CyberWire Daily

Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.

May 19, 2022

30:49

CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388.

May 19, 2022

3:20

Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.

May 18, 2022

25:33

CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Alerts]

May 17, 2022

2:49

Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.

May 17, 2022

28:38

Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.

May 16, 2022

25:17

Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]

May 15, 2022

8:12

The current state of zero trust. [CyberWire-X]

May 15, 2022

31:51

Vulnerabilities in IoT devices. [Research Saturday]

May 14, 2022

23:32

War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.

May 13, 2022

24:39

Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.

May 12, 2022

26:11

CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]

May 12, 2022

3:27

Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.

May 11, 2022

25:43

Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.

May 10, 2022

29:34

Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.

May 9, 2022

26:22

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

May 8, 2022

9:03

Attacking where vulnerable. [Research Saturday]

May 7, 2022

17:14

Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).

May 6, 2022

21:27

Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.

May 5, 2022

23:55

More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.

May 4, 2022

28:44

Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.

May 3, 2022

24:08

The future of security validation – what next? [CyberWire-X]

May 3, 2022

28:47

Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.

May 2, 2022

25:19

Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

May 1, 2022

8:49

DevSecOps and securing the container. [CyberWire-X]

May 1, 2022

31:53

Attackers coming in from the Backdoor? [Research Saturday]

April 30, 2022

22:19

Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.

April 29, 2022

26:06

Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.

April 28, 2022

24:26

Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.

April 27, 2022

22:57

Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.

April 26, 2022

28:14

Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.

April 25, 2022

23:23

Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]

April 24, 2022

8:51

BABYSHARK is swimming again! [Research Saturday]

April 23, 2022

37:00

The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.

April 22, 2022

30:04

Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.

April 21, 2022

22:03

Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.

April 20, 2022

26:03

In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.

April 19, 2022

24:21

Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.

April 18, 2022

25:20

CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]

April 17, 2022

38:00

Satya Gupta: Rising to your contribution. [CTO] [Career Notes]

April 17, 2022

9:25

A fight to defend Taiwan financial institutions. [Research Saturday]

April 16, 2022

19:14

Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.

April 15, 2022

24:00

A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.

April 14, 2022

23:07

Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.

April 13, 2022

25:47

Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.

April 12, 2022

27:09

Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.

April 11, 2022

25:24

SolarWinds through a first principle lens. [CSO Perspectives]

April 11, 2022

21:21

Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]

April 10, 2022

9:22

The secrets behind Docker. [Research Saturday]

April 9, 2022

21:54

Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.

April 8, 2022

24:08

Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.

April 7, 2022

28:15

Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA

April 6, 2022

25:32

Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.

April 5, 2022

23:29

Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.

April 4, 2022

29:50

Living security: the current state of XDR. [CyberWire-X]

April 3, 2022

30:28

Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]

April 3, 2022

7:08

A popular malware scheme and pay-per-install services. [Research Saturday]

April 2, 2022

20:35

Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.

April 1, 2022

25:46

Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.

March 31, 2022

23:21

Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.

March 30, 2022

24:29

Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.

March 29, 2022

29:19

Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.

March 28, 2022

24:58

The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]

March 26, 2022

20:36

Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.

March 25, 2022

26:03

Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.

March 24, 2022

26:45

Insider Risk Excellence Awards. [CyberWire-X]

March 24, 2022

22:36

British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.

March 23, 2022

26:35

White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.

March 22, 2022

25:29

Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.

March 21, 2022

27:17

Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]

March 20, 2022

9:08

Implications of data leaks of sensitive OT information. [Research Saturday]

March 19, 2022

24:08

Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.

March 18, 2022

25:14

Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.

March 17, 2022

24:39

Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.

March 16, 2022

25:23

Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.

March 15, 2022

28:46

Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.

March 14, 2022

27:01

Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]

March 13, 2022

7:26

The story of REvil: From origin to beyond. [Research Saturday]

March 12, 2022

33:41

An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.

March 11, 2022

26:47

Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.

March 10, 2022

30:14

Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.

March 9, 2022

28:13

Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.

March 8, 2022

26:45

Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).

March 7, 2022

28:14

Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]

March 6, 2022

9:59

HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]

March 6, 2022

35:32

An abuse of trust: Potential security issues with open redirects. [Research Saturday]

March 5, 2022

23:51

Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.

March 4, 2022

26:30

Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.

March 3, 2022

30:24

Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.

March 2, 2022

29:29

Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.

March 1, 2022

29:47

An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.

Feb. 28, 2022

27:08

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

Feb. 27, 2022

9:41

Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]

Feb. 26, 2022

21:34

Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.

Feb. 25, 2022

29:21

Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.

Feb. 24, 2022

25:07

Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.

Feb. 23, 2022

30:43

Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.

Feb. 22, 2022

30:17

Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."

Feb. 21, 2022

23:52

Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures

Feb. 21, 2022

29:52

Joe Carrigan: Build your network. [Security engineer] [Career Notes]

Feb. 20, 2022

10:09

What Log4Shell has taught us. [CyberWire-X]

Feb. 20, 2022

32:08

Instagram hijacks all start with a phish. [Research Saturday]

Feb. 19, 2022

22:58

False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.

Feb. 18, 2022

29:07

Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.

Feb. 17, 2022

29:22

A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.

Feb. 16, 2022

30:58

Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.

Feb. 15, 2022

27:18

Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?

Feb. 14, 2022

24:33

Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]

Feb. 13, 2022

8:07

SysJoker backdoor masquerades as benign updates. [Research Saturday]

Feb. 12, 2022

15:44

Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.

Feb. 11, 2022

29:06

Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.

Feb. 10, 2022

29:07

A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.

Feb. 9, 2022

27:18

Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.

Feb. 8, 2022

27:59

Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.

Feb. 7, 2022

27:19

Chris Hadnagy: Show them that you're worth it. [Social engineer] [Career Notes]

Feb. 6, 2022

8:48

The persistent and patient nature of advanced threat actors. [Research Saturday]

Feb. 5, 2022

19:56

Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.

Feb. 4, 2022

27:58

Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.

Feb. 3, 2022

29:42

Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.

Feb. 2, 2022

27:17

Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.

Feb. 1, 2022

31:30

The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.

Jan. 31, 2022

28:30

Helen Patton: A platform to talk about security. [CISO] [Career Notes]

Jan. 30, 2022

10:15

Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]

Jan. 30, 2022

34:15

Use of legitimate tools possibly linked to Seedworm. [Research Saturday]

Jan. 29, 2022

16:13

Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.

Jan. 28, 2022

28:30

Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.

Jan. 27, 2022

25:07

Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.

Jan. 26, 2022

28:39

Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.

Jan. 25, 2022

32:49

Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.

Jan. 24, 2022

28:44

Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]

Jan. 23, 2022

9:05

A collaboration stumbles upon threat actor Lyceum. [Research Saturday]

Jan. 22, 2022

18:56

Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.

Jan. 22, 2022

27:16

Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.

Jan. 20, 2022

30:12

Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.

Jan. 19, 2022

27:02

A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.

Jan. 18, 2022

26:05

SOAR - a first principle idea. [CSO Perspectives}

Jan. 17, 2022

17:01

Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]

Jan. 16, 2022

10:36

Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]

Jan. 15, 2022

26:37

Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.

Jan. 14, 2022

30:15

A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.

Jan. 13, 2022

27:49

The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.

Jan. 12, 2022

27:24

Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.

Jan. 11, 2022

27:32

CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.

Jan. 10, 2022

30:47

Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]

Jan. 9, 2022

10:34

The rise of Karakurt Hacking Team.

Jan. 8, 2022

14:10

Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.

Jan. 7, 2022

25:38

Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.

Jan. 6, 2022

30:14

CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.

Jan. 5, 2022

30:39

Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.

Jan. 4, 2022

33:27

Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.

Jan. 3, 2022

26:29

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

Jan. 2, 2022

9:20

Cybersecurity predictions for 2022. [CyberWire-X]

Jan. 2, 2022

29:54

Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]

Jan. 1, 2022

21:28

CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.

Dec. 31, 2021

13:12

CyberWire Pro Interview Selects: Sir David Omand.

Dec. 30, 2021

21:35

CyberWire Pro Interview Selects: Zan Vautrinot on boards.

Dec. 29, 2021

20:17

CyberWire Pro Interview Selects: Bill Wright of Splunk.

Dec. 28, 2021

9:47

CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.

Dec. 27, 2021

23:08

Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

Dec. 26, 2021

7:36

CyberWire Pro Research Briefing from 12/21/2021.

Dec. 25, 2021

9:04

The CyberWire: The 12 Days of Malware.

Dec. 25, 2021

4:43

CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.

Dec. 24, 2021

10:59

Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.

Dec. 23, 2021

28:29

The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.

Dec. 22, 2021

28:25

Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.

Dec. 21, 2021

28:07

Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.

Dec. 20, 2021

26:51

Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]

Dec. 19, 2021

10:33

Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]

Dec. 18, 2021

17:41

Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.

Dec. 17, 2021

25:26

Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.

Dec. 16, 2021

26:27

Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.

Dec. 15, 2021

28:15

Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.

Dec. 14, 2021

32:00

Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.

Dec. 13, 2021

27:14

Hannah Kenney: Focused on people. [Risk] [Career Notes]

Dec. 12, 2021

7:46

FIN7 repositioning focus into ransomware. [Research Saturday]

Dec. 11, 2021

29:20

Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.

Dec. 10, 2021

24:30

Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.

Dec. 9, 2021

31:21

AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.

Dec. 8, 2021

24:04

The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?

Dec. 7, 2021

28:50

Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.

Dec. 6, 2021

24:07

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

Dec. 5, 2021

8:44

Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]

Dec. 5, 2021

42:51

Getting in and getting out with SnapMC. [Research Saturday]

Dec. 4, 2021

18:36

Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.

Dec. 3, 2021

25:27

More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?

Dec. 2, 2021

25:26

Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.

Dec. 1, 2021

28:51

Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.

Nov. 30, 2021

25:45

Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.

Nov. 29, 2021

21:40

Anisha Patel: Right along with them. [Program management] [Career Notes]

Nov. 28, 2021

8:15

CyberWire Pro Research Briefing from 11/23/2021

Nov. 27, 2021

8:18

CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.

Nov. 26, 2021

9:01

Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]

Nov. 25, 2021

17:45

Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.

Nov. 24, 2021

28:59

Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.

Nov. 23, 2021

29:33

Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.

Nov. 22, 2021

21:48

How ransomware impacts organizations. [CyberWire-X]

Nov. 21, 2021

30:20

MK Palmore: Lead from where you stand. [CISO] [Career Notes]

Nov. 21, 2021

8:40

Using bidirectionality override characters to obscure code. [Research Saturday]

Nov. 20, 2021

26:25

Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?

Nov. 19, 2021

25:43

Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.

Nov. 18, 2021

24:47

CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.

Nov. 17, 2021

23:30

Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.

Nov. 16, 2021

29:20

Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.

Nov. 15, 2021

22:18

The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]

Nov. 14, 2021

29:07

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Nov. 14, 2021

10:34

A glimpse into TeamTNT. [Research Saturday]

Nov. 13, 2021

16:21

Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.

Nov. 12, 2021

26:18

Let's go to the movies. [Hacking Humans Goes to the Movies]

Nov. 11, 2021

25:11

Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.

Nov. 10, 2021

23:46

Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.

Nov. 9, 2021

25:22

REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.

Nov. 8, 2021

24:47

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

Nov. 7, 2021

7:31

An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]

Nov. 6, 2021

19:59

$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.

Nov. 5, 2021

26:00

Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.

Nov. 4, 2021

25:58

Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.

Nov. 3, 2021

23:15

Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.

Nov. 2, 2021

27:56

Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).

Nov. 1, 2021

23:15

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

Oct. 31, 2021

9:39

Malware sometimes changes its behavior. [Research Saturday]

Oct. 30, 2021

27:48

Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”

Oct. 29, 2021

27:58

The Malware Mash!

Oct. 29, 2021

3:05

Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.

Oct. 28, 2021

26:18

Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.

Oct. 27, 2021

25:49

Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.

Oct. 26, 2021

27:37

SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.

Oct. 25, 2021

23:45

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]

Oct. 24, 2021

8:23

When big ransomware goes away, where should affiliates go? [Research Saturday]

Oct. 23, 2021

20:58

Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.

Oct. 22, 2021

27:46

Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.

Oct. 21, 2021

27:39

Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.

Oct. 20, 2021

24:32

TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.

Oct. 19, 2021

22:06

A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?

Oct. 18, 2021

24:00

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

Oct. 17, 2021

9:22

Groove Gang making a name for themselves. [Research Saturday]

Oct. 16, 2021

22:03

CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.

Oct. 15, 2021

23:07

Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.

Oct. 14, 2021

25:37

Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.

Oct. 13, 2021

29:39

Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize

Oct. 12, 2021

29:59

Extra: Let's talk about Facebook's research. [Caveat]

Oct. 11, 2021

44:05

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

Oct. 10, 2021

10:57

Taking a closer look at UNC1151. [Research Saturday]

Oct. 9, 2021

18:11

Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.

Oct. 8, 2021

25:03

Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.

Oct. 7, 2021

26:11

Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.

Oct. 6, 2021

31:11

Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.

Oct. 5, 2021

28:59

Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.

Oct. 4, 2021

26:05

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Oct. 3, 2021

8:36

Cloud configuration security: Breaking the endless cycle. [CyberWire-X]

Oct. 3, 2021

33:03

IoT security and the need for randomness. [Research Saturday]

Oct. 2, 2021

33:35

Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.

Oct. 1, 2021

25:48

GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.

Sept. 30, 2021

28:41

DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.

Sept. 29, 2021

22:28

Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.

Sept. 28, 2021

26:16

The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.

Sept. 27, 2021

24:48

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

Sept. 26, 2021

10:17

Why it’s time for cybersecurity to go mainstream. [CyberWire-X]

Sept. 26, 2021

40:35

Vulnerabilities in the public cloud. [Research Saturday]

Sept. 25, 2021

23:00

Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?

Sept. 24, 2021

24:31

Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.

Sept. 23, 2021

24:50

Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.

Sept. 22, 2021

28:05

BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.

Sept. 21, 2021

26:28

Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.

Sept. 20, 2021

26:43

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

Sept. 19, 2021

7:57

An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

Sept. 18, 2021

24:24

Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.

Sept. 17, 2021

27:28

A CSO's 9/11 Story: CSO Perspectives Bonus.

Sept. 17, 2021

28:33

Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

Sept. 16, 2021

27:11

No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

Sept. 15, 2021

25:22

NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.

Sept. 14, 2021

22:32

The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.

Sept. 13, 2021

22:34

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

Sept. 12, 2021

6:59

A Google Chrome update that just didn't feel right. [Research Saturday]

Sept. 11, 2021

20:29

Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.

Sept. 10, 2021

27:12

Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.

Sept. 9, 2021

25:38

BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.

Sept. 8, 2021

24:22

A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.

Sept. 7, 2021

26:03

Security operations centers: a first principle idea. [CSO Perspectives]

Sept. 6, 2021

16:30

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

Sept. 5, 2021

7:34

Like a computer network but for physical objects. [Research Saturday]

Sept. 4, 2021

24:49