibit detection of threats that manage to get inside. An Atlantic Council report recommends international action against access-as-a-service brokers to stall proliferation of cyber offensive tools. Ben Yelin has the story of legislators asking the military why they’re so interested in apps serving Muslims. Our guest is John Grange from OppsCompass with insights on the top cloud security mistakes organizations make. Updates on the SolarWinds incident (including an SEC probe into who knew what when). For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/40 Learn more about your ad choices. Visit megaphone.fm/adchoices

AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest At the recent AWS re:Inforce 2024 conference, N2K’s Brandon Karpf spoke with Brigid Johnson, Director of AWS Identity, about the importance of identity and where we need to go. You can watch a replay of Brigid’s session at the event, IAM policy power hour, here.  Selected Reading AT&T Details Massive Breach of Customers' Call and Text Logs (Data Breach Today) NATO Set to Build New Cyber Defense Center (Infosecurity Magazine) New Presidential memorandum sets cybersecurity priorities for FY 2026, tasking OMB and ONCD to evaluate submissions (Industrial Cyber) mSpy Data Breach: Millions of Customers’ Data Exposed (GB Hackers) Advance Auto Parts’ Snowflake Breach Hits 2.3 Million People (Infosecurity Magazine) These Linksys routers are likely transmitting cleartext passwords (TechSpot) Known SSH-Snake bites more victims with multiple OSS exploitation (CSO Online) Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) Germany to Strip Huawei From Its 5G Networks (The New York Times) EU threatens Musk’s X with a fine of up to 6% of global turnover (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

India continues to investigate the possibility of RedEcho cybersabotage of its power distribution system, but says any hack was stopped and contained. Microsoft issues an out-of-band patch against a Chinese-run “Operation Exchange Marauder.” The financial sector works to contain an Ursnif outbreak. CISA issues ICS security advisories. Myanmar and the difficulty of stopping cyber proliferation. Joe Carrigan looks at CNAME cloaking. Our guest is author Neil Daswani from Stanford University’s Advanced Security Certification Program, on his upcoming book Big Breaches - Cybersecurity Lessons for Everyone. And another round in the Crypto Wars seems ready to start. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/41 Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday was a big one this month. Microsoft Exchange Server remains under active attack in the wild, with new threat actors hopping on the opportunity. Russia denies it had anything to do with the SolarWinds incident and says the kinds of US response that the word on the street tells them are under consideration would be nothing more than international crime. Hacktivists strike a blow against cameras and stuff. Joe Carrigan has thoughts on Google’s plans for third party cookies. Our guest is Kelvin Coleman from the National Cyber Security Alliance (NCSA) on how educators can better protect students’ privacy during distance learning sessions. And police in the low countries sweep up more than a hundred cybercrooks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/46 Learn more about your ad choices. Visit megaphone.fm/adchoices

Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career. Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually ended up at the International Spy Museum in Washington, DC. He said one of the "greatest parts of the job being able to engage with the artifacts" and share their stories. We thank Andrew for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Intelligence Community has released its report on 2020 foreign election meddling. It found no successful hacking, but a lot of clever influence operations. Ukraine says it stopped a significant Russian cyberespionage campaign. Recovery from the SolarWinds and Exchange Server compromises continues. Joe Carrigan shares thoughts on the Verkada hack. Our guest is Oscar Pedroso from Thimble on getting kids hooked on technology. And no, that celebrity tweeter isn’t really going to send you $2000 for every $1000 you give back to the community. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/51 Learn more about your ad choices. Visit megaphone.fm/adchoices

The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disney’s Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. This Week on CSO Perspectives Dave chats with Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, about his latest episode of CSO Perspectives which focuses on the current state of MITRE ATT&CK. If you are a N2K Pro subscriber, you can find this installment of CSO Perspectives here. The accompanying essay is available here. If you’re not a subscriber and want to check out a sample of the discussion Rick has with his Hash Table members about MITRE ATT&CK, you can find it here.  Selected Reading Conspiracy theories spread swiftly in hours after Trump rally shooting (The Washington Post) AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (WIRED) Pharmacy Giant Rite Aid Hit By Ransomware (Infosecurity Magazine) Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data (HackRead) Malicious Python packages found exfiltrating user data to Telegram bot (Computing) HardBit ransomware version 4.0 supports new obfuscation techniques (Security Affairs) Hackers use PoC exploits in attacks 22 minutes after release (Bleeping Computer) Google is reportedly planning its biggest startup acquisition ever (The Verge) Automotive SaaS provider CDK paid $25 million ransom to hackers (BeyondMachines.net) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

COVID-themed phishbait has shifted to vaccines. Notes on the ransomware exploiting vulnerable Exchange Servers. Purple Fox gets wormy. Sierra Wireless halts operations to remediate a ransomware incident. Notes on ICS vulnerabilities. More victims of third-party risk. Joe Carrigan looks at SMS security issues. Our guest is Ron Brash from Verve Industrial with takeaways from their 2020 ICS Vulnerabilities report. And what are the cybercriminals thinking? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/56 Learn more about your ad choices. Visit megaphone.fm/adchoices

Charming Kitten is back, and interested in medical researchers’ credentials. Russian services appear to have been reading some US State Department emails (it’s thought their access was confined to unclassified systems). Risk management practices and questions about the risks of growing too blasé about “management.” Recognizing the approach of an intelligence officer. Volumetric attacks are up. Joe Carrigan examines a sophisticated Microsoft spoof. Our guest is Donna Grindle from Kardon on updates to the HITECH ACT. More concerns, in India and the US, about Chinese telecom hardware. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/61 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we look back at the week just ending and see new attempts on banking systems. Some involve SWIFT; others involve Anonymous, and some have to do with the FDIC. And what about those fingerprints? Markus Rauschecker from the Center for Health and Homeland Security examines the increased scrutiny the FTC and FCC are putting on mobile device providers. And we interview Dr. Emma Garrison-Alexander about her leadership positions with NSA, TSA and UMUC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco Talos discovered PoetRAT earlier this year. Since then, they observed multiple new campaigns indicating a change in the actor's capabilities and showing their maturity toward better operational security. They assess with medium confidence this actor continues to use spear-phishing attacks to lure a user to download a malicious document from temporary hosting providers. They currently believe the malware comes from malicious URLs included in the email, resulting in the user clicking and downloading a malicious document. These Word documents continue to contain malicious macros, which in turn download additional payloads once the attacker sets their sites on a particular victim. As the geopolitical tensions grow in Azerbaijan with neighboring countries, this is no doubt a stage of espionage with national security implications being deployed by a malicious actor with a specific interest in various Azerbajiani government departments. Joining us in this week's Research Saturday to discuss the research from Cisco's Talos Outreach is Craig Williams. The research can be found here:  PoetRAT: Malware targeting public and private sector in Azerbaijan evolves Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns organizations that Mamba ransomware is out and about in a newly evolved form. Facebook takes down a Chinese cyberespionage operation targeting Uyghurs. Huawei joins the Organization of Islamic Cooperation. Slack thinks it might have made a security and privacy misstep. Caleb Barlow from CynergisTek on Healthcare Interoperability. Our guest is Roei Amit from Deep Instinct on their 2020 Cyber Threat Landscape Report. And a look at fleeceware. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/57 Learn more about your ad choices. Visit megaphone.fm/adchoices

Disinformation about a radiation leak that wasn’t. Another warning about Trickbot. The FBI says cybercrime cost victims more than $4.2 billion last year. Investigation and remediation of the SolarWinds and Exchange Server compromises continue. Crypters become a commodity for malware developers. Robert M. Lee from Dragos on lessons from the recent Texas power outages. Our guest is Bob Shaker from Norton Lifelock looking at baddies targeting online gamers. And some people are looking for jobs in all the wrong places. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/52 Learn more about your ad choices. Visit megaphone.fm/adchoices

Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark.  Bellingcat sleuths pinpoint an alleged cartel member.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Learn more about the /555 benchmark. Selected Reading Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security) Kaspersky Lab Closing U.S. Division; Laying Off Workers (Zero Day) Beware of BadPack: One Weird Trick Being Used Against Android Devices (Palo Alto Networks Unit 42) New Poco RAT Weaponizing 7zip Files Using Google Drive (GB Hackers) CISA broke into a US federal agency, and no one noticed for a full 5 months (The Register) Organizations Warned of Exploited GeoServer Vulnerability (Security Week) Microsoft finally fixes Outlook alerts bug caused by December updates (Bleeping Computer) New Open Source law in Switzerland (Joinup) Exploring the Skyline: How we Located an Alleged Cartel Member in Dubai (Bellingcat) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Norway’s parliament is hit with Exchange Server exploitation. CISA and the FBI issue more advice on how to clean up an Exchange Server compromise. CISA hints at more detailed attribution of the SolarWinds compromise “soon,” and US Cyber Command says military networks were successfully defended. Microsoft’s Kevin Magee of exporting cyber talent. Our guest is Hanan Hibshi from Carnegie Mellon University on their picoCTF online hacking competition. Notes on some evolving criminal techniques, an update on the security camera hacktivist incident, and some news you won’t need, but your friends might. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/47 Learn more about your ad choices. Visit megaphone.fm/adchoices