The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
The Messy Back-End of Entrepreneurship
Don't fail because your back-end is messy! Listen as we bring you experts who have been where you are to help you get the answers you need. Believe us, all businesses have st…
Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.
April 20, 2021
Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.
April 19, 2021
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
April 18, 2021
Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]
April 17, 2021
International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
April 16, 2021
Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
April 15, 2021
The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.
April 14, 2021
Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.
April 13, 2021
Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.
April 12, 2021
Debra Danielson: Be fearless. [CTO] [Career Notes]
April 11, 2021
Strategic titles point to something more than a commodity campaign. [Research Saturday]
April 10, 2021
A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.
April 9, 2021
Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.
April 8, 2021
A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.
April 7, 2021
Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.
April 6, 2021
An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.
April 5, 2021
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
April 4, 2021
Ezuri: Regenerating a different kind of target. [Research Saturday]
April 3, 2021
Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.
April 2, 2021
Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.
April 1, 2021
Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.
March 31, 2021
US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.
March 30, 2021
Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.
March 29, 2021
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
March 28, 2021
How are we doing in the industrial sector? [Research Saturday]
March 27, 2021
Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.
March 26, 2021
Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.
March 25, 2021
Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?
March 24, 2021
Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail
Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.
March 23, 2021
Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.
March 22, 2021
Kevin Magee: Focus on the archer. (CSO) [Career Notes]
March 21, 2021
BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]
March 20, 2021
Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.
March 19, 2021
Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.
March 18, 2021
US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.
March 17, 2021
Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).
March 16, 2021
Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.
March 15, 2021
Dinah Davis: Building your network. [R&D] [Career Notes]
March 14, 2021
SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]
Keeping data confidential with fully homomorphic encryption. [Research Saturday]
March 13, 2021
Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.
March 12, 2021
More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.
March 11, 2021
Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.
March 10, 2021
Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.
March 9, 2021
Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).
March 8, 2021
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
March 7, 2021
Diving deep into North Korea's APT37 tool kit. [Research Saturday]
March 6, 2021
SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.
March 5, 2021
Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.
March 4, 2021
RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
March 3, 2021
India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
March 2, 2021
“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.
March 1, 2021
Aarti Borkar: Make your own choices. [Product} [Career Notes]
Feb. 28, 2021
Shining a light on China's cyber underground. [Research Saturday]
Feb. 27, 2021
Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.
Feb. 26, 2021
PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.
Feb. 25, 2021
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
Feb. 24, 2021
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
Feb. 23, 2021
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
Feb. 22, 2021
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
Feb. 21, 2021
Attackers (ab)using Google Chrome. [Research Saturday]
Feb. 20, 2021
Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.
Feb. 19, 2021
The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.
Feb. 18, 2021
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.
Feb. 17, 2021
France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE
Feb. 16, 2021
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [Special Edition Update]
Feb. 15, 2021
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Feb. 14, 2021
Using the human body as a wire-like communication channel. [Research Saturday]
Feb. 13, 2021
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.
Feb. 12, 2021
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
Feb. 11, 2021
Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
Feb. 10, 2021
Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.
Feb. 9, 2021
A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?
Feb. 8, 2021
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Feb. 7, 2021
In the clear: what it's like working as a woman in the cleared community. [Special Edition]
"Follow the money" the cybersecurity way. [Research Saturday]
Feb. 6, 2021
Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.
Feb. 5, 2021
Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.
Feb. 4, 2021
China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.
Feb. 3, 2021
Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.
Feb. 2, 2021
Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.
Feb. 1, 2021
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Jan. 31, 2021
Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]
The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]
Jan. 30, 2021
Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.
Jan. 29, 2021
Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.
Jan. 28, 2021
Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.
Jan. 27, 2021
Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?
Jan. 26, 2021
The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.
Jan. 25, 2021
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Jan. 24, 2021
Trickbot may be down, but can we count it out? [Research Saturday]
Jan. 23, 2021
Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
Jan. 22, 2021
Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
Jan. 21, 2021
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.
Jan. 20, 2021
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
Jan. 19, 2021
Encore: You will pay for that one way or another. [Caveat]
Jan. 18, 2021
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Jan. 17, 2021
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
Jan. 16, 2021
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
Jan. 15, 2021
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
Jan. 14, 2021
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Jan. 13, 2021
Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
Jan. 12, 2021
More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.
Jan. 11, 2021
Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
Jan. 10, 2021
Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]
Jan. 9, 2021
The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.
Jan. 8, 2021
CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.
Jan. 7, 2021
Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.
Jan. 6, 2021
It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.
Jan. 5, 2021
Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.
Jan. 4, 2021
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Jan. 3, 2021
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
Jan. 2, 2021
Andy Greenberg on the Sandworm Indictments.
Jan. 1, 2021
SOAR – a first principle idea.
Dec. 31, 2020
Security operations centers: around the Hash Table.
Dec. 30, 2020
Security operations centers: a first principle idea.
Dec. 29, 2020
Cybersecurity First Principles: DevSecOps.
Dec. 28, 2020
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]
Dec. 27, 2020
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
Dec. 26, 2020
Encore: Separating fools from money. [Hacking Humans]
Dec. 25, 2020
Encore: Technology that allows cops to track your phone. [Caveat]
Dec. 24, 2020
Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.
Dec. 23, 2020
Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.
Dec. 22, 2020
Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.
Dec. 21, 2020
Robert Lee: Keeping the lights on. [ICS] [Word Notes]
Dec. 20, 2020
Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]
Dec. 19, 2020
Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.
Dec. 18, 2020
The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.
Dec. 17, 2020
SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
Dec. 16, 2020
SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.
Dec. 15, 2020
A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.
Dec. 14, 2020
Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]
Dec. 13, 2020
Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]
Dec. 12, 2020
OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.
Dec. 11, 2020
Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.
Dec. 10, 2020
Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.
Dec. 9, 2020
IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.
Dec. 8, 2020
NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.
Dec. 7, 2020
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Dec. 6, 2020
SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]
Dec. 5, 2020
2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.
Dec. 4, 2020
Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?
Dec. 3, 2020
The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.
Dec. 2, 2020
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.
Dec. 1, 2020
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.
Nov. 30, 2020
Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Nov. 29, 2020
Encore: Using global events as lures for malicious activity.
Nov. 28, 2020
Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.
Nov. 25, 2020
Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.
Nov. 24, 2020
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”
Nov. 23, 2020
James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Nov. 22, 2020
Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]
Nov. 21, 2020
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.
Nov. 20, 2020
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).
Nov. 19, 2020
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.
Nov. 18, 2020
Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.
Nov. 17, 2020
Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.
Nov. 16, 2020
Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Nov. 15, 2020
That first CVE was a fun find, for sure. [Research Saturday]
Nov. 14, 2020
CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
Nov. 13, 2020
An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.
Nov. 12, 2020
shadow IT (noun) [Word Notes]
Nov. 11, 2020
remote access Trojan or RAT (noun) [Word Notes]
A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.
Nov. 10, 2020
Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.
Nov. 9, 2020
Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
Nov. 8, 2020
PoetRAT: a complete lack of operational security. [Research Saturday]
Nov. 7, 2020
IRGC domains taken down. A look at 2021’s threatscape. Russia says its didn’t do anything (others see Bears.) Forfeiture of Silk Road’s hitherto unaccounted for billion-plus dollars.
Nov. 6, 2020
CISA’s happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.
Nov. 5, 2020
US elections: CISA calls security success, but reminds all that it’s not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.
Nov. 4, 2020
Election security updates from CISA. Maze says it’s out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.
Nov. 3, 2020
Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.
Nov. 2, 2020
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
Nov. 1, 2020
Carole Theriault: Constantly learning new things. [Media] [Career Notes]
Leveraging for a bigger objective. [Research Saturday]
Oct. 31, 2020
Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Don’t exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.
Oct. 30, 2020
The Malware Mash!
Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.
Oct. 29, 2020
Warnings about the DPRK’s Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.
Oct. 28, 2020
Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.
Oct. 27, 2020
Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.
Oct. 26, 2020
Sal Aurigemma: How things work. [Education] [Career Notes]
Oct. 25, 2020
Just saying there are attacks is not enough. [Research Saturday]
Oct. 24, 2020
Energetic Bear’s battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.
Oct. 23, 2020
Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the “blatant Russophobia,” TASS?
Oct. 22, 2020
TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.
Oct. 21, 2020
International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.
Oct. 20, 2020
Influence operations and cyber probes of presidential campaigns. TrickBot’s recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.
Oct. 19, 2020
Rosa Smothers: Secure the planet. [Career Notes]
Oct. 18, 2020
Intentionally not drawing attention. [Research Saturday]
Oct. 17, 2020
Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.
Oct. 16, 2020
Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.
Oct. 15, 2020
Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.
Oct. 14, 2020
Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.
Oct. 13, 2020
Rigging the game. [Caveat]
Oct. 12, 2020
Geoff White: Suddenly all of the pieces start to line up. [Career Notes]
Oct. 11, 2020
It's still possible to find ways to break out. [Research Saturday]
Oct. 10, 2020
A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.
Oct. 9, 2020
Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.
Oct. 8, 2020
Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.
Oct. 7, 2020
New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.
Oct. 6, 2020
Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.
Oct. 5, 2020
Diane M. Janosek: It's only together that we are going to rise. [Career Notes]
Oct. 4, 2020
Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]
Oct. 3, 2020
CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.
Oct. 2, 2020
Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.
Oct. 1, 2020
Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.
Sept. 30, 2020
Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.
Sept. 29, 2020
Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.
Sept. 28, 2020
Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
Sept. 27, 2020
What came first, the Golden Chickens or more_eggs? [Research Saturday]
Sept. 26, 2020
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
Sept. 25, 2020
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
Sept. 24, 2020
Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.
Sept. 23, 2020
Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.
Sept. 22, 2020
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.
Sept. 21, 2020
The cybersecurity paradox. [CyberWire-X]
Sept. 20, 2020
Monica Ruiz: Moving ahead when not many look like you. [Career Notes]
Election 2020: What to expect when we are electing. [Research Saturday]
Sept. 19, 2020
Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.
Sept. 18, 2020
Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.
Sept. 17, 2020
VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.
Sept. 16, 2020
Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.
Sept. 15, 2020
Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.
Sept. 14, 2020
Ode to Wealthy Elite. [Shadowspeak]
Brandon Robinson: Built from the ground up. [Career Notes]
Sept. 13, 2020
Leveraging legitimate tools. [Research Saturday]
Sept. 12, 2020
Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.
Sept. 11, 2020
Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.
Sept. 10, 2020
Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.
Sept. 9, 2020
Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?
Sept. 8, 2020
Exploring the cultural values of personal privacy. [Caveat]
Sept. 7, 2020
Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]
Sept. 6, 2020
Going after the most valuable data. [Research Saturday]
Sept. 5, 2020
Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.
Sept. 4, 2020
Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.
Sept. 3, 2020
Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.
Sept. 2, 2020
The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.
Sept. 1, 2020
DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.
Aug. 31, 2020
Jack Rhysider: Get your experience points in everything. [Career Notes]
Aug. 30, 2020
They fooled a lot of people. [Research Saturday]
Aug. 29, 2020
Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.
Aug. 28, 2020
Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.
Aug. 27, 2020
New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?
Aug. 26, 2020
The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.
Aug. 25, 2020
Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.
Aug. 24, 2020
Kiersten Todt: Problem solving and building solutions. [Career Notes]
Aug. 23, 2020
Using global events as lures. [Research Saturday]
Aug. 22, 2020
Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.
Aug. 21, 2020
Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.
Aug. 20, 2020
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.
Aug. 19, 2020
Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.
Aug. 18, 2020
North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.
Aug. 17, 2020
Trying for a win, win, win game. [Career Notes]
Aug. 16, 2020
The ABCs of cybersecurity for the education sector. [CyberWire-X]
Waiting for their victims. [Research Saturday]
Aug. 15, 2020
Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).
Aug. 14, 2020
This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.
Aug. 13, 2020
Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?
Aug. 12, 2020
Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
Aug. 11, 2020
NMAP (noun) [Word Notes]
What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
Aug. 10, 2020
The Green Goldfish and cyber threat intelligence. [Career Notes]
Aug. 9, 2020
Like anything these days, you have to disinfect it first. [Research Saturday]
Aug. 8, 2020
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
Aug. 7, 2020
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
Aug. 6, 2020
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
Aug. 5, 2020
US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
Aug. 4, 2020
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
Aug. 3, 2020
Rely on your strengths in the areas of the unknown. [Career Notes]
Aug. 2, 2020
Detecting Twitter bots in real time. [Research Saturday]
Aug. 1, 2020
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
July 31, 2020
A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
July 30, 2020
Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.
July 29, 2020
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
July 28, 2020
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
July 27, 2020
No matter the statistic, even if against the odds, focus on what you want. [Career Notes]
July 26, 2020
It was only a matter of time. [Research Saturday]
July 25, 2020
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.
July 24, 2020
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
July 23, 2020
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
July 22, 2020
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
July 21, 2020
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
July 20, 2020
Have to be able to communicate to everybody. [Career Notes]
July 19, 2020
Every time we get smarter, the bad guy changes something. [Research Saturday]
July 18, 2020
High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.
July 17, 2020
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.
July 16, 2020
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
July 15, 2020
Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
July 14, 2020
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
July 13, 2020
Turn challenges into opportunities. [Career Notes]
July 12, 2020
Are you running what you think you're running? [Research Saturday]
July 11, 2020
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.
July 10, 2020
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
July 9, 2020
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
July 8, 2020
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
July 7, 2020
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
July 6, 2020
Solving hard problems and pursuing your passions. [Career Notes]
July 5, 2020
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
July 2, 2020
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
July 1, 2020
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
June 30, 2020
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
June 29, 2020
Get your foot in the door and prove your worth. [Career Notes]
June 28, 2020
Enter the RAT. [Research Saturday]
June 27, 2020
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
June 26, 2020
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
June 25, 2020
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
June 24, 2020
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
June 23, 2020
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
June 22, 2020
Superhero origin stories and lessons that last. [Career Notes]
June 21, 2020
Click here to update your webhook. [Research Saturday]
June 20, 2020
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
June 19, 2020
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
June 18, 2020
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
June 17, 2020
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
June 16, 2020
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
June 15, 2020
The mark of making a difference. [Career Notes]
June 14, 2020
The value of the why and the who. [Research Saturday]
June 13, 2020