The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
The #teamcrushingit Podcast
This is THE place to crush the obstacles in front of your goals...
To figure out HOW to get to our goals faster than we thought was possible...
To CRUSH Life...
We don't c…
Compromised military tech? [Research Saturday]
May 28, 2022
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
May 27, 2022
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
May 26, 2022
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
May 25, 2022
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
May 24, 2022
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.
May 23, 2022
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
May 22, 2022
AutoWarp bug leads to Automation headaches. [Research Saturday]
May 21, 2022
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
May 20, 2022
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Alerts]
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
May 19, 2022
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388.
Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
May 18, 2022
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Alerts]
May 17, 2022
Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
May 16, 2022
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
May 15, 2022
The current state of zero trust. [CyberWire-X]
Vulnerabilities in IoT devices. [Research Saturday]
May 14, 2022
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
May 13, 2022
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
May 12, 2022
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
May 11, 2022
Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.
May 10, 2022
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.
May 9, 2022
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
May 8, 2022
Attacking where vulnerable. [Research Saturday]
May 7, 2022
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).
May 6, 2022
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
May 5, 2022
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.
May 4, 2022
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
May 3, 2022
The future of security validation – what next? [CyberWire-X]
Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.
May 2, 2022
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
May 1, 2022
DevSecOps and securing the container. [CyberWire-X]
Attackers coming in from the Backdoor? [Research Saturday]
April 30, 2022
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
April 29, 2022
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.
April 28, 2022
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
April 27, 2022
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
April 26, 2022
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.
April 25, 2022
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
April 24, 2022
BABYSHARK is swimming again! [Research Saturday]
April 23, 2022
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.
April 22, 2022
Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
April 21, 2022
Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
April 20, 2022
In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
April 19, 2022
Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
April 18, 2022
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
April 17, 2022
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
A fight to defend Taiwan financial institutions. [Research Saturday]
April 16, 2022
Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
April 15, 2022
A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
April 14, 2022
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
April 13, 2022
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
April 12, 2022
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
April 11, 2022
SolarWinds through a first principle lens. [CSO Perspectives]
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
April 10, 2022
The secrets behind Docker. [Research Saturday]
April 9, 2022
Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
April 8, 2022
Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
April 7, 2022
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
April 6, 2022
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
April 5, 2022
Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
April 4, 2022
Living security: the current state of XDR. [CyberWire-X]
April 3, 2022
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
A popular malware scheme and pay-per-install services. [Research Saturday]
April 2, 2022
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.
April 1, 2022
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
March 31, 2022
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
March 30, 2022
Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
March 29, 2022
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
March 28, 2022
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
March 26, 2022
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
March 25, 2022
Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.
March 24, 2022
Insider Risk Excellence Awards. [CyberWire-X]
British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
March 23, 2022
White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
March 22, 2022
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
March 21, 2022
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
March 20, 2022
Implications of data leaks of sensitive OT information. [Research Saturday]
March 19, 2022
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
March 18, 2022
Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
March 17, 2022
Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
March 16, 2022
Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
March 15, 2022
Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
March 14, 2022
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
March 13, 2022
The story of REvil: From origin to beyond. [Research Saturday]
March 12, 2022
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
March 11, 2022
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
March 10, 2022
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.
March 9, 2022
Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
March 8, 2022
Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
March 7, 2022
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
March 6, 2022
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
March 5, 2022
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.
March 4, 2022
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
March 3, 2022
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
March 2, 2022
Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
March 1, 2022
An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
Feb. 28, 2022
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Feb. 27, 2022
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
Feb. 26, 2022
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
Feb. 25, 2022
Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
Feb. 24, 2022
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
Feb. 23, 2022
Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.
Feb. 22, 2022
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
Feb. 21, 2022
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Feb. 20, 2022
What Log4Shell has taught us. [CyberWire-X]
Instagram hijacks all start with a phish. [Research Saturday]
Feb. 19, 2022
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.
Feb. 18, 2022
Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
Feb. 17, 2022
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.
Feb. 16, 2022
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.
Feb. 15, 2022
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
Feb. 14, 2022
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
Feb. 13, 2022
SysJoker backdoor masquerades as benign updates. [Research Saturday]
Feb. 12, 2022
Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.
Feb. 11, 2022
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.
Feb. 10, 2022
A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
Feb. 9, 2022
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
Feb. 8, 2022
Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
Feb. 7, 2022
Chris Hadnagy: Show them that you're worth it. [Social engineer] [Career Notes]
Feb. 6, 2022
The persistent and patient nature of advanced threat actors. [Research Saturday]
Feb. 5, 2022
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
Feb. 4, 2022
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
Feb. 3, 2022
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
Feb. 2, 2022
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
Feb. 1, 2022
The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
Jan. 31, 2022
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Jan. 30, 2022
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
Jan. 29, 2022
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
Jan. 28, 2022
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
Jan. 27, 2022
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
Jan. 26, 2022
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
Jan. 25, 2022
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
Jan. 24, 2022
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
Jan. 23, 2022
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
Jan. 22, 2022
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
Jan. 20, 2022
Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
Jan. 19, 2022
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.
Jan. 18, 2022
SOAR - a first principle idea. [CSO Perspectives}
Jan. 17, 2022
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
Jan. 16, 2022
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
Jan. 15, 2022
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
Jan. 14, 2022
A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.
Jan. 13, 2022
The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.
Jan. 12, 2022
Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.
Jan. 11, 2022
CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.
Jan. 10, 2022
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Jan. 9, 2022
The rise of Karakurt Hacking Team.
Jan. 8, 2022
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.
Jan. 7, 2022
Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.
Jan. 6, 2022
CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.
Jan. 5, 2022
Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.
Jan. 4, 2022
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.
Jan. 3, 2022
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Jan. 2, 2022
Cybersecurity predictions for 2022. [CyberWire-X]
Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]
Jan. 1, 2022
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
Dec. 31, 2021
CyberWire Pro Interview Selects: Sir David Omand.
Dec. 30, 2021
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
Dec. 29, 2021
CyberWire Pro Interview Selects: Bill Wright of Splunk.
Dec. 28, 2021
CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.
Dec. 27, 2021
Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Dec. 26, 2021
CyberWire Pro Research Briefing from 12/21/2021.
Dec. 25, 2021
The CyberWire: The 12 Days of Malware.
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
Dec. 24, 2021
Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.
Dec. 23, 2021
The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.
Dec. 22, 2021
Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.
Dec. 21, 2021
Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.
Dec. 20, 2021
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
Dec. 19, 2021
Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]
Dec. 18, 2021
Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.
Dec. 17, 2021
Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.
Dec. 16, 2021
Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.
Dec. 15, 2021
Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.
Dec. 14, 2021
Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.
Dec. 13, 2021
Hannah Kenney: Focused on people. [Risk] [Career Notes]
Dec. 12, 2021
FIN7 repositioning focus into ransomware. [Research Saturday]
Dec. 11, 2021
Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.
Dec. 10, 2021
Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.
Dec. 9, 2021
AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.
Dec. 8, 2021
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?
Dec. 7, 2021
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
Dec. 6, 2021
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Dec. 5, 2021
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
Getting in and getting out with SnapMC. [Research Saturday]
Dec. 4, 2021
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
Dec. 3, 2021
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
Dec. 2, 2021
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.
Dec. 1, 2021
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
Nov. 30, 2021
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
Nov. 29, 2021
Anisha Patel: Right along with them. [Program management] [Career Notes]
Nov. 28, 2021
CyberWire Pro Research Briefing from 11/23/2021
Nov. 27, 2021
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Nov. 26, 2021
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Nov. 25, 2021
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.
Nov. 24, 2021
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.
Nov. 23, 2021
Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.
Nov. 22, 2021
How ransomware impacts organizations. [CyberWire-X]
Nov. 21, 2021
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
Using bidirectionality override characters to obscure code. [Research Saturday]
Nov. 20, 2021
Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?
Nov. 19, 2021
Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.
Nov. 18, 2021
CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.
Nov. 17, 2021
Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.
Nov. 16, 2021
Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.
Nov. 15, 2021
The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]
Nov. 14, 2021
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
A glimpse into TeamTNT. [Research Saturday]
Nov. 13, 2021
Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.
Nov. 12, 2021
Let's go to the movies. [Hacking Humans Goes to the Movies]
Nov. 11, 2021
Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.
Nov. 10, 2021
Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.
Nov. 9, 2021
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.
Nov. 8, 2021
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
Nov. 7, 2021
An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]
Nov. 6, 2021
$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.
Nov. 5, 2021
Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.
Nov. 4, 2021
Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.
Nov. 3, 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Nov. 2, 2021
Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).
Nov. 1, 2021
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
Oct. 31, 2021
Malware sometimes changes its behavior. [Research Saturday]
Oct. 30, 2021
Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”
Oct. 29, 2021
The Malware Mash!
Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.
Oct. 28, 2021
Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.
Oct. 27, 2021
Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.
Oct. 26, 2021
SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.
Oct. 25, 2021
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
Oct. 24, 2021
When big ransomware goes away, where should affiliates go? [Research Saturday]
Oct. 23, 2021
Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.
Oct. 22, 2021
Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.
Oct. 21, 2021
Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.
Oct. 20, 2021
TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.
Oct. 19, 2021
A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?
Oct. 18, 2021
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
Oct. 17, 2021
Groove Gang making a name for themselves. [Research Saturday]
Oct. 16, 2021
CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.
Oct. 15, 2021
Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.
Oct. 14, 2021
Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.
Oct. 13, 2021
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize
Oct. 12, 2021
Extra: Let's talk about Facebook's research. [Caveat]
Oct. 11, 2021
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
Oct. 10, 2021
Taking a closer look at UNC1151. [Research Saturday]
Oct. 9, 2021
Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.
Oct. 8, 2021
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.
Oct. 7, 2021
Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.
Oct. 6, 2021
Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.
Oct. 5, 2021
Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.
Oct. 4, 2021
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Oct. 3, 2021
Cloud configuration security: Breaking the endless cycle. [CyberWire-X]
IoT security and the need for randomness. [Research Saturday]
Oct. 2, 2021
Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.
Oct. 1, 2021
GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.
Sept. 30, 2021
DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.
Sept. 29, 2021
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.
Sept. 28, 2021
The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.
Sept. 27, 2021
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
Sept. 26, 2021
Why it’s time for cybersecurity to go mainstream. [CyberWire-X]
Vulnerabilities in the public cloud. [Research Saturday]
Sept. 25, 2021
Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?
Sept. 24, 2021
Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.
Sept. 23, 2021
Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.
Sept. 22, 2021
BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.
Sept. 21, 2021
Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.
Sept. 20, 2021
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Sept. 19, 2021
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
Sept. 18, 2021
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.
Sept. 17, 2021
A CSO's 9/11 Story: CSO Perspectives Bonus.
Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.
Sept. 16, 2021
No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.
Sept. 15, 2021
NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.
Sept. 14, 2021
The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.
Sept. 13, 2021
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
Sept. 12, 2021
A Google Chrome update that just didn't feel right. [Research Saturday]
Sept. 11, 2021
Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.
Sept. 10, 2021
Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.
Sept. 9, 2021
BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.
Sept. 8, 2021
A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.
Sept. 7, 2021
Security operations centers: a first principle idea. [CSO Perspectives]
Sept. 6, 2021
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
Sept. 5, 2021
Like a computer network but for physical objects. [Research Saturday]
Sept. 4, 2021