The CyberWire Daily

Strategic titles point to something more than a commodity campaign. [Research Saturday]

April 10, 2021

23:56

A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.

April 9, 2021

24:40

Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.

April 8, 2021

23:18

A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.

April 7, 2021

24:06

Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.

April 6, 2021

22:05

An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

April 5, 2021

21:08

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

April 4, 2021

6:00

Ezuri: Regenerating a different kind of target. [Research Saturday]

April 3, 2021

20:31

Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

April 2, 2021

26:23

Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

April 1, 2021

25:33

Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

March 31, 2021

23:58

US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

March 30, 2021

25:07

Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

March 29, 2021

25:39

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

March 28, 2021

6:47

How are we doing in the industrial sector? [Research Saturday]

March 27, 2021

23:05

Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

March 26, 2021

28:23

Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

March 25, 2021

24:12

Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

March 24, 2021

25:25

Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

March 24, 2021

17:27

Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

March 23, 2021

24:43

Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

March 22, 2021

25:55

Kevin Magee: Focus on the archer. (CSO) [Career Notes]

March 21, 2021

6:54

BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

March 20, 2021

17:07

Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

March 19, 2021

27:43

Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

March 18, 2021

24:36

US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.

March 17, 2021

24:46

Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).

March 16, 2021

24:42

Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.

March 15, 2021

25:18

Dinah Davis: Building your network. [R&D] [Career Notes]

March 14, 2021

7:40

SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]

March 14, 2021

36:56

Keeping data confidential with fully homomorphic encryption. [Research Saturday]

March 13, 2021

24:53

Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.

March 12, 2021

24:41

More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.

March 11, 2021

25:35

Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.

March 10, 2021

25:49

Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.

March 9, 2021

24:29

Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).

March 8, 2021

25:58

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

March 7, 2021

7:08

Diving deep into North Korea's APT37 tool kit. [Research Saturday]

March 6, 2021

19:33

SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.

March 5, 2021

28:03

Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.

March 4, 2021

22:10

RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.

March 3, 2021

23:27

India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).

March 2, 2021

23:39

“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.

March 1, 2021

23:30

Aarti Borkar: Make your own choices. [Product} [Career Notes]

Feb. 28, 2021

6:38

Shining a light on China's cyber underground. [Research Saturday]

Feb. 27, 2021

25:11

Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.

Feb. 26, 2021

27:45

PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.

Feb. 25, 2021

24:38

Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.

Feb. 24, 2021

25:59

DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.

Feb. 23, 2021

24:06

Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.

Feb. 22, 2021

23:49

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

Feb. 21, 2021

6:37

Attackers (ab)using Google Chrome. [Research Saturday]

Feb. 20, 2021

20:47

Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.

Feb. 19, 2021

25:37

The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.

Feb. 18, 2021

23:53

US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.

Feb. 17, 2021

25:42

France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE

Feb. 16, 2021

23:40

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]

Feb. 16, 2021

33:38

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [Special Edition Update]

Feb. 15, 2021

33:53

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

Feb. 14, 2021

7:10

Using the human body as a wire-like communication channel. [Research Saturday]

Feb. 13, 2021

21:14

Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.

Feb. 12, 2021

27:33

Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.

Feb. 11, 2021

27:24

Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.

Feb. 10, 2021

21:16

Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.

Feb. 9, 2021

24:35

A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?

Feb. 8, 2021

25:51

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

Feb. 7, 2021

6:12

In the clear: what it's like working as a woman in the cleared community. [Special Edition]

Feb. 7, 2021

46:48

"Follow the money" the cybersecurity way. [Research Saturday]

Feb. 6, 2021

28:32

Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.

Feb. 5, 2021

27:33

Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.

Feb. 4, 2021

25:23

China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.

Feb. 3, 2021

25:49

Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.

Feb. 2, 2021

22:24

Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.

Feb. 1, 2021

26:05

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Jan. 31, 2021

6:49

Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]

Jan. 31, 2021

31:26

The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]

Jan. 30, 2021

18:39

Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.

Jan. 29, 2021

26:52

Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.

Jan. 28, 2021

24:30

Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.

Jan. 27, 2021

24:29

Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?

Jan. 26, 2021

24:07

The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.

Jan. 25, 2021

25:58

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

Jan. 24, 2021

6:51

Trickbot may be down, but can we count it out? [Research Saturday]

Jan. 23, 2021

21:03

Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.

Jan. 22, 2021

28:01

Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.

Jan. 21, 2021

24:05

More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.

Jan. 20, 2021

23:02

EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.

Jan. 19, 2021

23:05

Encore: You will pay for that one way or another. [Caveat]

Jan. 18, 2021

36:09

Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

Jan. 17, 2021

6:47

Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

Jan. 16, 2021

25:47

Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.

Jan. 15, 2021

26:01

SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?

Jan. 14, 2021

25:19

Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.

Jan. 13, 2021

22:21

Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.

Jan. 12, 2021

24:26

More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.

Jan. 11, 2021

27:32

Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]

Jan. 10, 2021

6:29

Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]

Jan. 9, 2021

25:50

The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.

Jan. 8, 2021

25:36

CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.

Jan. 7, 2021

23:41

Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.

Jan. 6, 2021

24:42

It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.

Jan. 5, 2021

24:08

Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.

Jan. 4, 2021

24:42

Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]

Jan. 3, 2021

7:04

Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]

Jan. 2, 2021

29:57

Andy Greenberg on the Sandworm Indictments.

Jan. 1, 2021

17:10

SOAR – a first principle idea.

Dec. 31, 2020

16:46

Security operations centers: around the Hash Table.

Dec. 30, 2020

27:06

Security operations centers: a first principle idea.

Dec. 29, 2020

16:15

Cybersecurity First Principles: DevSecOps.

Dec. 28, 2020

20:05

Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]

Dec. 27, 2020

7:10

Encore: Seedworm digs Middle East intelligence. [Research Saturday]

Dec. 26, 2020

20:27

Encore: Separating fools from money. [Hacking Humans]

Dec. 25, 2020

30:02

Encore: Technology that allows cops to track your phone. [Caveat]

Dec. 24, 2020

49:08

Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.

Dec. 23, 2020

26:25

Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.

Dec. 22, 2020

27:29

Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.

Dec. 21, 2020

25:00

Robert Lee: Keeping the lights on. [ICS] [Word Notes]

Dec. 20, 2020

7:04

Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]

Dec. 19, 2020

26:26

Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.

Dec. 18, 2020

31:18

The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.

Dec. 17, 2020

22:58

SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.

Dec. 16, 2020

22:18

SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.

Dec. 15, 2020

25:18

A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.

Dec. 14, 2020

23:29

Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]

Dec. 14, 2020

32:53

Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]

Dec. 13, 2020

7:01

Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]

Dec. 12, 2020

34:03

OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.

Dec. 11, 2020

25:29

Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.

Dec. 10, 2020

24:58

Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.

Dec. 9, 2020

24:10

IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.

Dec. 8, 2020

23:10

NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.

Dec. 7, 2020

22:33

Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]

Dec. 6, 2020

7:51

SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]

Dec. 5, 2020

17:11

2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.

Dec. 4, 2020

26:07

Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?

Dec. 3, 2020

25:16

The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.

Dec. 2, 2020

26:26

Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.

Dec. 1, 2020

22:40

Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.

Nov. 30, 2020

25:57

Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]

Nov. 29, 2020

7:23

Encore: Using global events as lures for malicious activity.

Nov. 28, 2020

22:52

Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.

Nov. 25, 2020

23:54

Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.

Nov. 24, 2020

22:52

Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”

Nov. 23, 2020

24:54

James Hadley: Spend time on what interests you. [CEO] [Career Notes]

Nov. 22, 2020

6:34

Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]

Nov. 21, 2020

20:56

Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.

Nov. 20, 2020

26:32

Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).

Nov. 19, 2020

24:34

Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.

Nov. 18, 2020

23:59

Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.

Nov. 17, 2020

23:00

Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.

Nov. 16, 2020

25:36

Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]

Nov. 15, 2020

5:51

That first CVE was a fun find, for sure. [Research Saturday]

Nov. 14, 2020

28:51

CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.

Nov. 13, 2020

25:25

An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.

Nov. 12, 2020

24:21

shadow IT (noun) [Word Notes]

Nov. 11, 2020

4:24

remote access Trojan or RAT (noun) [Word Notes]

Nov. 11, 2020

4:12

A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.

Nov. 10, 2020

24:02

Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.

Nov. 9, 2020

24:57

Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]

Nov. 8, 2020

6:44

PoetRAT: a complete lack of operational security. [Research Saturday]

Nov. 7, 2020

22:15

IRGC domains taken down. A look at 2021’s threatscape. Russia says its didn’t do anything (others see Bears.) Forfeiture of Silk Road’s hitherto unaccounted for billion-plus dollars.

Nov. 6, 2020

25:48

CISA’s happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.

Nov. 5, 2020

23:37

US elections: CISA calls security success, but reminds all that it’s not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.

Nov. 4, 2020

23:37

Election security updates from CISA. Maze says it’s out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.

Nov. 3, 2020

23:27

Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.

Nov. 2, 2020

25:51

David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]

Nov. 1, 2020

24:00

Carole Theriault: Constantly learning new things. [Media] [Career Notes]

Nov. 1, 2020

7:44

Leveraging for a bigger objective. [Research Saturday]

Oct. 31, 2020

25:59

Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Don’t exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.

Oct. 30, 2020

27:00

The Malware Mash!

Oct. 30, 2020

3:05

Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.

Oct. 29, 2020

22:07

Warnings about the DPRK’s Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.

Oct. 28, 2020

24:14

Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.

Oct. 27, 2020

25:05

Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.

Oct. 26, 2020

26:21

Sal Aurigemma: How things work. [Education] [Career Notes]

Oct. 25, 2020

7:17

Just saying there are attacks is not enough. [Research Saturday]

Oct. 24, 2020

27:53

Energetic Bear’s battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.

Oct. 23, 2020

25:39

Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the “blatant Russophobia,” TASS?

Oct. 22, 2020

22:30

TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.

Oct. 21, 2020

22:45

International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.

Oct. 20, 2020

24:35

Influence operations and cyber probes of presidential campaigns. TrickBot’s recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.

Oct. 19, 2020

27:49

Rosa Smothers: Secure the planet. [Career Notes]

Oct. 18, 2020

6:47

Intentionally not drawing attention. [Research Saturday]

Oct. 17, 2020

25:54

Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.

Oct. 16, 2020

25:17

Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.

Oct. 15, 2020

25:37

Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.

Oct. 14, 2020

23:20

Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.

Oct. 13, 2020

24:39

Rigging the game. [Caveat]

Oct. 12, 2020

41:40

Geoff White: Suddenly all of the pieces start to line up. [Career Notes]

Oct. 11, 2020

7:31

It's still possible to find ways to break out. [Research Saturday]

Oct. 10, 2020

20:14

A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.

Oct. 9, 2020

25:02

Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.

Oct. 8, 2020

23:31

Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.

Oct. 7, 2020

23:21

New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.

Oct. 6, 2020

23:36

Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.

Oct. 5, 2020

23:56

Diane M. Janosek: It's only together that we are going to rise. [Career Notes]

Oct. 4, 2020

7:19

Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]

Oct. 3, 2020

23:52

CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.

Oct. 2, 2020

26:52

Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.

Oct. 1, 2020

23:30

Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.

Sept. 30, 2020

23:33

Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.

Sept. 29, 2020

24:33

Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.

Sept. 28, 2020

22:47

Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]

Sept. 27, 2020

7:44

What came first, the Golden Chickens or more_eggs? [Research Saturday]

Sept. 26, 2020

19:51

Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.

Sept. 25, 2020

25:59

Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.

Sept. 24, 2020

22:56

Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.

Sept. 23, 2020

23:32

Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.

Sept. 22, 2020

23:40

Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.

Sept. 21, 2020

25:01

The cybersecurity paradox. [CyberWire-X]

Sept. 20, 2020

36:11

Monica Ruiz: Moving ahead when not many look like you. [Career Notes]

Sept. 20, 2020

7:11

Election 2020: What to expect when we are electing. [Research Saturday]

Sept. 19, 2020

25:03

Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.

Sept. 18, 2020

26:16

Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.

Sept. 17, 2020

24:37

VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.

Sept. 16, 2020

23:24

Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.

Sept. 15, 2020

22:57

Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.

Sept. 14, 2020

25:22

Ode to Wealthy Elite. [Shadowspeak]

Sept. 14, 2020

2:47

Brandon Robinson: Built from the ground up. [Career Notes]

Sept. 13, 2020

6:30

Leveraging legitimate tools. [Research Saturday]

Sept. 12, 2020

32:23

Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.

Sept. 11, 2020

27:52

Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.

Sept. 10, 2020

22:57

Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.

Sept. 9, 2020

23:07

Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?

Sept. 8, 2020

26:16

Exploring the cultural values of personal privacy. [Caveat]

Sept. 7, 2020

48:53

Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]

Sept. 6, 2020

6:43

Going after the most valuable data. [Research Saturday]

Sept. 5, 2020

26:36

Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.

Sept. 4, 2020

27:53

Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.

Sept. 3, 2020

23:13

Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.

Sept. 2, 2020

23:13

The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.

Sept. 1, 2020

22:56

DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.

Aug. 31, 2020

25:09

Jack Rhysider: Get your experience points in everything. [Career Notes]

Aug. 30, 2020

7:24

They fooled a lot of people. [Research Saturday]

Aug. 29, 2020

15:27

Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.

Aug. 28, 2020

26:04

Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.

Aug. 27, 2020

23:18

New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?

Aug. 26, 2020

22:57

The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.

Aug. 25, 2020

23:02

Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.

Aug. 24, 2020

22:59

Kiersten Todt: Problem solving and building solutions. [Career Notes]

Aug. 23, 2020

6:56

Using global events as lures. [Research Saturday]

Aug. 22, 2020

22:52

Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.

Aug. 21, 2020

25:17

Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.

Aug. 20, 2020

23:06

Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.

Aug. 19, 2020

23:28

Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.

Aug. 18, 2020

22:35

North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.

Aug. 17, 2020

26:35

Trying for a win, win, win game. [Career Notes]

Aug. 16, 2020

5:26

The ABCs of cybersecurity for the education sector. [CyberWire-X]

Aug. 16, 2020

28:17

Waiting for their victims. [Research Saturday]

Aug. 15, 2020

24:37

Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).

Aug. 14, 2020

25:20

This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.

Aug. 13, 2020

22:22

Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?

Aug. 12, 2020

22:35

Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.

Aug. 11, 2020

24:32

NMAP (noun) [Word Notes]

Aug. 11, 2020

3:23

What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.

Aug. 10, 2020

25:47

The Green Goldfish and cyber threat intelligence. [Career Notes]

Aug. 9, 2020

7:10

Like anything these days, you have to disinfect it first. [Research Saturday]

Aug. 8, 2020

27:25

US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.

Aug. 7, 2020

24:46

US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.

Aug. 6, 2020

24:40

Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.

Aug. 5, 2020

22:16

US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.

Aug. 4, 2020

22:07

Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.

Aug. 3, 2020

23:34

Rely on your strengths in the areas of the unknown. [Career Notes]

Aug. 2, 2020

6:57

Detecting Twitter bots in real time. [Research Saturday]

Aug. 1, 2020

24:55

Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.

July 31, 2020

26:05

A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.

July 30, 2020

21:46

Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.

July 29, 2020

22:46

Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.

July 28, 2020

22:52

Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.

July 27, 2020

22:25

No matter the statistic, even if against the odds, focus on what you want. [Career Notes]

July 26, 2020

6:29

It was only a matter of time. [Research Saturday]

July 25, 2020

16:13

A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.

July 24, 2020

25:38

Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.

July 23, 2020

22:49

Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.

July 22, 2020

22:23

Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.

July 21, 2020

23:02

Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.

July 20, 2020

20:06

Have to be able to communicate to everybody. [Career Notes]

July 19, 2020

7:11

Every time we get smarter, the bad guy changes something. [Research Saturday]

July 18, 2020

33:25

High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.

July 17, 2020

25:01

Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.

July 16, 2020

24:05

A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.

July 15, 2020

22:26

Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.

July 14, 2020

22:55

Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.

July 13, 2020

22:44

Turn challenges into opportunities. [Career Notes]

July 12, 2020

6:55

Are you running what you think you're running? [Research Saturday]

July 11, 2020

17:24

The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.

July 10, 2020

25:33

Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.

July 9, 2020

22:39

Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.

July 8, 2020

23:08

Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.

July 7, 2020

23:21

Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.

July 6, 2020

22:32

Solving hard problems and pursuing your passions. [Career Notes]

July 5, 2020

7:18

Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.

July 2, 2020

22:40

EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.

July 1, 2020

22:31

Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.

June 30, 2020

22:15

Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.

June 29, 2020

22:09

Get your foot in the door and prove your worth. [Career Notes]

June 28, 2020

6:36

Enter the RAT. [Research Saturday]

June 27, 2020

24:50

Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.

June 26, 2020

26:32

Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.

June 25, 2020

22:26

BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.

June 24, 2020

23:47

Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.

June 23, 2020

23:23

BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.

June 22, 2020

22:50

Superhero origin stories and lessons that last. [Career Notes]

June 21, 2020

6:54

Click here to update your webhook. [Research Saturday]

June 20, 2020

20:13

Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.

June 19, 2020

23:37

Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.

June 18, 2020

22:58

Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.

June 17, 2020

23:19

Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.

June 16, 2020

23:03

ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.

June 15, 2020

21:10

The mark of making a difference. [Career Notes]

June 14, 2020

6:06

The value of the why and the who. [Research Saturday]

June 13, 2020

27:54