CyberWire Daily

N2K Networks

Show • 1859 episodes

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Ghost students “haunting” online colleges.

Jun 11 • 37m

Jedai tricks, human risks.

Jun 10 • 33m

White House reboots cybersecurity priorities.

Jun 9 • 36m

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

Jun 8 • 9m

A new stealer hiding behind AI hype. [Research Saturday]

Jun 7 • 25m

Beware of BADBOX.

Jun 6 • 33m

China’s largest data leak exposes billions.

Jun 5 • 33m

Appetite for tracking: A feast on private data.

Jun 4 • 37m

Zero-day déjà vu.

Jun 3 • 42m

AVCheck goes dark in Operation Endgame.

Jun 2 • 29m

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

Jun 1 • 11m

Triofox and the key to disaster. [Research Saturday]

May 31 • 22m

All systems not go.

May 30 • 37m

When "out of the box" becomes "out of control."

May 29 • 32m

Fingers point east.

May 28 • 34m

BEAR-ly washed and dangerous.

May 27 • 35m

Hugh Thompson on Building the RSA Conference [Afternoon Cyber Tea]

May 26 • 37m

AWS in Orbit: Automated Satellite Management. [T-Minus Space]

May 26 • 22m

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

May 25 • 9m

Purple teaming in the modern enterprise. [CyberWire-X]

May 25 • 26m

Pandas with a purpose. [Research Saturday]

May 24 • 20m

When malware masters meet their match.

May 23 • 39m

Lights out for Lumma.

May 22 • 32m

Bear in the network.

May 21 • 40m

The Take It Down Act walks a fine line.

May 20 • 35m

Redacted realities: Inside the MoJ hack.

May 19 • 33m

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

May 18 • 10m

Leveling up their credential phishing tactics. [Research Saturday]

May 17 • 20m

Preparing for the cyber battlespace.

May 16 • 40m

Bypassing Bitlocker encryption.

May 15 • 39m

Get to patching: Patch Tuesday updates.

May 14 • 38m

Jamming in a ban on state AI regulation.

May 13 • 32m

No quick fix for a ClickFix attack.

May 12 • 32m

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

May 11 • 8m

Beyond cyber: Securing the next horizon. [Special Edition]

May 11 • 1h 3m

Hijacking wallets with malicious patches. [Research Saturday]

May 10 • 20m

Scrutinizing the security of messaging apps continues.

May 9 • 32m

Targeting schools is not cool.

May 8 • 36m

AWS in Orbit: Empowering exploration on the Moon, Mars, and more.

May 8 • 26m

When spyware backfires.

May 7 • 33m

No hocus pocus—MagicINFO flaw is the real threat.

May 6 • 37m

Hardcoded credentials and hard lessons.

May 5 • 29m

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

May 4 • 7m

When AI gets a to-do list. [Research Saturday]

May 3 • 24m

Wired, but not fired.

May 2 • 35m

AI on the offensive.

May 1 • 33m

How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives]

May 1 • 41m

Less CISA, more private sector power?

Apr 30 • 36m

Trends shaping the future at RSAC.

Apr 29 • 33m

Lights out, lines down.

Apr 28 • 30m

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

Apr 27 • 8m

Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]

Apr 27 • 1h 15m

China’s new cyber arsenal revealed. [Research Saturday]

Apr 26 • 25m

Pentagon hits fast-forward on software certs.

Apr 25 • 32m

Lessons from the latest breach reports.

Apr 24 • 28m

Are we a trade or a profession? [CISO Perspectives]

Apr 24 • 47m

States struggle with cyber shift.

Apr 23 • 34m

Proton66’s malware highway.

Apr 22 • 42m

When fake fixes hide real attacks.

Apr 21 • 31m

Rich Hale: Understanding the data. [CTO] [Career Notes]

Apr 20 • 7m

Crafting malware with modern metals. [Research Saturday]

Apr 19 • 20m

SSH-attered trust.

Apr 18 • 33m

Microsoft squashes windows server bug.

Apr 17 • 36m

Is the cyber talent ecosystem broken? [CISO Perspectives]

Apr 17 • 42m

CVE program gets last-minute lifeline.

Apr 16 • 33m

OCC breach jolts financial sector.

Apr 15 • 38m

AI ambitions clash with cyber caution.

Apr 14 • 34m

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

Apr 13 • 9m

The new malware on the block. [OMITB]

Apr 12 • 35m

CISA shrinks while threats grow.

Apr 11 • 32m

Former cybersecurity officials lose clearances.

Apr 10 • 32m

Major breach at the US Treasury’s OCC.

Apr 9 • 28m

Using AI to sniff out opposition.

Apr 8 • 37m

UK Apple showdown gonna be public.

Apr 7 • 28m

Rick Howard: Give people resources. [CSO] [Career Notes]

Apr 6 • 8m

Bybit’s $1.4B breach. [Research Saturday]

Apr 5 • 35m

A leadership shift.

Apr 4 • 36m

The invisible force fueling cyber chaos.

Apr 3 • 30m

Chrome & Firefox squash the latest flaws.

Apr 2 • 30m

Hackers beware, fines are in the air.

Apr 1 • 30m

Ransom demands and medical data for sale.

Mar 31 • 35m

Alyssa Miller: We have to elevate others. [BISO] [Career Notes]

Mar 30 • 9m

Breaking barriers, one byte at a time. [Research Saturday]

Mar 29 • 22m

New sandbox escape looks awfully familiar.

Mar 28 • 35m

FamousSparrow’s sneaky resurgence.

Mar 27 • 35m

No click, all tricks.

Mar 26 • 30m

The nightmare you can’t ignore.

Mar 25 • 30m

Scammers celebrate with a bang.

Mar 24 • 41m

Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

Mar 23 • 8m

Excel-lerating cyberattacks. [Research Saturday]

Mar 22 • 26m

Brute force and broken trust.

Mar 21 • 31m

Can’t escape RCE flaws.

Mar 20 • 30m

Remote hijacking at your fingertips.

Mar 19 • 32m

Tomcat got your server?

Mar 18 • 30m

A reel disaster for GitHub.

Mar 17 • 29m

Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]

Mar 16 • 7m

Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge [Threat Vector]

Mar 16 • 30m

The ransomware clones of HellCat & Morpheus. [Research Saturday]

Mar 15 • 21m

Balancing budget cuts and cybersecurity.

Mar 14 • 32m

FCC draws the line on Chinese tech threats.

Mar 13 • 34m

Will Plankey lead CISA to victory?

Mar 12 • 32m

X marks the hack.

Mar 11 • 36m

software bill of materials (SBOM) (noun) [Word Notes]

Mar 11 • 6m

PHP flaw sparks global attack wave.

Mar 10 • 36m

Peter Baumann: Adding value to data. [CEO] [Career Notes]

Mar 9 • 8m

Botnet’s back, tell a friend. [Research Saturday]

Mar 8 • 22m

The end of the line for Garantex.

Mar 7 • 30m

From China with love (and Malware).

Mar 6 • 33m

US Treasury targets darknet kingpin.

Mar 5 • 29m

CISA keeps watch on Russia.

Mar 4 • 35m

Is it cyber peace or just a buffer?

Mar 3 • 24m

Taree Reardon: A voice for women in cyber. [Career Notes]

Mar 2 • 7m

Caught in the contagious interview. [Research Saturday]

Mar 1 • 29m

Pay the ransom or risk data carnage.

Feb 28 • 31m

The masterminds behind a $1.5 billion heist.

Feb 27 • 33m

Live from Orlando, it's Hacking Humans! [Hacking Humans]

Feb 27 • 30m

Hacked in plain sight.

Feb 26 • 30m

Orange you glad you didn't fall for this?

Feb 25 • 33m

Can the U.S. keep up in cyberspace?

Feb 24 • 35m

Dwayne Price: Sharing information. [Project Management] [Career Notes]

Feb 23 • 7m

From small-time scams to billion-dollar threats. [Research Saturday]

Feb 22 • 27m

The political shake-up at the FBI.

Feb 21 • 33m

No rest for the patched.

Feb 20 • 33m

Pennies for access.

Feb 19 • 35m

PAN-ic mode: The race to secure PAN-OS.

Feb 18 • 35m

LIVE! From Philly [Threat Vector]

Feb 17 • 24m

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

Feb 16 • 9m

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

Feb 15 • 35m

AI’s blind spots need human eyes.

Feb 14 • 34m

Salt in the wound.

Feb 13 • 34m

DOGEgeddon: The cyber crisis hiding in plain sight.

Feb 12 • 34m

Apple’s race to secure your iPhone.

Feb 11 • 35m

Read all about it—or maybe not.

Feb 10 • 31m

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

Feb 9 • 8m

Cleo’s trojan horse. [Research Saturday]

Feb 8 • 21m

DOGE-eat-DOGE world.

Feb 7 • 36m

FCC around and find out.

Feb 6 • 44m

DOGE days numbered?

Feb 5 • 33m

A wolf in DOGE’s clothing?

Feb 4 • 32m

Federal agencies in power struggle crossfire.

Feb 3 • 32m

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

Feb 2 • 6m

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Feb 1 • 27m

The end of a cybercrime empire.

Jan 31 • 36m

Cracked and Nulled taken down.

Jan 30 • 38m

Cats and RATS are all the rage.

Jan 29 • 32m

It was DDoS, not us.

Jan 28 • 34m

China's chatbot sends tech stocks into tailspin.

Jan 27 • 36m

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

Jan 26 • 8m

LightSpy's dark evolution. [Research Saturday]

Jan 25 • 25m

The end of warrantless searches?

Jan 24 • 35m

A warning from the cloud.

Jan 23 • 39m

The uncertain future of cyber safety oversight.

Jan 22 • 35m

Trump’s opening moves.

Jan 21 • 43m

AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]

Jan 20 • 27m

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

Jan 19 • 8m

A cute cover for a dangerous vulnerability. [Research Saturday]

Jan 18 • 24m

Hacking the bureau.

Jan 17 • 40m

Bolstering the digital shield.

Jan 16 • 34m

Massive malware cleanup.

Jan 15 • 35m

National security in the digital age.

Jan 14 • 35m

Multi-factor frustration.

Jan 13 • 34m

The hidden cost of data hoarding. [Research Saturday]

Jan 11 • 34m

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

Jan 11 • 7m

When retaliation turns digital.

Jan 10 • 33m

Biden’s final cyber order tackles digital weaknesses.

Jan 9 • 30m

A new Mirai-based botnet.

Jan 8 • 32m

U.S. sanctions spark cyber showdown with China.

Jan 7 • 33m

China’s shadow over U.S. telecom networks.

Jan 6 • 32m

Crypto client or cyber trap? [Research Saturday]

Jan 4 • 24m

Dominique West: Security found me. [Strategy] [Career Notes]

Jan 4 • 7m

AI-powered propaganda.

Jan 3 • 36m

A breach in the U.S. Treasury.

Jan 2 • 36m

Scotland’s position to lead cyber and space. [Deep Space]

Jan 1 • 30m

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

Jan 1 • 38m

Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. [Special Edition]

Dec 31, 2024 • 24m

Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]

Dec 30, 2024 • 53m

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.

Dec 30, 2024 • 39m

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

Dec 29, 2024 • 8m

On the prowl for mobile malware. [Research Saturday]

Dec 28, 2024 • 27m

A cyber carol.

Dec 27, 2024 • 51m

Putting a dent in the cybersecurity workforce gap.

Dec 26, 2024 • 31m

The CyberWire: The 12 Days of Malware. [Special edition]

Dec 25, 2024 • 7m

A social engineering carol.

Dec 25, 2024 • 8m

Lessons from the Viasat cybersecurity attack. [T-Minus]

Dec 24, 2024 • 29m

Decoding XDR: Allie Mellen on What’s Next [Threat Vector]

Dec 24, 2024 • 39m

Court puts the ‘spy’ in spyware.

Dec 23, 2024 • 36m

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

Dec 22, 2024 • 7m

Quishing for trouble. [Research Saturday]

Dec 21, 2024 • 17m

Ukraine’s fight to restore critical data.

Dec 20, 2024 • 38m

Breached but not broken.

Dec 19, 2024 • 34m

Hacking allegations and antitrust heat.

Dec 18, 2024 • 31m

The cost of peeking at U.S. traffic.

Dec 17, 2024 • 33m

Rhode Island cyberattack exposes sensitive data.

Dec 16, 2024 • 37m

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Dec 15, 2024 • 7m

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

Dec 14, 2024 • 21m

Hackers in handcuffs.

Dec 13, 2024 • 32m

When AI goes offline.

Dec 12, 2024 • 33m

When exploits go wild and patches race the clock.

Dec 11, 2024 • 31m

Buckets of trouble.

Dec 10, 2024 • 37m

Router security in jeopardy.

Dec 9, 2024 • 33m

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

Dec 8, 2024 • 5m

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

Dec 8, 2024 • 46m

The JPHP loader breaking away from the pack. [Research Saturday]

Dec 7, 2024 • 25m

The NTLM bug that sees and steals.

Dec 6, 2024 • 34m

Dismantling the Manson cybercrime market.

Dec 5, 2024 • 35m

The end of MATRIX.

Dec 4, 2024 • 33m

Nam3l3ss but not harmless.

Dec 3, 2024 • 33m

The international effort making digital spaces safer.

Dec 2, 2024 • 33m

Debra Danielson: Be fearless. [CTO] [Career Notes]

Dec 1, 2024 • 7m

Leaking your AWS API keys, on purpose? [Research Saturday]

Nov 30, 2024 • 26m

Science fiction meets reality with Ronald D. Moore. [T-Minus Deep Space]

Nov 29, 2024 • 49m

Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]

Nov 28, 2024 • 34m

Grappling with a ransomware attack.

Nov 27, 2024 • 33m

Taking aim at cybercrime.

Nov 26, 2024 • 31m

Novel attacks and creative phishing angles.

Nov 25, 2024 • 32m

So you want to write a book about AI and cybersecurity? [CSO Perspectives]

Nov 25, 2024 • 18m

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

Nov 24, 2024 • 6m

Exposing AI's Achilles heel. [Research Saturday]

Nov 23, 2024 • 26m

A not so BASIC farewell.

Nov 22, 2024 • 34m

No more spinach for PopeyeTools.

Nov 21, 2024 • 37m

When location data becomes a weapon.

Nov 20, 2024 • 32m

Biden vs. Trump: A tale of two cybersecurity strategies.

Nov 19, 2024 • 34m

A new era for CISA under Trump?

Nov 18, 2024 • 32m

Cyber-entrepreneurship in the age of CyberAI. [CSO Perspectives]

Nov 18, 2024 • 22m

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

Nov 17, 2024 • 7m

Credential harvesters in the cloud. [Research Saturday]

Nov 16, 2024 • 18m

One tap, total access: Pegasus exploits unveiled.

Nov 15, 2024 • 42m

Eavesdropping on America’s eyes and ears.

Nov 14, 2024 • 32m

‘Bitcoin Jesus’ and Sheboygan face problems.

Nov 13, 2024 • 32m

Ransomware as a public health crisis.

Nov 12, 2024 • 35m

Veterans Day Special. [CSO Perspectives]

Nov 11, 2024 • 15m

Kevin Magee: Focus on the archer. [CSO] [Career Notes]

Nov 10, 2024 • 7m

Solution Spotlight: Rebuilding trust in the wake of tech calamities. [Special Edition]

Nov 10, 2024 • 26m

A firewall wake up call. [Research Saturday]

Nov 9, 2024 • 23m

CISA issues urgent warning.

Nov 8, 2024 • 31m

Canada cuts TikTok ties.

Nov 7, 2024 • 36m

That’s a wrap on election day.

Nov 6, 2024 • 33m

Confidence on election day.

Nov 5, 2024 • 33m

FBI fights fake news.

Nov 4, 2024 • 37m

State of security automation. [CSO Perspectives]

Nov 4, 2024 • 22m

Dinah Davis: Building your network. [R&D] [Career Notes]

Nov 3, 2024 • 8m

Velvet Ant's silent invasion. [Research Saturday]

Nov 2, 2024 • 22m

A push to debunk election disinformation.

Nov 1, 2024 • 30m

Guarding the Vote

Oct 31, 2024 • 33m

The Malware Mash

Oct 31, 2024 • 4m

Password snafu sparks election security questions.

Oct 30, 2024 • 32m

Solution Spotlight: Cultivating cybersecurity culture. [Special Edition]

Oct 29, 2024 • 35m

Securing democracy.

Oct 29, 2024 • 35m

Operation Magnus strikes back.

Oct 28, 2024 • 33m

How to turn tech insights into real advantages. [CSO Perspectives]

Oct 28, 2024 • 11m

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

Oct 27, 2024 • 7m

Mission possible? Navigating tech adoption in the DoD. [Special Edition]

Oct 27, 2024 • 34m

LLM security 101. [Research Saturday]

Oct 26, 2024 • 20m

UnitedHealth breach numbers confirmed.

Oct 25, 2024 • 26m

A giant FortiJump for cybercriminals.

Oct 24, 2024 • 38m

NotLockBit takes a bite out of macOS.

Oct 23, 2024 • 37m

Zero-day exploited in the wild.

Oct 22, 2024 • 32m

On the run, caught on arrival.

Oct 21, 2024 • 38m

Identity 3.0. [CSO Perspectives]

Oct 21, 2024 • 18m

Aarti Borkar: Make your own choices. [Product] [Career Notes]

Oct 20, 2024 • 7m

New targets, new tools, same threat. [Research Saturday]

Oct 19, 2024 • 27m

No more “cyber Snorlax” naps.

Oct 18, 2024 • 35m

Authorities bring down another hacker.

Oct 17, 2024 • 34m

Sri Lanka says ‘no more’ to financial fakers!

Oct 16, 2024 • 31m

Election Propaganda: Part 3: Efforts to reduce the impact of future elections.

Oct 16, 2024 • 46m

A “must patch” list in the making.

Oct 15, 2024 • 36m

Solution Spotlight: A first look at ISC2's 2024 Cybersecurity Workforce Study. [Special Edition]

Oct 14, 2024 • 31m

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

Oct 13, 2024 • 7m

Ransomware on repeat. [Research Saturday]

Oct 12, 2024 • 28m

Patient portals down, ransomware up.

Oct 11, 2024 • 35m

Hacked, attacked, and sued.

Oct 10, 2024 • 34m

Attacks amidst anniversaries.

Oct 9, 2024 • 36m

Election Propaganda: Part 2: Modern propaganda efforts.

Oct 9, 2024 • 50m

Key player unmasked in global ransomware takedown.

Oct 8, 2024 • 34m

Tapped and trapped.

Oct 7, 2024 • 34m

Making security decisions around AI use. [CSO Perspectives]

Oct 7, 2024 • 18m

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

Oct 6, 2024 • 7m

Podcast bait, malware switch. [Research Saturday]

Oct 5, 2024 • 22m

Caught red-handed.

Oct 4, 2024 • 38m

The Global Race for the 21st Century

Oct 3, 2024 • 42m

Election Propaganda Part 1: How does election propaganda work?

Oct 2, 2024 • 33m

Breaking news blocked.

Oct 1, 2024 • 36m

Escape from GPU island.

Sep 30, 2024 • 31m

Security remediation automation. [CSO Perspectives]

Sep 30, 2024 • 18m

Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) [Special Edition]

Sep 29, 2024 • 37m

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

Sep 28, 2024 • 6m

Beyond the permissions wall. [Research Saturday]

Sep 28, 2024 • 17m

Darknet dollars exposed.

Sep 27, 2024 • 34m

Salt Typhoon’s cyber storm.

Sep 26, 2024 • 34m

Blue screen blues.

Sep 25, 2024 • 31m

PIVOTT Act drafts the next wave of digital defenders.

Sep 24, 2024 • 33m

Can connected cars jeopardize national security?

Sep 23, 2024 • 37m

Resilience. (CSO Perspectives)

Sep 23, 2024 • 26m

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Sep 22, 2024 • 7m

Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)

Sep 22, 2024 • 40m

Hook, line, and sinker. [Research Saturday]

Sep 21, 2024 • 22m

They really are watching what we watch.

Sep 20, 2024 • 33m

Derailing the Raptor Train botnet.

Sep 19, 2024 • 38m

High-stakes sabotage.

Sep 18, 2024 • 30m

One small step for scammers.

Sep 17, 2024 • 30m

Agencies warn of voter data deception.

Sep 16, 2024 • 37m

Breaking the information sharing barrier.

Sep 16, 2024 • 24m

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

Sep 15, 2024 • 7m

Spamageddon: Xeon Sender’s cloudy SMS attack revealed! [Research Saturday]

Sep 14, 2024 • 18m

Mini-breach, mega-hype.

Sep 13, 2024 • 31m

UK’s newest cybersecurity MVPs.

Sep 12, 2024 • 34m

A Patch Tuesday overload.

Sep 11, 2024 • 28m

A CSO's 9/11 Story: CSO Perspectives Bonus.

Sep 11, 2024 • 30m

Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, on building a cybersecurity team.

Sep 11, 2024 • 29m

Stealth, command, exfiltrate: The three-headed cyber dragon of Crimson Palace.

Sep 10, 2024 • 30m

A ticking clock to exploitation.

Sep 9, 2024 • 32m

Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

Sep 8, 2024 • 7m

The playbook for outpacing China. [Research Saturday]

Sep 7, 2024 • 26m

Blizzard warning: Russia’s GRU unleashes new cyber saboteurs.

Sep 6, 2024 • 45m

U.S. rains on Russia’s fake news parade.

Sep 5, 2024 • 30m

From secure to clone-tastic.

Sep 4, 2024 • 31m

Brazil nixes Twitter’s successor.

Sep 3, 2024 • 34m

AWS in Orbit: Building Opportunity with Axiom Space. [AWS in Orbit]

Sep 2, 2024 • 39m

Tom Gorup: Fail fast and fail forward. [Operations]

Sep 1, 2024 • 6m

The impact of CISO Circles and cultivating a security culture.

Sep 1, 2024 • 24m

Pop goes the developer. [Research Saturday]

Aug 31, 2024 • 22m

High stakes for high tech: California's AI safety regulations take center stage.

Aug 30, 2024 • 33m

Crime, compliance, and controversy.

Aug 29, 2024 • 34m

From screen share to spyware.

Aug 28, 2024 • 33m

Cyber revolt or just digital ruckus?

Aug 27, 2024 • 31m

From secret chats to public spats.

Aug 26, 2024 • 32m

Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]

Aug 25, 2024 • 7m

Quantum-proof and ready: NIST unveils the future of encryption. [Special Edition]

Aug 25, 2024 • 32m

MaaS infrastructure exposed. [Research Saturday]

Aug 24, 2024 • 25m

Hackers strike LiteSpeed cache again.

Aug 23, 2024 • 30m

Almost letting hackers rule the web.

Aug 22, 2024 • 32m

Cyberattack cripples major American chipmaker.

Aug 21, 2024 • 34m

Cybersecurity on the ballot.

Aug 20, 2024 • 34m

Mic, camera, and more at risk.

Aug 19, 2024 • 30m

Robert Lee: Keeping the lights on. [ICS] [Career Notes]

Aug 18, 2024 • 7m

Essential tools with critical security challenges. [Research Saturday]

Aug 17, 2024 • 24m

Demo-lition derby: iVerify and Google clash over pixel app pitfalls.

Aug 16, 2024 • 32m

Weeding out 'worms' for Window's users.

Aug 15, 2024 • 33m

A health bot’s security slip-up.

Aug 14, 2024 • 31m

From dispossessor to disposed.

Aug 13, 2024 • 37m

Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]

Aug 13, 2024 • 34m

Confidential or compromised?

Aug 12, 2024 • 30m

What does materiality mean exactly?

Aug 12, 2024 • 12m

Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science]

Aug 11, 2024 • 7m

Prompts gone rogue. [Research Saturday]

Aug 10, 2024 • 25m

The 18-year stowaway.

Aug 9, 2024 • 29m

Cybersecurity leaders gear up for the ultimate test.

Aug 8, 2024 • 33m

When updates attack.

Aug 7, 2024 • 31m

Cyberattack calls for an early dismissal.

Aug 6, 2024 • 32m

TikTok in the hot seat...again.

Aug 5, 2024 • 39m

Cybersecurity is radically asymmetrically distributed.

Aug 5, 2024 • 18m

Spinning the web of tangled tactics. [Research Saturday]

Aug 3, 2024 • 24m

Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]

Aug 3, 2024 • 8m

A high-stakes swap.

Aug 2, 2024 • 41m

Ransomware strikes a nerve.

Aug 1, 2024 • 30m

When DDoS and defense collide.

Jul 31, 2024 • 34m

Breaking Bad (records).

Jul 30, 2024 • 32m

Are North Korean hackers going 'Seoul' searching?

Jul 29, 2024 • 39m

The current state of the zero trust.

Jul 29, 2024 • 18m

Encore: Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]

Jul 28, 2024 • 7m

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli. [Special Edition]

Jul 28, 2024 • 39m

The Black Basta ransomware riddle. [Research Saturday]

Jul 27, 2024 • 19m

FBI and DOJ thwart North Korean cyber scheme.

Jul 26, 2024 • 36m

Playing doctor with cyberattacks.

Jul 25, 2024 • 33m

Ghost accounts haunt GitHub.

Jul 24, 2024 • 39m

Don't mess with the NCA.

Jul 23, 2024 • 36m

CrowdStrike and Microsoft battle blue screens across the globe.

Jul 22, 2024 • 40m

The current state of Cyber Threat Intelligence.

Jul 22, 2024 • 17m

Encore: James Hadley: Spend time on what interests you. [CEO] [Career Notes]

Jul 21, 2024 • 7m

Olympic scammers go for gold. [Research Saturday]

Jul 20, 2024 • 23m

Cybersecurity snow day.

Jul 19, 2024 • 37m

SSM On-Prem Flaw is a 10/10 disaster.

Jul 18, 2024 • 32m

Criminal networks crumble.

Jul 17, 2024 • 35m

Squarespace's square off with hijacked domains.

Jul 16, 2024 • 36m

Conspiracy theories in politics.

Jul 15, 2024 • 32m

The current state of MITRE ATT&CK.

Jul 15, 2024 • 18m

Encore: Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]

Jul 13, 2024 • 6m

On the prowl for mobile malware. [Research Saturday]

Jul 13, 2024 • 27m

AT&T's not so LOL hack.

Jul 12, 2024 • 36m

Inside the crypto scam empire.

Jul 11, 2024 • 31m

Old school, new threat.

Jul 10, 2024 • 35m

Uniting against APT40.

Jul 9, 2024 • 35m

The age old battle between iPhone and Android.

Jul 8, 2024 • 33m

Encore: Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]

Jul 7, 2024 • 7m

Encore: Welcome to New York, it's been waitin' for you. [Research Saturday]

Jul 6, 2024 • 20m

Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]

Jul 5, 2024 • 42m

Encore: The curious case of the missing IcedID. [Only Malware in the Building]

Jul 4, 2024 • 21m

The Supreme Court is bringing a judicial shakeup.

Jul 3, 2024 • 33m

Take a trip down regreSSHion lane.

Jul 2, 2024 • 34m

A swift fix for a serious router bug.

Jul 1, 2024 • 27m

The current state of IAM: A Rick-the-toolman episode.

Jul 1, 2024 • 15m

Encore: Carole Theriault: Constantly learning new things. [Media] [Career Notes]

Jun 30, 2024 • 8m

APT36's cyber blitz on India. [Research Saturday]

Jun 29, 2024 • 20m

TeamViewer and APT29 go toe to toe.

Jun 28, 2024 • 28m

Solution Spotlight: Progress on the National Cyber Workforce and Education Strategy. [Special Edition]

Jun 28, 2024 • 35m

E-commerce or E-spying?

Jun 27, 2024 • 29m

2024 Cyber Talent Study by N2K and WiCyS. [Special Edition]

Jun 27, 2024 • 43m

LockBit picks a brawl with banks.

Jun 26, 2024 • 33m

U.S. and China dance the telecom tango.

Jun 25, 2024 • 34m

The claim heard ‘round the world.

Jun 24, 2024 • 36m

Encore: Sal Aurigemma: How things work. [Education] [Career Notes]

Jun 23, 2024 • 7m

Piercing the through the fog. [Research Saturday]

Jun 22, 2024 • 18m

U.S. tightens the cybersecurity belt.

Jun 21, 2024 • 34m

Cyberattack leaves dealerships feeling stuck in neutral.

Jun 20, 2024 • 30m

T-Minus Overview- Our Moon [T-Minus Radio Program]

Jun 19, 2024 • 30m

Servers seized, terrorists teased.

Jun 18, 2024 • 35m

Scattered Spider hacker snagged in Spain.

Jun 17, 2024 • 36m

The current state of XDR: A Rick-the-toolman episode.

Jun 17, 2024 • 19m

Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes]

Jun 16, 2024 • 7m

Exploring the mechanics of Infostealer malware. [Research Saturday]

Jun 15, 2024 • 28m

A hacking keeps you humble.

Jun 14, 2024 • 38m

Whistleblower warns of profit over protection.

Jun 13, 2024 • 34m

COATHANGER isn’t hanging up just quite yet.

Jun 12, 2024 • 31m

Hijacking your heritage.

Jun 11, 2024 • 33m

Rethinking recalls.

Jun 10, 2024 • 36m

Encore: Geoff White: Suddenly all of the pieces start to line up. [Journalism] [Career Notes]

Jun 9, 2024 • 8m

Riding the hype for new Arc browser. [Rsearch Saturday]

Jun 8, 2024 • 27m

A snapshot of security woes.

Jun 7, 2024 • 31m

CISA's calls for a JCDC makeover.

Jun 6, 2024 • 29m

Opening up on hidden secrets.

Jun 5, 2024 • 31m

Ransomware hit causes pathology paralysis.

Jun 4, 2024 • 33m

Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.

Jun 3, 2024 • 28m

SolarWinds and the SEC.

Jun 3, 2024 • 21m

Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition]

Jun 3, 2024 • 25m

Solution Spotlight on the 2024 NICE Conference: Business Roundtable.

Jun 2, 2024 • 31m

Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]

Jun 1, 2024 • 7m

1700 IPs and counting. [Research Saturday]

Jun 1, 2024 • 17m

New cybersecurity bill aims to untangle federal regulations.

May 31, 2024 • 35m

Operation Endgame: Hackers' hideouts exposed.

May 30, 2024 • 39m

Alleged leaked files expose a dirty secret.

May 29, 2024 • 42m

FBI untangles the web that is Scattered Spider.

May 28, 2024 • 39m

Memorial Day special.

May 27, 2024 • 19m

Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]

May 26, 2024 • 8m

International effort dismantles LockBit. [Research Saturday]

May 25, 2024 • 30m

Cybercriminals target London drugs.

May 24, 2024 • 29m

Checkmate at check in.

May 23, 2024 • 39m

Privacy nightmare or useful tool?

May 22, 2024 • 31m

The secrets of a dark web drug lord.

May 21, 2024 • 39m

Double key encryption debate.

May 20, 2024 • 45m

Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]

May 19, 2024 • 7m

From secret images to encryption keys. [Research Saturday]

May 18, 2024 • 22m

10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]

May 18, 2024 • 44m

MediSecure data breach hits Aussie healthcare.

May 17, 2024 • 34m

FBI strikes against a cybercrime syndicate.

May 16, 2024 • 30m

A bipartisan blueprint for American leadership.

May 15, 2024 • 42m

Google strikes back.

May 14, 2024 • 34m

A battle for digital sovereignty.

May 13, 2024 • 34m

Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]

May 12, 2024 • 7m

The double-edged sword of cyber espionage. [Research Saturday]

May 11, 2024 • 20m

Treasury's offensive in financial defense.

May 10, 2024 • 46m

Healthcare in the crosshairs.

May 9, 2024 • 47m

The takedown of a ransomware ringleader.

May 8, 2024 • 41m

Hack-proofing the future to shape cyberspace.

May 7, 2024 • 32m

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP]

May 7, 2024 • 16m

Charting the course: Biden's blueprint for global cybersecurity.

May 6, 2024 • 33m

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]

May 6, 2024 • 18m

Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]

May 5, 2024 • 7m

Geopolitical tensions rise with China. [Research Saturday]

May 4, 2024 • 35m

Ransomware attack turns legal attack.

May 3, 2024 • 39m

Dropbox sign breach exposes secrets.

May 2, 2024 • 40m

Retirement plan breach shakes financial giant.

May 1, 2024 • 39m

Ransomware is just a prescription for chaos.

Apr 30, 2024 • 30m

An unprecedented surge in credential stuffing.

Apr 29, 2024 • 31m

Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]

Apr 28, 2024 • 7m

Cerber ransomware strikes Linux. [Research Saturday]

Apr 27, 2024 • 15m

Kaiser Permanente's privacy predicament.

Apr 26, 2024 • 28m

Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]

Apr 26, 2024 • 55m

The shadowy adversary in Cisco's crosshairs.

Apr 25, 2024 • 29m

Iran's covert cyber operations exposed.

Apr 24, 2024 • 42m

Visa crackdown against spyware swindlers.

Apr 23, 2024 • 35m

Renewed surveillance sparks controversy.

Apr 22, 2024 • 35m

Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]

Apr 21, 2024 • 7m

Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]

Apr 21, 2024 • 18m

The art of information gathering. [Research Saturday]

Apr 20, 2024 • 31m

Swift responses to cyberattacks.

Apr 19, 2024 • 31m

Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]

Apr 19, 2024 • 52m

From phishing to felony.

Apr 18, 2024 • 34m

The rebirth of Russia's cyber warfare.

Apr 17, 2024 • 32m

Weathering the phishing front.

Apr 16, 2024 • 35m

Hunting vulnerabilities.

Apr 15, 2024 • 32m

AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]

Apr 15, 2024 • 24m

Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]

Apr 14, 2024 • 5m

AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]

Apr 14, 2024 • 22m

Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]

Apr 13, 2024 • 15m

Privacy, power, and the path forward.

Apr 12, 2024 • 30m

Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]

Apr 12, 2024 • 44m

Apple's worldwide warning on mercenary attacks.

Apr 11, 2024 • 43m

From deadlock to debate on a revised Section 702 bill.

Apr 10, 2024 • 30m

Unraveling a healthcare ransomware web.

Apr 9, 2024 • 30m

A possible breakthrough in data privacy legislation.

Apr 8, 2024 • 31m

Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]

Apr 7, 2024 • 7m

Leaking your AWS API keys, on purpose? [Research Saturday]

Apr 6, 2024 • 26m

Deciphering the Acuity cybersecurity incident.

Apr 5, 2024 • 33m

Securing secrets: The State Department's cyber hunt.

Apr 4, 2024 • 39m

Biden administration brings down the hammer.

Apr 3, 2024 • 32m

From lawsuit to logoff: Google's incognito mode makeover.

Apr 2, 2024 • 36m

Unmasking the xzploitation.

Apr 1, 2024 • 35m

Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]

Mar 31, 2024 • 9m

The supply chain in disarray. [Research Saturday]

Mar 30, 2024 • 19m

Pentagon’s cybersecurity roadmap.

Mar 29, 2024 • 38m

AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]

Mar 29, 2024 • 38m

A battle against malware.

Mar 28, 2024 • 32m

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

Mar 28, 2024 • 7m

If there's something strange in your neighborhood, don't call Facebook.

Mar 27, 2024 • 37m

Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]

Mar 27, 2024 • 7m

The great firewall breached: China's covert cyber assault on America exposed.

Mar 26, 2024 • 34m

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

Mar 26, 2024 • 8m

Python developers under attack.

Mar 25, 2024 • 34m

Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Mar 24, 2024 • 7m

HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]

Mar 23, 2024 • 24m

When it rains, it pours.

Mar 22, 2024 • 33m

A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]

Mar 22, 2024 • 1h 9m

Safeguarding American data from foreign hands.

Mar 21, 2024 • 42m

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

Mar 21, 2024 • 8m

Biden's cyber splash in protecting the nation's water systems.

Mar 20, 2024 • 30m

The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]

Mar 20, 2024 • 26m

SIM swap scammer pleads guilty.

Mar 19, 2024 • 33m

Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]

Mar 19, 2024 • 6m

The hot pursuit of Volt Typhoon.

Mar 18, 2024 • 30m

Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

Mar 17, 2024 • 10m

Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]

Mar 17, 2024 • 47m

Inside SendGrid's phishy business. [Research Saturday]

Mar 16, 2024 • 31m

Flight fiasco: UK Defence Minister's jet faces GPS jamming.

Mar 15, 2024 • 37m

A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]

Mar 15, 2024 • 1h 13m

TikTok showdown: U.S. lawmakers target privacy and security.

Mar 14, 2024 • 33m

Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]

Mar 14, 2024 • 7m

The usual suspects are up to their usual tricks.

Mar 13, 2024 • 31m

Biden's budget boost for cybersecurity.

Mar 12, 2024 • 27m

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Mar 12, 2024 • 5m

CISA’s news trifecta.

Mar 11, 2024 • 35m

Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Mar 10, 2024 • 11m

Setting better cyber job expectations to attract and retain talent. [Special Edition]

Mar 10, 2024 • 21m

Understanding the multi-tiered impact of ransomware. [Research Saturday]

Mar 9, 2024 • 22m

From breach to battle: The escalating threat of Midnight Blizzard.

Mar 8, 2024 • 38m

Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]

Mar 8, 2024 • 50m

A secret scheme resulting in stolen secrets.

Mar 7, 2024 • 32m

Encore: Dinah Davis: Building your network. [R&D] [Career Notes]

Mar 7, 2024 • 8m

No cyber blues on Super Tuesday.

Mar 6, 2024 • 37m

From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]

Mar 5, 2024 • 7m

Change Healthcare hackers cash in $22 million ransom.

Mar 5, 2024 • 28m

Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]

Mar 5, 2024 • 7m

Cyberattack causes a code red on US healthcare.

Mar 4, 2024 • 30m

Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Mar 3, 2024 • 9m

The return of a malware menace. [Research Saturday]

Mar 2, 2024 • 21m

WhatsApp's legal triumph cracks the spyware vault.

Mar 1, 2024 • 36m

Iran's cyber quest in Middle Eastern aerospace.

Feb 29, 2024 • 31m

Protecting American data.

Feb 28, 2024 • 37m

Out with the old, in with the new.

Feb 27, 2024 • 26m

LockBit reloaded: Unveiling the next chapter in cybercrime.

Feb 26, 2024 • 29m

Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]

Feb 25, 2024 • 5m

Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]

Feb 24, 2024 • 23m

Crackdown on privacy leads to a multi-million dollar fine.

Feb 23, 2024 • 30m

AT&T outage leaves major cities offline.

Feb 22, 2024 • 30m

Anchoring security for US ports.

Feb 21, 2024 • 36m

The reign of digital terror ends.

Feb 20, 2024 • 30m

AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]

Feb 19, 2024 • 42m

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

Feb 19, 2024 • 32m

Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]

Feb 18, 2024 • 6m

Hackers come hopping back. [Research Saturday]

Feb 17, 2024 • 20m

FBI initiates router revolution.

Feb 16, 2024 • 35m

An AI arms race.

Feb 15, 2024 • 30m

It’s always DNS, but that may just be FUD.

Feb 14, 2024 • 29m

Phishing threats unleashed.

Feb 13, 2024 • 36m

DOJ strikes justice.

Feb 12, 2024 • 36m

Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]

Feb 11, 2024 • 5m

Ransomware is coming. [Research Saturday]

Feb 10, 2024 • 30m

Imitation game: LastPass vs LassPass.

Feb 9, 2024 • 35m

Volt Typhoon’s stealthy threat to US critical infrastructure.

Feb 8, 2024 • 33m

Taking a bite out of Apple.

Feb 7, 2024 • 37m

Cracking down on spyware.

Feb 6, 2024 • 33m

A serious breach showdown.

Feb 5, 2024 • 36m

Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]

Feb 4, 2024 • 5m

Weathering the internet storm. [Research Saturday]

Feb 3, 2024 • 25m

A digital leaker gets 40 years behind bars.

Feb 2, 2024 • 32m

Defending America against China's ominous onslaught.

Feb 1, 2024 • 35m

VPN compromise causes concerns.

Jan 31, 2024 • 34m

A Typhoon counter.

Jan 30, 2024 • 29m

Seeking dismissal of SEC allegations.

Jan 29, 2024 • 30m

Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]

Jan 28, 2024 • 8m

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

Jan 28, 2024 • 32m

Hooked on pirated macOS applications. [Research Saturday]

Jan 27, 2024 • 23m

A new purchase is cause for a call out.

Jan 26, 2024 • 32m

Another day, another Blizzard attack.

Jan 25, 2024 • 35m

The fight against exploiting Americans.

Jan 24, 2024 • 38m

The mother of all data breaches.

Jan 23, 2024 • 31m

Midnight Blizzard brings the storm.

Jan 22, 2024 • 29m

Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]

Jan 21, 2024 • 6m

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Jan 21, 2024 • 35m

A firewall wake up call. [Research Saturday]

Jan 20, 2024 • 23m

New malware, new threats.

Jan 19, 2024 • 32m

A credential dump hits the online underground.

Jan 18, 2024 • 31m

Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]

Jan 18, 2024 • 29m

Maximum severity vulnerability needs critical updates.

Jan 17, 2024 • 35m

Vulnerabilities and security risks.

Jan 16, 2024 • 32m

Putting a dent in the cybersecurity workforce gap. [Special Edition]

Jan 15, 2024 • 31m

Encore: Examining the current state of security orchestration. [CyberWire-X]

Jan 15, 2024 • 32m

Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]

Jan 14, 2024 • 5m

Dual Russian cyber gangs hit 23 companies. [Research Saturday]

Jan 13, 2024 • 18m

Casting a wider hiring net.

Jan 12, 2024 • 35m

Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.

Jan 11, 2024 • 32m

A pivotal global menace.

Jan 10, 2024 • 33m

Swatting on the rise.

Jan 9, 2024 • 30m

A conclusion on the xDedic Marketplace investigation.

Jan 8, 2024 • 29m

Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]

Jan 7, 2024 • 5m

Diving deep into Phobos ransomware. [Research Saturday]

Jan 6, 2024 • 24m

Disruptions to the internet.

Jan 5, 2024 • 31m

Russian hackers hide in Ukraine telecoms for months.

Jan 4, 2024 • 32m

A digital disappearance in Utah.

Jan 3, 2024 • 30m

Apple's clickless exploit.

Jan 2, 2024 • 31m

Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]

Jan 1, 2024 • 28m

Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]

Dec 31, 2023 • 4m

Encore: What malicious campaign is lurking under the surface? [Research Saturday]

Dec 30, 2023 • 23m

T-Minus Overview- Space Cybersecurity. [t-minus]

Dec 29, 2023 • 20m

Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]

Dec 28, 2023 • 43m

NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]

Dec 27, 2023 • 1h 8m

Encore: Active visibility into OT systems. [Control Loop]

Dec 27, 2023 • 42m

Artificial Intelligence: Insights & Oddities [8th Layer Insights]

Dec 26, 2023 • 1h 5m

“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]

Dec 26, 2023 • 1h 1m

Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]

Dec 25, 2023 • 19m

The CyberWire: The 12 Days of Malware. [Special Edition]

Dec 23, 2023 • 7m

Sentenced to hospital detention.

Dec 22, 2023 • 29m

Kingdom come, kingdom fall.

Dec 21, 2023 • 27m

Leading the charge in cybercrime take downs.

Dec 20, 2023 • 34m

A dark web take down.

Dec 19, 2023 • 35m

14 million customers and stolen data.

Dec 18, 2023 • 29m

Oren Koren: Crossing music and cybersecurity. [Career Notes]

Dec 17, 2023 • 8m

Shedding light on fighting Ursa. [Research Saturday]

Dec 16, 2023 • 22m

Remapping privacy.

Dec 15, 2023 • 30m

Taking down the storm.

Dec 14, 2023 • 30m

The United Kingdom's catastrophic ransomware attack.

Dec 13, 2023 • 30m

An internet blackout.

Dec 12, 2023 • 32m

China sets sights on US critical infrastructure.

Dec 11, 2023 • 36m

Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]

Dec 10, 2023 • 4m

AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]

Dec 9, 2023 • 38m

On the hunt for popping up kernel drives. [Research Saturday]

Dec 9, 2023 • 15m

Russia here, Russia there, Russia everywhere.

Dec 8, 2023 • 32m

New vulnerability packs a punch.

Dec 7, 2023 • 34m

Push notifications pushing surveillance.

Dec 6, 2023 • 25m

Sleeper malware denied at Sellafield nuclear site.

Dec 5, 2023 • 23m

Iran behind attacks on PLCs.

Dec 4, 2023 • 19m

Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]

Dec 3, 2023 • 8m

Exploits and vulnerabilities. [Research Saturday]

Dec 2, 2023 • 18m

Wyden blocks the senate vote.

Dec 1, 2023 • 21m

Widespread exploitation of severe vulnerability in ownCloud.

Nov 30, 2023 • 26m

Major crackdown on international cybersecurity.

Nov 29, 2023 • 28m

Hospitals on the hotplate after ransomware attacks.

Nov 28, 2023 • 24m

Hacktivists assemble to attack Pennsylvania water utility.

Nov 27, 2023 • 20m

Chris Hare: Find just three people. [Development] [Career Notes]

Nov 26, 2023 • 7m

Encore: Another infection with new malware. [Research Saturday]

Nov 25, 2023 • 19m

Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]

Nov 24, 2023 • 24m

Cops in the catfish game. [Hacking Humans Goes to the Movies]

Nov 23, 2023 • 29m

On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.

Nov 22, 2023 • 23m

Threat actors with mixed motives: from the political to the financial.

Nov 21, 2023 • 22m

Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.

Nov 20, 2023 • 19m

Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]

Nov 19, 2023 • 8m

Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]

Nov 19, 2023 • 50m

The malicious YoroTrooper in disguise. [Research Saturday]

Nov 18, 2023 • 16m

AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]

Nov 18, 2023 • 33m

Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.

Nov 17, 2023 • 31m

Shopping during wartime? Focus, people.

Nov 16, 2023 • 29m

Examining the current state of security orchestration. [CyberWire-X]

Nov 16, 2023 • 32m

A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.

Nov 15, 2023 • 30m

The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.

Nov 14, 2023 • 28m

Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.

Nov 13, 2023 • 27m

Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]

Nov 12, 2023 • 8m

CSO Perspectives Bonus: Veterans Day special.

Nov 10, 2023 • 17m

Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.

Nov 9, 2023 • 33m

No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.

Nov 8, 2023 • 27m

Cybercriminals at the service of the state, and an array of new underworld tools.

Nov 7, 2023 • 28m

Precautions, preparations, and resilience against cybercrime and hacktivism.

Nov 6, 2023 • 30m

CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]

Nov 5, 2023 • 44m

Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]

Nov 5, 2023 • 8m

Sandman doesn't slow malware down. [Research Saturday]

Nov 4, 2023 • 22m

In the offense-defense see-saw, the defense seems to be rising.

Nov 3, 2023 • 33m

The beginning of an international consensus on AI governance may be emerging from Bletchley Park.

Nov 2, 2023 • 31m

Hacktivism in two hybrid wars (with an excursus on gastropods).

Nov 1, 2023 • 28m

What would it take to get you kids into a nice, late-model malware mealkit?

Oct 31, 2023 • 26m

Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)

Oct 30, 2023 • 28m

The Malware Mash! [Bonus]

Oct 30, 2023 • 3m

Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]

Oct 29, 2023 • 8m

No rest for the wicked HiatusRAT. [Research Saturday]

Oct 28, 2023 • 23m

Social engineering as a blunt instrument–almost like swatting without the middleman.

Oct 27, 2023 • 28m

Some intelligence services understand the value of being underestimated.

Oct 26, 2023 • 30m

AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.

Oct 25, 2023 • 30m

Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.

Oct 24, 2023 • 28m

How people get over on the content moderators.

Oct 23, 2023 • 30m

Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]

Oct 22, 2023 • 8m

AMBERSQUID hides in the depths. [Research Saturday]

Oct 21, 2023 • 17m

Disinformation and its often overlooked potential for denial-of-services.

Oct 20, 2023 • 32m

Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.

Oct 19, 2023 • 31m

Hacktivist discipline is inversely correlated with sincerity of commitment.

Oct 18, 2023 • 35m

Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.

Oct 17, 2023 • 30m

Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.

Oct 16, 2023 • 30m

Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]

Oct 15, 2023 • 7m

Unwanted guests harvest your information. [Research Saturday]

Oct 14, 2023 • 17m

Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.

Oct 13, 2023 • 28m

Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.

Oct 12, 2023 • 33m

Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.

Oct 11, 2023 • 27m

The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.

Oct 10, 2023 • 32m

Solution spotlight: Paths to cybersecurity. [Interview Select]

Oct 9, 2023 • 21m

Susie Squier: You're never alone. [President] [Career Notes]

Oct 8, 2023 • 8m

Targets from DuckTail. [Research Saturday]

Oct 7, 2023 • 15m

Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.

Oct 6, 2023 • 30m

Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.

Oct 5, 2023 • 25m

A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.

Oct 4, 2023 • 25m

Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.

Oct 3, 2023 • 25m

Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.

Oct 2, 2023 • 28m

Ted Wagner: Get that hands on experience. [CISO] [Career Notes]

Oct 1, 2023 • 8m

Downloading cracked software. [Research Saturday]

Sep 30, 2023 • 17m

Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.

Sep 29, 2023 • 26m

Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.

Sep 28, 2023 • 28m

What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.

Sep 27, 2023 • 33m

Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.

Sep 26, 2023 • 23m

Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.

Sep 25, 2023 • 30m

Threat intelligence discussion with Chris Krebs. [Special Edition]

Sep 25, 2023 • 15m

Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]

Sep 24, 2023 • 7m

Behind the Google shopping ad masks. [Research Saturday]

Sep 23, 2023 • 14m

Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.

Sep 22, 2023 • 32m

Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.

Sep 21, 2023 • 30m

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.

Sep 20, 2023 • 31m

Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.

Sep 19, 2023 • 27m

A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.

Sep 18, 2023 • 27m

Karl Mattson: Defer gratification. (CISO) [Career Notes]

Sep 17, 2023 • 7m

A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]

Sep 16, 2023 • 40m

Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.

Sep 15, 2023 • 31m

Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.

Sep 14, 2023 • 25m

How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.

Sep 13, 2023 • 26m

Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”

Sep 12, 2023 • 32m

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..

Sep 11, 2023 • 31m

Caroline Wong: A passion for teaching. [CSO] [Career Notes]

Sep 10, 2023 • 8m

No honor in being a criminal. [Research Saturday]

Sep 9, 2023 • 17m

Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.

Sep 8, 2023 • 30m

Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.

Sep 7, 2023 • 27m

Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.

Sep 6, 2023 • 31m

In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.

Sep 5, 2023 • 28m

Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]

Sep 4, 2023 • 12m

Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]

Sep 3, 2023 • 8m

Thwarting Muddled Libra. [Research Saturday]

Sep 2, 2023 • 30m

DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.

Sep 1, 2023 • 31m

GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.

Aug 31, 2023 • 27m

An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.

Aug 30, 2023 • 29m

A joint advisory on post-quantum readiness. [Special Edition]

Aug 30, 2023 • 22m

Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.

Aug 29, 2023 • 25m

DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.

Aug 28, 2023 • 27m

Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]

Aug 27, 2023 • 7m

Google's not being ghosted from vulnerabilities. [Research Saturday]

Aug 26, 2023 • 17m

Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.

Aug 25, 2023 • 26m

Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.

Aug 24, 2023 • 27m

A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.

Aug 23, 2023 • 29m

A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.

Aug 22, 2023 • 29m

DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.

Aug 21, 2023 • 23m

Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]

Aug 20, 2023 • 7m

Politicians targeted by RomCom. [Research Saturday]

Aug 19, 2023 • 22m

Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.

Aug 18, 2023 • 29m

A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.

Aug 17, 2023 • 31m

China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.

Aug 16, 2023 • 30m

Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.

Aug 15, 2023 • 27m

Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.

Aug 14, 2023 • 27m

Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]

Aug 13, 2023 • 10m

It's raining credentials. [Research Saturday]

Aug 12, 2023 • 18m

Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.

Aug 11, 2023 • 31m

A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.

Aug 10, 2023 • 31m

Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.

Aug 9, 2023 • 29m

Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.

Aug 8, 2023 • 28m

Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.

Aug 7, 2023 • 28m

Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]

Aug 6, 2023 • 7m

Who is that stealing my credentials? [Research Saturday]

Aug 5, 2023 • 16m

2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.

Aug 4, 2023 • 27m

Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.

Aug 3, 2023 • 29m

An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.

Aug 2, 2023 • 24m

Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.

Aug 1, 2023 • 29m

The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.

Jul 31, 2023 • 26m

Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]

Jul 30, 2023 • 6m

Phishing for leeches. [Research Saturday]

Jul 29, 2023 • 19m

A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.

Jul 28, 2023 • 31m

Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites

Jul 27, 2023 • 28m

A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.

Jul 26, 2023 • 26m

Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.

Jul 25, 2023 • 25m

DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.

Jul 24, 2023 • 24m

Don Welch: Being a good leader. [CIO] [Career Notes]

Jul 23, 2023 • 8m

Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]

Jul 23, 2023 • 30m

Welcome to New York, it's been waitin' for you. [Research Saturday]

Jul 22, 2023 • 18m

Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).

Jul 21, 2023 • 23m

Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.

Jul 20, 2023 • 28m

Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.

Jul 19, 2023 • 29m

Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).

Jul 18, 2023 • 30m

Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.

Jul 17, 2023 • 25m

Jennifer Addie: Finding creative solutions. [COO] [Career Notes]

Jul 16, 2023 • 8m

SCARLETEEL zaps back again. [Research Saturday]

Jul 15, 2023 • 17m

Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.

Jul 14, 2023 • 30m

Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.

Jul 13, 2023 • 32m

Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.

Jul 12, 2023 • 32m

Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.

Jul 11, 2023 • 27m

New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.

Jul 10, 2023 • 31m

Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]

Jul 9, 2023 • 9m

Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]

Jul 9, 2023 • 32m

Creating PANDA-monium. [Research Saturday]

Jul 8, 2023 • 17m

Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.

Jul 7, 2023 • 30m

The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.

Jul 6, 2023 • 26m

Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.

Jul 5, 2023 • 25m

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Jul 4, 2023 • 35m

Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.

Jul 3, 2023 • 26m

Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]

Jul 2, 2023 • 8m

The power behind artificial intelligence. [Research Saturday]

Jul 1, 2023 • 18m

CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.

Jun 30, 2023 • 31m

Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.

Jun 29, 2023 • 29m

Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.

Jun 28, 2023 • 28m

Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.

Jun 27, 2023 • 27m

Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.

Jun 26, 2023 • 30m

Slavik Markovich: Time is of the essence. [CEO] [Career Notes]

Jun 25, 2023 • 6m

Unleashing the crypto gold rush. [Research Saturday]

Jun 24, 2023 • 23m

Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.

Jun 23, 2023 • 34m

Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.

Jun 22, 2023 • 31m

A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.

Jun 21, 2023 • 28m

Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.

Jun 20, 2023 • 28m

Lorna Mahlock: Build bridges. [Combat support] [Career Notes]

Jun 18, 2023 • 7m

Managing machine learning risks. [Research Saturday]

Jun 17, 2023 • 18m

The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.

Jun 16, 2023 • 31m

Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.

Jun 15, 2023 • 28m

CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.

Jun 15, 2023 • 2m

A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.

Jun 14, 2023 • 22m

CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.

Jun 13, 2023 • 29m

Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.

Jun 12, 2023 • 28m

Nadir Izrael: Play to your strengths. [CTO] [Career Notes]

Jun 11, 2023 • 7m

A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]

Jun 10, 2023 • 19m

“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.

Jun 9, 2023 • 30m

CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

Jun 9, 2023 • 2m

ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.

Jun 8, 2023 • 28m

PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.

Jun 7, 2023 • 26m

Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.

Jun 6, 2023 • 30m

Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.

Jun 5, 2023 • 25m

Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]

Jun 4, 2023 • 7m

Lancefly screams bloody Merdoor.

Jun 3, 2023 • 16m

Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.

Jun 2, 2023 • 30m

Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.

Jun 1, 2023 • 26m

Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.

May 31, 2023 • 26m

Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.

May 30, 2023 • 24m

Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]

May 28, 2023 • 8m

8 GoAnywhere MFT breaches and counting. [Research Saturday]

May 27, 2023 • 17m

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.

May 26, 2023 • 26m

Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.

May 25, 2023 • 32m

CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]

May 25, 2023 • 2m

Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.

May 24, 2023 • 26m

BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.

May 23, 2023 • 29m

Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.

May 22, 2023 • 27m

Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]

May 22, 2023 • 39m

Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

May 21, 2023 • 8m

Dangerous vulnerabilities in H.264 decoders. [Research Saturday]

May 20, 2023 • 24m

Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.

May 19, 2023 • 27m

BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.

May 18, 2023 • 25m

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]

May 18, 2023 • 2m

A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.

May 17, 2023 • 28m

What is data centric security and why should anyone care? [CyberWire-X]

May 17, 2023 • 33m

DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.

May 16, 2023 • 26m

Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.

May 15, 2023 • 32m

Steve Benton: Mixing like a DJ. [VP] [Career Notes]

May 14, 2023 • 7m

Running away from operation Tainted Love. [Research Saturday]

May 13, 2023 • 22m

CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.

May 12, 2023 • 2m

Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.

May 12, 2023 • 27m

Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.

May 11, 2023 • 24m

CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.

May 11, 2023 • 3m

Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.

May 10, 2023 • 27m

State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.

May 9, 2023 • 25m

Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.

May 8, 2023 • 26m

Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]

May 7, 2023 • 8m

Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]

May 6, 2023 • 20m

DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.

May 5, 2023 • 37m

Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.

May 4, 2023 • 30m

Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.

May 3, 2023 • 33m

From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)

May 2, 2023 • 31m

FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.

May 1, 2023 • 34m

Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]

Apr 30, 2023 • 8m

HinataBot focuses on DDoS attack. [Research Saturday]

Apr 29, 2023 • 27m

What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?

Apr 28, 2023 • 28m

Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)

Apr 27, 2023 • 28m

BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.

Apr 26, 2023 • 29m

BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.

Apr 25, 2023 • 31m

Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

Apr 24, 2023 • 27m

Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.

Apr 23, 2023 • 22m

Maria Varmazis: Combining cyber and space. [Space] [Career Notes]

Apr 23, 2023 • 7m

Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]

Apr 22, 2023 • 19m

Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.

Apr 21, 2023 • 30m

Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.

Apr 20, 2023 • 28m

CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.

Apr 20, 2023 • 2m

Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”

Apr 19, 2023 • 29m

A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]

Apr 19, 2023 • 25m

Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.

Apr 18, 2023 • 28m

Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?

Apr 17, 2023 • 30m

Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]

Apr 16, 2023 • 8m

New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]

Apr 15, 2023 • 14m

"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.

Apr 14, 2023 • 29m

Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.

Apr 13, 2023 • 30m

Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.

Apr 12, 2023 • 29m

IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.

Apr 11, 2023 • 28m

A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.

Apr 10, 2023 • 28m

Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]

Apr 9, 2023 • 9m

A dark side to LLMs. [Research Saturday]

Apr 8, 2023 • 17m

Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.

Apr 7, 2023 • 30m

New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.

Apr 6, 2023 • 28m

Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.

Apr 5, 2023 • 25m

Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.

Apr 4, 2023 • 28m

"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.

Apr 3, 2023 • 30m

Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]

Apr 2, 2023 • 6m

Blackfly flies back again. [Research Saturday]

Apr 1, 2023 • 13m

A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.

Mar 31, 2023 • 28m

A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.

Mar 30, 2023 • 28m

Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.

Mar 29, 2023 • 23m

Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.

Mar 28, 2023 • 23m

Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.

Mar 27, 2023 • 30m

An introduction to the National Cryptologic Museum. [Special Edition]

Mar 27, 2023 • 27m

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

Mar 26, 2023 • 35m

Tanya Janca: Find a community who supports you. [CEO] [Career Notes]

Mar 26, 2023 • 8m

Popunders are not the good kind of ads. [Research Saturday]

Mar 25, 2023 • 24m

Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.

Mar 24, 2023 • 28m

Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.

Mar 23, 2023 • 26m

Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.

Mar 22, 2023 • 27m

Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.

Mar 21, 2023 • 27m

Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.

Mar 20, 2023 • 27m

Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]

Mar 19, 2023 • 7m

CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.

Mar 18, 2023 • 2m

ChatGPT grants malicious wishes? [Research Saturday]

Mar 18, 2023 • 16m

Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.

Mar 17, 2023 • 30m

CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.

Mar 16, 2023 • 29m

CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]

Mar 16, 2023 • 2m

Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).

Mar 15, 2023 • 26m

Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.

Mar 14, 2023 • 25m

Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.

Mar 13, 2023 • 28m

Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]

Mar 12, 2023 • 7m

Files stolen from a sneaky SymStealer. [Research Saturday]

Mar 11, 2023 • 13m

Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.

Mar 10, 2023 • 25m

PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.

Mar 9, 2023 • 27m

Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.

Mar 8, 2023 • 26m

A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.

Mar 7, 2023 • 27m

That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.

Mar 6, 2023 • 28m

Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]

Mar 5, 2023 • 8m

New exploits are tricking Chrome. [Research Saturday]

Mar 4, 2023 • 15m

More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.

Mar 3, 2023 • 24m

CISA Alert AA23-061A – #StopRansomware: Royal ransomware.

Mar 3, 2023 • 2m

CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]

Mar 3, 2023 • 2m

CyberWire commentary: Ukraine one year on. [Special Edition]

Mar 3, 2023 • 25m

The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.

Mar 2, 2023 • 25m

How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.

Mar 1, 2023 • 23m

Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.

Feb 28, 2023 • 26m

Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.

Feb 27, 2023 • 25m

Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]

Feb 26, 2023 • 7m

The next hot AI scam. [Research Saturday]

Feb 25, 2023 • 25m

A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.

Feb 24, 2023 • 30m

Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.

Feb 23, 2023 • 29m

Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.

Feb 22, 2023 • 28m

GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?

Feb 21, 2023 • 28m

Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]

Feb 20, 2023 • 21m

Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]

Feb 19, 2023 • 7m

Implementing and achieving security resilience. [Research Saturday]

Feb 18, 2023 • 20m

FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.

Feb 17, 2023 • 31m

APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.

Feb 16, 2023 • 25m

A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.

Feb 15, 2023 • 28m

Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.

Feb 14, 2023 • 27m

Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.

Feb 13, 2023 • 24m

Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]

Feb 12, 2023 • 7m

Knocking down the legs of the industrial security triad. [Research Saturday]

Feb 11, 2023 • 19m

US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)

Feb 10, 2023 • 29m

CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]

Feb 10, 2023 • 3m

Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.

Feb 9, 2023 • 29m

CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]

Feb 9, 2023 • 2m

An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.

Feb 8, 2023 • 29m

Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.

Feb 7, 2023 • 27m

Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.

Feb 6, 2023 • 24m

Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]

Feb 5, 2023 • 8m

“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]

Feb 5, 2023 • 26m

Can ransomware turn machines against us? [Research Saturday]

Feb 4, 2023 • 18m

Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.

Feb 3, 2023 • 28m

Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.

Feb 2, 2023 • 30m

How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.

Feb 1, 2023 • 31m

The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.

Jan 31, 2023 • 29m

Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?

Jan 30, 2023 • 25m

Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[

Jan 29, 2023 • 8m

Interview with the AI, part one. [Special Editions]

Jan 29, 2023 • 27m

Flagging firmware vulnerabilities. [Research Saturday]

Jan 28, 2023 • 15m

An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.

Jan 27, 2023 • 25m

Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.

Jan 26, 2023 • 27m

CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]

Jan 26, 2023 • 2m

TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.

Jan 25, 2023 • 29m

Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]

Jan 25, 2023 • 1h 0m

Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.

Jan 24, 2023 • 28m

Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.

Jan 23, 2023 • 25m

Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]

Jan 22, 2023 • 8m

The power of web data in cybersecurity. [CyberWire-X]

Jan 22, 2023 • 28m

Billbug infests government agencies. [Research Saturday]

Jan 21, 2023 • 14m

Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.

Jan 20, 2023 • 28m

Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.

Jan 19, 2023 • 28m

ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.

Jan 18, 2023 • 31m

Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”

Jan 17, 2023 • 23m

Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]

Jan 16, 2023 • 37m

Gene Fay: Lead from the front. [CEO] [Career Notes]

Jan 15, 2023 • 7m

DUCKTAIL waddles back again. [Research Saturday]

Jan 14, 2023 • 21m

Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.

Jan 13, 2023 • 27m

Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.

Jan 12, 2023 • 24m

Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.

Jan 11, 2023 • 30m

Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.

Jan 10, 2023 • 26m

Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”

Jan 9, 2023 • 29m

Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]

Jan 8, 2023 • 7m

Stealer malware from Russia. [Research Saturday]

Jan 7, 2023 • 17m

CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.

Jan 6, 2023 • 29m

PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.

Jan 5, 2023 • 28m

Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.

Jan 4, 2023 • 25m

DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.

Jan 3, 2023 • 27m

Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]

Jan 3, 2023 • 43m

Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]

Jan 2, 2023 • 46m

Encore: LemonDucks evading detection.

Dec 31, 2022 • 15m

Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.

Dec 30, 2022 • 10m

Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]

Dec 29, 2022 • 34m

Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.

Dec 28, 2022 • 8m

Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.

Dec 27, 2022 • 14m

Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.

Dec 26, 2022 • 7m

The CyberWire: The 12 Days of Malware.[Special Editions]

Dec 25, 2022 • 7m

Encore: Vulnerabilities in IoT devices.

Dec 24, 2022 • 22m

PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.

Dec 23, 2022 • 29m

Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.

Dec 22, 2022 • 28m

Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.

Dec 21, 2022 • 27m

Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.

Dec 20, 2022 • 24m

BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.

Dec 19, 2022 • 26m

Strategies to get the most out of your toolsets. [CyberWire-X]

Dec 18, 2022 • 39m

Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]

Dec 18, 2022 • 7m

Hijacking holiday spirit with phishing scams. [Research Saturday]

Dec 17, 2022 • 19m

Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.

Dec 16, 2022 • 29m

Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.

Dec 15, 2022 • 29m

InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.

Dec 14, 2022 • 28m

Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.

Dec 13, 2022 • 25m

Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.

Dec 12, 2022 • 26m

Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]

Dec 11, 2022 • 32m

Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]

Dec 11, 2022 • 9m

Cybersecurity during the World Cup. [Research Saturday]

Dec 10, 2022 • 25m

Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.

Dec 9, 2022 • 30m

The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.

Dec 8, 2022 • 27m

Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..

Dec 7, 2022 • 27m

CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]

Dec 7, 2022 • 2m

Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.

Dec 6, 2022 • 28m

Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.

Dec 5, 2022 • 24m

Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]

Dec 4, 2022 • 8m

Old malware returns in a new way. [Research Saturday]

Dec 3, 2022 • 24m

Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.

Dec 2, 2022 • 25m

Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.

Dec 1, 2022 • 29m

LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.

Nov 30, 2022 • 25m

DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.

Nov 29, 2022 • 24m

Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”

Nov 28, 2022 • 28m

Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]

Nov 27, 2022 • 7m

Encore: The secrets behind Docker.

Nov 26, 2022 • 20m

Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]

Nov 25, 2022 • 16m

Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]

Nov 24, 2022 • 5m

Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.

Nov 23, 2022 • 23m

Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

Nov 22, 2022 • 21m

Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.

Nov 21, 2022 • 24m

Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]

Nov 20, 2022 • 8m

Another infection with new malware. [Research Saturday]

Nov 19, 2022 • 19m

Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.

Nov 18, 2022 • 26m

CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]

Nov 18, 2022 • 3m

Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.

Nov 17, 2022 • 25m

Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022

Nov 16, 2022 • 25m

CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]

Nov 16, 2022 • 2m

An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.

Nov 15, 2022 • 25m

Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).

Nov 14, 2022 • 28m

Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]

Nov 13, 2022 • 8m

An in-depth look on the Crytox ransomware family. [Research Saturday]

Nov 12, 2022 • 14m

CSO Perspectives Bonus: Veterans Day special.

Nov 11, 2022 • 17m

US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.

Nov 10, 2022 • 32m

A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.

Nov 9, 2022 • 21m

Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.

Nov 8, 2022 • 27m

Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.

Nov 7, 2022 • 26m

Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]

Nov 6, 2022 • 9m

Over-the-air 0-day vulnerabilities. [Research Saturday]

Nov 5, 2022 • 21m

Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.

Nov 4, 2022 • 25m

“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?

Nov 3, 2022 • 27m

OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.

Nov 2, 2022 • 28m

OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.

Nov 1, 2022 • 26m

Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.

Oct 31, 2022 • 26m

Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]

Oct 30, 2022 • 9m

Bugs and working from home. [Research Saturday]

Oct 29, 2022 • 27m

Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.

Oct 28, 2022 • 29m

The Malware Mash! [Bonus]

Oct 28, 2022 • 3m

CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.

Oct 27, 2022 • 28m

Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.

Oct 26, 2022 • 26m

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.

Oct 25, 2022 • 21m

US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.

Oct 24, 2022 • 26m

CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]

Oct 24, 2022 • 2m

Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]

Oct 23, 2022 • 8m

New tools target governments in Middle East? [Research Saturday]

Oct 22, 2022 • 17m

Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.

Oct 21, 2022 • 29m

Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.

Oct 20, 2022 • 28m

Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.

Oct 19, 2022 • 24m

Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.

Oct 18, 2022 • 28m

Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.

Oct 17, 2022 • 29m

Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]

Oct 16, 2022 • 8m

Cyber confidence: Knowing what you have and where it is. [CyberWire-X]

Oct 16, 2022 • 29m

Noberus ransomware: evolving tactics. [Research Saturday]

Oct 15, 2022 • 21m

Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.

Oct 14, 2022 • 27m

What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.

Oct 13, 2022 • 22m

Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.

Oct 12, 2022 • 24m

An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.

Oct 11, 2022 • 26m

CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]

Oct 10, 2022 • 20m

Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]

Oct 10, 2022 • 33m

Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]

Oct 9, 2022 • 8m

Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]

Oct 9, 2022 • 36m

Google Drive used for malware? [Research Saturday]

Oct 8, 2022 • 22m

A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.

Oct 7, 2022 • 28m

CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.

Oct 7, 2022 • 2m

Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.

Oct 6, 2022 • 26m

Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.

Oct 5, 2022 • 27m

CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.

Oct 4, 2022 • 2m

CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.

Oct 4, 2022 • 32m

Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.

Oct 3, 2022 • 30m

The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]

Oct 2, 2022 • 28m

Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

Oct 2, 2022 • 8m

Targeting your browser bookmarks? [Research Saturday]

Oct 1, 2022 • 18m

Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.

Sep 30, 2022 • 30m

Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

Sep 29, 2022 • 23m

DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.

Sep 28, 2022 • 29m

Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.

Sep 27, 2022 • 23m

Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.

Sep 26, 2022 • 25m

Adam Marrè: Learning to be a leader. [CISO] [Career Notes]

Sep 25, 2022 • 9m

Keeping an eye on RDS vulnerabilities. [Research Saturday]

Sep 24, 2022 • 16m

Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.

Sep 23, 2022 • 28m

GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.

Sep 22, 2022 • 29m

CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]

Sep 22, 2022 • 3m

CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]

Sep 22, 2022 • 3m

A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.

Sep 21, 2022 • 27m

An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.

Sep 20, 2022 • 27m

An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.

Sep 19, 2022 • 24m

Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]

Sep 18, 2022 • 8m

An increase in bypassing bot management? [Research Saturday]

Sep 17, 2022 • 14m

Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.

Sep 16, 2022 • 29m

CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]

Sep 15, 2022 • 2m

Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.

Sep 15, 2022 • 30m

Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).

Sep 14, 2022 • 30m

A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]

Sep 13, 2022 • 22m

Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.

Sep 13, 2022 • 30m

Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.

Sep 12, 2022 • 26m

Mark Logan: March towards your goals. [CEO] [Career Notes]

Sep 11, 2022 • 9m

A CSO's 9/11 Story: CSO Perspectives Bonus.

Sep 11, 2022 • 28m

Evilnum APT returns with new targets. [Research Saturday]

Sep 10, 2022 • 21m

Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.

Sep 9, 2022 • 31m

Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.

Sep 8, 2022 • 27m

Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.

Sep 7, 2022 • 24m

CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]

Sep 6, 2022 • 3m

Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.

Sep 6, 2022 • 30m

New CISO responsibilities: supply chain. [CSO Perspectives]

Sep 5, 2022 • 25m

Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]

Sep 4, 2022 • 8m

LockBit's contradiction on encryption speed. [Research Saturday]

Sep 3, 2022 • 19m

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.

Sep 2, 2022 • 28m

News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.

Sep 1, 2022 • 30m

Securing multi-cloud identity with orchestration. [CyberWire-X]

Sep 1, 2022 • 31m

Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.

Aug 31, 2022 • 25m

Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.

Aug 30, 2022 • 24m

How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.

Aug 29, 2022 • 23m

David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]

Aug 28, 2022 • 6m

How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]

Aug 27, 2022 • 24m

A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.

Aug 26, 2022 • 26m

Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.

Aug 25, 2022 • 26m

Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.

Aug 24, 2022 • 27m

Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.

Aug 23, 2022 • 27m

Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.

Aug 22, 2022 • 21m

Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]

Aug 21, 2022 • 9m

Clipminer: Making millions off of malware. [Research Saturday]

Aug 20, 2022 • 16m

Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.

Aug 19, 2022 • 30m

BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.

Aug 18, 2022 • 28m

Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.

Aug 17, 2022 • 25m

CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}

Aug 17, 2022 • 2m

Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.

Aug 16, 2022 • 26m

Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.

Aug 15, 2022 • 25m

Red teamer's perspective on demotivating attackers. [CyberWire-X]

Aug 14, 2022 • 26m

Christian Lees: it's not always textbook. [CTO] [Career Notes]

Aug 14, 2022 • 8m

Fake job ads and how to spot them. [Research Saturday]

Aug 13, 2022 • 18m

The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.

Aug 12, 2022 • 26m

CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}

Aug 11, 2022 • 3m

Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.

Aug 11, 2022 • 26m

Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.

Aug 10, 2022 • 32m

Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.

Aug 9, 2022 • 27m

Cybersecurity is a team sport. [CyberWire-X]

Aug 9, 2022 • 33m

Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.

Aug 8, 2022 • 25m

Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]

Aug 7, 2022 • 8m

Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]

Aug 6, 2022 • 15m

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.

Aug 5, 2022 • 28m

Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.

Aug 4, 2022 • 26m

CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]

Aug 4, 2022 • 3m

Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.

Aug 3, 2022 • 29m

Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?

Aug 2, 2022 • 27m

KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.

Aug 1, 2022 • 27m

Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]

Jul 31, 2022 • 7m

What malicious campaign is lurking under the surface? [Research Saturday]

Jul 30, 2022 • 21m

Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.

Jul 29, 2022 • 26m

SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.

Jul 28, 2022 • 23m

The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.

Jul 27, 2022 • 25m

LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.

Jul 26, 2022 • 26m

The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.

Jul 25, 2022 • 26m

The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]

Jul 24, 2022 • 26m

Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]

Jul 24, 2022 • 6m

Has GOLD SOUTHFIELD resumed operations? [Research Saturday]

Jul 23, 2022 • 21m

Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”

Jul 22, 2022 • 28m

Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.

Jul 21, 2022 • 28m

Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.

Jul 20, 2022 • 30m

Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.

Jul 19, 2022 • 29m

Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.

Jul 18, 2022 • 24m

Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]

Jul 17, 2022 • 28m

Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]

Jul 17, 2022 • 6m

A record breaking DDoS attack. [Research Saturday]

Jul 16, 2022 • 24m

A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]

Jul 15, 2022 • 34m

Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.

Jul 15, 2022 • 34m

Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.

Jul 14, 2022 • 29m

AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.

Jul 13, 2022 • 27m

High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.

Jul 12, 2022 • 27m

DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.

Jul 11, 2022 • 26m

Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]

Jul 10, 2022 • 7m

Information operations during a war. [Research Saturday]

Jul 9, 2022 • 19m

An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.

Jul 8, 2022 • 26m

Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.

Jul 7, 2022 • 31m

CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]

Jul 6, 2022 • 2m

Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.

Jul 6, 2022 • 29m

Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.

Jul 5, 2022 • 29m

Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]

Jul 4, 2022 • 59m

Could REvil have a copycat? [Research Saturday]

Jul 2, 2022 • 14m

Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.

Jul 1, 2022 • 29m

CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]

Jun 30, 2022 • 3m

Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.

Jun 30, 2022 • 29m

Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.

Jun 29, 2022 • 29m

DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?

Jun 28, 2022 • 28m

Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.

Jun 27, 2022 • 24m

Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]

Jun 26, 2022 • 7m

Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]

Jun 25, 2022 • 21m

Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection

Jun 24, 2022 • 28m

CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]

Jun 24, 2022 • 3m

Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.

Jun 23, 2022 • 28m

A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.

Jun 22, 2022 • 28m

Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.

Jun 21, 2022 • 29m

Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.

Jun 20, 2022 • 16m

Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]

Jun 19, 2022 • 7m

Dissecting the Spring4Shell vulnerability. [Research Saturday]

Jun 18, 2022 • 22m

Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.

Jun 17, 2022 • 30m

Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.

Jun 16, 2022 • 27m

Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.

Jun 15, 2022 • 28m

Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.

Jun 14, 2022 • 25m

A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.

Jun 13, 2022 • 26m

Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]

Jun 12, 2022 • 8m

New developments in the WSL attack. [Research Saturday]

Jun 11, 2022 • 22m

The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.

Jun 10, 2022 • 31m

Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.

Jun 9, 2022 • 27m

Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.

Jun 8, 2022 • 29m

CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]

Jun 8, 2022 • 3m

Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus

Jun 7, 2022 • 25m

Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."

Jun 6, 2022 • 27m

Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]

Jun 5, 2022 • 8m

Defining the intruder’s dilemma. [CyberWire-X]

Jun 5, 2022 • 33m

LemonDucks evading detection. [Research Saturday]

Jun 4, 2022 • 15m

Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.

Jun 3, 2022 • 26m

Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.

Jun 2, 2022 • 23m

CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]

Jun 1, 2022 • 2m

Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!

Jun 1, 2022 • 23m

Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.

May 31, 2022 • 26m

Introducing Control Loop, the industrial cybersecurity podcast. [Trailer]

May 30, 2022 • 1m

Michael Scott: A team of humble intellects. [Information security] [Career Notes]

May 29, 2022 • 7m

Compromised military tech? [Research Saturday]

May 28, 2022 • 19m

Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.

May 27, 2022 • 23m

"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.

May 26, 2022 • 24m

More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.

May 25, 2022 • 26m

Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?

May 24, 2022 • 27m

A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.

May 23, 2022 • 23m

Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]

May 22, 2022 • 8m

AutoWarp bug leads to Automation headaches. [Research Saturday]

May 21, 2022 • 18m

Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.

May 20, 2022 • 29m

CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]

May 20, 2022 • 3m

Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.

May 19, 2022 • 29m

CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]

May 19, 2022 • 3m

Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.

May 18, 2022 • 24m

CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]

May 17, 2022 • 2m

Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.

May 17, 2022 • 27m

Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.

May 16, 2022 • 24m

The current state of zero trust. [CyberWire-X]

May 15, 2022 • 31m

Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]

May 15, 2022 • 6m

Vulnerabilities in IoT devices. [Research Saturday]

May 14, 2022 • 22m

War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.

May 13, 2022 • 23m

Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.

May 12, 2022 • 25m

CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]

May 12, 2022 • 3m

Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.

May 11, 2022 • 24m

Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.

May 10, 2022 • 28m

Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.

May 9, 2022 • 25m

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

May 8, 2022 • 7m

Attacking where vulnerable. [Research Saturday]

May 7, 2022 • 15m

Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).

May 6, 2022 • 20m

Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.

May 5, 2022 • 22m

More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.

May 4, 2022 • 27m

Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.

May 3, 2022 • 23m

The future of security validation – what next? [CyberWire-X]

May 3, 2022 • 28m

Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.

May 2, 2022 • 24m

DevSecOps and securing the container. [CyberWire-X]

May 1, 2022 • 31m

Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

May 1, 2022 • 7m

Attackers coming in from the Backdoor? [Research Saturday]

Apr 30, 2022 • 21m

Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.

Apr 29, 2022 • 25m

Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.

Apr 28, 2022 • 23m

Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.

Apr 27, 2022 • 21m

Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.

Apr 26, 2022 • 27m

Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.

Apr 25, 2022 • 22m

Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]

Apr 24, 2022 • 7m

BABYSHARK is swimming again! [Research Saturday]

Apr 23, 2022 • 35m

The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.

Apr 22, 2022 • 29m

Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.

Apr 21, 2022 • 21m

Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.

Apr 20, 2022 • 25m

In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.

Apr 19, 2022 • 23m

Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.

Apr 18, 2022 • 24m

CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]

Apr 17, 2022 • 39m

Satya Gupta: Rising to your contribution. [CTO] [Career Notes]

Apr 17, 2022 • 8m

A fight to defend Taiwan financial institutions. [Research Saturday]

Apr 16, 2022 • 17m

Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.

Apr 15, 2022 • 23m

A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.

Apr 14, 2022 • 22m

Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.

Apr 13, 2022 • 24m

Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.

Apr 12, 2022 • 26m

Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.

Apr 11, 2022 • 24m

SolarWinds through a first principle lens. [CSO Perspectives]

Apr 11, 2022 • 22m

Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]

Apr 10, 2022 • 9m

The secrets behind Docker. [Research Saturday]

Apr 9, 2022 • 20m

Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.

Apr 8, 2022 • 23m

Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.

Apr 7, 2022 • 27m

Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA

Apr 6, 2022 • 24m

Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.

Apr 5, 2022 • 22m

Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.

Apr 4, 2022 • 28m

Living security: the current state of XDR. [CyberWire-X]

Apr 3, 2022 • 30m

Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]

Apr 3, 2022 • 5m

Apr 2, 2022 • 19m

Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.

Apr 1, 2022 • 24m

Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.

Mar 31, 2022 • 22m

Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.

Mar 30, 2022 • 23m

Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.

Mar 29, 2022 • 28m

Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.

Mar 28, 2022 • 23m

The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]

Mar 26, 2022 • 19m

Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.

Mar 25, 2022 • 25m

Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.

Mar 24, 2022 • 25m

Insider Risk Excellence Awards. [CyberWire-X]

Mar 24, 2022 • 22m

British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.

Mar 23, 2022 • 25m

White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.

Mar 22, 2022 • 24m

Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.

Mar 21, 2022 • 26m

Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]

Mar 20, 2022 • 7m

Implications of data leaks of sensitive OT information. [Research Saturday]

Mar 19, 2022 • 22m

Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.

Mar 18, 2022 • 24m

Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.

Mar 17, 2022 • 23m

Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.

Mar 16, 2022 • 24m

Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.

Mar 15, 2022 • 27m

Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.

Mar 14, 2022 • 26m

Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]

Mar 13, 2022 • 6m

The story of REvil: From origin to beyond. [Research Saturday]

Mar 12, 2022 • 32m

An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.

Mar 11, 2022 • 25m

Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.

Mar 10, 2022 • 29m

Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.

Mar 9, 2022 • 27m

Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.

Mar 8, 2022 • 25m

Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).

Mar 7, 2022 • 27m

Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]

Mar 6, 2022 • 8m

HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]

Mar 6, 2022 • 35m

An abuse of trust: Potential security issues with open redirects. [Research Saturday]

Mar 5, 2022 • 22m

Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.

Mar 4, 2022 • 25m

Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.

Mar 3, 2022 • 29m

Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.

Mar 2, 2022 • 28m

Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.

Mar 1, 2022 • 28m

An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.

Feb 28, 2022 • 26m

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

Feb 27, 2022 • 8m

Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]

Feb 26, 2022 • 20m

Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.

Feb 25, 2022 • 28m

Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.

Feb 24, 2022 • 24m

Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.

Feb 23, 2022 • 29m

Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.

Feb 22, 2022 • 29m

Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."

Feb 21, 2022 • 23m

Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures

Feb 21, 2022 • 29m

Joe Carrigan: Build your network. [Security engineer] [Career Notes]

Feb 20, 2022 • 8m

What Log4Shell has taught us. [CyberWire-X]

Feb 20, 2022 • 32m

Instagram hijacks all start with a phish. [Research Saturday]

Feb 19, 2022 • 21m

False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.

Feb 18, 2022 • 28m

Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.

Feb 17, 2022 • 28m

A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.

Feb 16, 2022 • 29m

Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.

Feb 15, 2022 • 26m

Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?

Feb 14, 2022 • 23m

Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]

Feb 13, 2022 • 6m

SysJoker backdoor masquerades as benign updates. [Research Saturday]

Feb 12, 2022 • 14m

Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.

Feb 11, 2022 • 28m

Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.

Feb 10, 2022 • 27m

A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.

Feb 9, 2022 • 26m

Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.

Feb 8, 2022 • 26m

Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.

Feb 7, 2022 • 26m

Chris Hadnagy: Show them that you're worth it. [Social engineer] [Career Notes]

Feb 6, 2022 • 8m

The persistent and patient nature of advanced threat actors. [Research Saturday]

Feb 5, 2022 • 18m

Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.

Feb 4, 2022 • 26m

Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.

Feb 3, 2022 • 28m

Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.

Feb 2, 2022 • 26m

Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.

Feb 1, 2022 • 30m

The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.

Jan 31, 2022 • 27m

Helen Patton: A platform to talk about security. [CISO] [Career Notes]

Jan 30, 2022 • 9m

Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]

Jan 30, 2022 • 34m

Use of legitimate tools possibly linked to Seedworm. [Research Saturday]

Jan 29, 2022 • 14m

Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.

Jan 28, 2022 • 27m

Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.

Jan 27, 2022 • 24m

Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.

Jan 26, 2022 • 27m

Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.

Jan 25, 2022 • 31m

Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.

Jan 24, 2022 • 27m

Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]

Jan 23, 2022 • 7m

A collaboration stumbles upon threat actor Lyceum. [Research Saturday]

Jan 22, 2022 • 17m

Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.

Jan 22, 2022 • 26m

Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.

Jan 20, 2022 • 29m

Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.

Jan 19, 2022 • 25m

A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.

Jan 18, 2022 • 25m

SOAR - a first principle idea. [CSO Perspectives}

Jan 17, 2022 • 18m

Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]

Jan 16, 2022 • 9m

Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]

Jan 15, 2022 • 25m

Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.

Jan 14, 2022 • 29m

A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.

Jan 13, 2022 • 26m

The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.

Jan 12, 2022 • 26m

Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.

Jan 11, 2022 • 26m

CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.

Jan 10, 2022 • 29m

Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]

Jan 9, 2022 • 9m

The rise of Karakurt Hacking Team.

Jan 8, 2022 • 12m

Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.

Jan 7, 2022 • 24m

Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.

Jan 6, 2022 • 29m

CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.

Jan 5, 2022 • 29m

Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.

Jan 4, 2022 • 32m

Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.

Jan 3, 2022 • 25m

Cybersecurity predictions for 2022. [CyberWire-X]

Jan 2, 2022 • 29m

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

Jan 2, 2022 • 8m

Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]

Jan 1, 2022 • 21m

CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.

Dec 31, 2021 • 13m

CyberWire Pro Interview Selects: Sir David Omand.

Dec 30, 2021 • 21m

CyberWire Pro Interview Selects: Zan Vautrinot on boards.

Dec 29, 2021 • 20m

CyberWire Pro Interview Selects: Bill Wright of Splunk.

Dec 28, 2021 • 9m

CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.

Dec 27, 2021 • 23m

Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

Dec 26, 2021 • 7m

The CyberWire: The 12 Days of Malware.

Dec 25, 2021 • 7m

CyberWire Pro Research Briefing from 12/21/2021.

Dec 25, 2021 • 9m

CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.

Dec 24, 2021 • 10m

Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.

Dec 23, 2021 • 27m

The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.

Dec 22, 2021 • 27m

Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.

Dec 21, 2021 • 27m

Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.

Dec 20, 2021 • 25m

Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]

Dec 19, 2021 • 9m

Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]

Dec 18, 2021 • 16m

Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.

Dec 17, 2021 • 25m

Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.

Dec 16, 2021 • 26m

Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.

Dec 15, 2021 • 28m

Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.

Dec 14, 2021 • 32m

Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.

Dec 13, 2021 • 27m

Hannah Kenney: Focused on people. [Risk] [Career Notes]

Dec 12, 2021 • 6m

FIN7 repositioning focus into ransomware. [Research Saturday]

Dec 11, 2021 • 28m

Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.

Dec 10, 2021 • 24m

Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.

Dec 9, 2021 • 31m

AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.

Dec 8, 2021 • 24m

The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?

Dec 7, 2021 • 28m

Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.

Dec 6, 2021 • 24m

Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]

Dec 5, 2021 • 49m

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

Dec 5, 2021 • 7m

Getting in and getting out with SnapMC. [Research Saturday]

Dec 4, 2021 • 17m

Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.

Dec 3, 2021 • 25m

More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?

Dec 2, 2021 • 25m

Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.

Dec 1, 2021 • 28m

Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.

Nov 30, 2021 • 25m

Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.

Nov 29, 2021 • 21m

Anisha Patel: Right along with them. [Program management] [Career Notes]

Nov 28, 2021 • 7m

CyberWire Pro Research Briefing from 11/23/2021

Nov 27, 2021 • 8m

CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.

Nov 26, 2021 • 9m

Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]

Nov 25, 2021 • 17m

Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.

Nov 24, 2021 • 28m

Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.

Nov 23, 2021 • 29m

Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.

Nov 22, 2021 • 21m

How ransomware impacts organizations. [CyberWire-X]

Nov 21, 2021 • 30m

MK Palmore: Lead from where you stand. [CISO] [Career Notes]

Nov 21, 2021 • 7m

Using bidirectionality override characters to obscure code. [Research Saturday]

Nov 20, 2021 • 25m

Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?

Nov 19, 2021 • 25m

Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.

Nov 18, 2021 • 24m

CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.

Nov 17, 2021 • 23m

Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.

Nov 16, 2021 • 29m

Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.

Nov 15, 2021 • 22m

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Nov 14, 2021 • 9m

The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]

Nov 14, 2021 • 29m

A glimpse into TeamTNT. [Research Saturday]

Nov 13, 2021 • 15m

Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.

Nov 12, 2021 • 26m

Let's go to the movies. [Hacking Humans Goes to the Movies]

Nov 11, 2021 • 25m

Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.

Nov 10, 2021 • 23m

Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.

Nov 9, 2021 • 25m

REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.

Nov 8, 2021 • 24m

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

Nov 7, 2021 • 6m

An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]

Nov 6, 2021 • 18m

$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.

Nov 5, 2021 • 26m

Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.

Nov 4, 2021 • 25m

Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.

Nov 3, 2021 • 23m

Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.

Nov 2, 2021 • 27m

Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).

Nov 1, 2021 • 23m

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

Oct 31, 2021 • 8m

Malware sometimes changes its behavior. [Research Saturday]

Oct 30, 2021 • 26m

Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”

Oct 29, 2021 • 27m

The Malware Mash!

Oct 29, 2021 • 3m

Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.

Oct 28, 2021 • 26m

Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.

Oct 27, 2021 • 25m

Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.

Oct 26, 2021 • 27m

SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.

Oct 25, 2021 • 23m

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]

Oct 24, 2021 • 7m

When big ransomware goes away, where should affiliates go? [Research Saturday]

Oct 23, 2021 • 19m

Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.

Oct 22, 2021 • 27m

Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.

Oct 21, 2021 • 27m

Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.

Oct 20, 2021 • 24m

TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.

Oct 19, 2021 • 22m

A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?

Oct 18, 2021 • 24m

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

Oct 17, 2021 • 8m

Groove Gang making a name for themselves. [Research Saturday]

Oct 16, 2021 • 20m

CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.

Oct 15, 2021 • 23m

Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.

Oct 14, 2021 • 25m

Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.

Oct 13, 2021 • 29m

Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize

Oct 12, 2021 • 29m

Extra: Let's talk about Facebook's research. [Caveat]

Oct 11, 2021 • 44m

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

Oct 10, 2021 • 9m

Taking a closer look at UNC1151. [Research Saturday]

Oct 9, 2021 • 16m

Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.

Oct 8, 2021 • 25m

Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.

Oct 7, 2021 • 26m

Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.

Oct 6, 2021 • 31m

Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.

Oct 5, 2021 • 28m

Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.

Oct 4, 2021 • 26m

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Oct 3, 2021 • 7m

Cloud configuration security: Breaking the endless cycle. [CyberWire-X]

Oct 3, 2021 • 33m

IoT security and the need for randomness. [Research Saturday]

Oct 2, 2021 • 32m

Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.

Oct 1, 2021 • 25m

GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.

Sep 30, 2021 • 28m

DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.

Sep 29, 2021 • 22m

Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.

Sep 28, 2021 • 26m

The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.

Sep 27, 2021 • 24m

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

Sep 26, 2021 • 9m

Why it’s time for cybersecurity to go mainstream. [CyberWire-X]

Sep 26, 2021 • 40m

Vulnerabilities in the public cloud. [Research Saturday]

Sep 25, 2021 • 21m

Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?

Sep 24, 2021 • 24m

Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.

Sep 23, 2021 • 24m

Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.

Sep 22, 2021 • 28m

BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.

Sep 21, 2021 • 26m

Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.

Sep 20, 2021 • 26m

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

Sep 19, 2021 • 6m

An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

Sep 18, 2021 • 23m

Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.

Sep 17, 2021 • 27m

A CSO's 9/11 Story: CSO Perspectives Bonus.

Sep 17, 2021 • 28m

Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

Sep 16, 2021 • 27m

No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

Sep 15, 2021 • 25m

NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.

Sep 14, 2021 • 22m

The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.

Sep 13, 2021 • 22m

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

Sep 12, 2021 • 5m

A Google Chrome update that just didn't feel right. [Research Saturday]

Sep 11, 2021 • 19m

Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.

Sep 10, 2021 • 27m

Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.

Sep 9, 2021 • 25m

BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.

Sep 8, 2021 • 24m

A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.

Sep 7, 2021 • 26m

Security operations centers: a first principle idea. [CSO Perspectives]

Sep 6, 2021 • 16m

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

Sep 5, 2021 • 6m

Like a computer network but for physical objects. [Research Saturday]

Sep 4, 2021 • 23m

Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.

Sep 3, 2021 • 23m

LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.

Sep 2, 2021 • 25m

A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.

Sep 1, 2021 • 26m

Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airline’s data. CISA opens registration for the President’s Cup. Too much gaming, kids.

Aug 31, 2021 • 24m

Data breaches and ransomware. Another gang says it’s retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?

Aug 30, 2021 • 21m

Rich Hale: Understanding the data. [CTO] [Career Notes]

Aug 29, 2021 • 6m

Joker malware family: not a joke for Google Play. [Research Saturday]

Aug 28, 2021 • 17m

The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrite’s availability. Ragnarok ransomware says it’s going out of business.

Aug 27, 2021 • 30m

A quick look back at yesterday’s White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.

Aug 26, 2021 • 33m

Hacktivism in Belarus. The Taliban’s data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.

Aug 25, 2021 • 29m

Apple CSAM: well-intentioned, slippery slope. [Caveat]

Aug 25, 2021 • 44m

Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man

Aug 24, 2021 • 32m

Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.

Aug 23, 2021 • 24m

From board advisor to board member: evolution of the modern CISO. [CyberWire-X]

Aug 22, 2021 • 47m

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

Aug 22, 2021 • 7m

Exploring vulnerabilities of off-the-shelf software. [Research Saturday]

Aug 21, 2021 • 16m

Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?

Aug 20, 2021 • 30m

T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.

Aug 19, 2021 • 30m

Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.

Aug 18, 2021 • 29m

Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.

Aug 17, 2021 • 28m

Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?

Aug 16, 2021 • 28m

Rick Howard: Give people resources. [CSO] [Career Notes]

Aug 15, 2021 • 6m

You can add new features, just secure the old stuff first. [Research Saturday]

Aug 14, 2021 • 30m

Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.

Aug 13, 2021 • 34m

More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.

Aug 12, 2021 • 31m

A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.

Aug 11, 2021 • 32m

A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.

Aug 10, 2021 • 32m

Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.

Aug 9, 2021 • 28m

Alyssa Miller: We have to elevate others. [BISO] [Career Notes]

Aug 8, 2021 • 7m

SideCopy malware campaigns expand and evolve. [Research Saturday]

Aug 7, 2021 • 20m

FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.

Aug 6, 2021 • 36m

CISA’s new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naiveté about a gang’s reform, or optimism over signs the gang is worried?

Aug 5, 2021 • 30m

Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDuck’s rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhou’s extradition.

Aug 4, 2021 • 37m

Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.

Aug 3, 2021 • 31m

SVR was reading the US Attorneys’ emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.

Aug 2, 2021 • 31m

Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

Aug 1, 2021 • 6m

Behavioral transparency – the patterns within. [CyberWire-X]

Aug 1, 2021 • 33m

China's influence grows through Digital Silk Road Initiative. [Research Saturday]

Jul 31, 2021 • 19m

Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.

Jul 30, 2021 • 31m

Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.

Jul 29, 2021 • 32m

US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.

Jul 28, 2021 • 35m

South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?

Jul 27, 2021 • 32m

The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.

Jul 26, 2021 • 30m

Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]

Jul 25, 2021 • 5m

Is enhanced hardware security the answer to ransomware? [CyberWire-X]

Jul 25, 2021 • 31m

Free malware with cracked software. [Research Saturday]

Jul 24, 2021 • 16m

Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.

Jul 23, 2021 • 31m

Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.

Jul 22, 2021 • 32m

Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.

Jul 21, 2021 • 31m

APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.

Jul 20, 2021 • 32m

Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Group’s Pegasus tool reported.

Jul 19, 2021 • 28m

Peter Baumann: Adding value to data. [CEO] [Career Notes]

Jul 18, 2021 • 6m

Enabling connectivity enables exposures. [Research Saturday]

Jul 17, 2021 • 20m

DDoS at Russia’s MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendor’s activities are exposed. No signs of the US softening on Huawei bans.

Jul 16, 2021 • 28m

Luminous Moth or Mustang Panda, it’s the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.

Jul 15, 2021 • 32m

Patch notes. What’s happening with REvil remains unclear, but it would be rash to count the gang out.

Jul 14, 2021 • 29m

SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.

Jul 13, 2021 • 30m

Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.

Jul 12, 2021 • 29m

APTs transitioning to the cloud. [CyberWire-X]

Jul 11, 2021 • 30m

Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]

Jul 11, 2021 • 6m

Dealing illicit goods on encrypted chat apps. [Research Saturday]

Jul 10, 2021 • 20m

Kaseya continues to work through its REvil days, as does the US Administration. In other news, there’s cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.

Jul 9, 2021 • 33m

Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvil’s victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.

Jul 8, 2021 • 28m

Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.

Jul 7, 2021 • 27m

The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.

Jul 6, 2021 • 30m

Dwayne Price: Sharing information. [Project Management] [Career Notes]

Jul 4, 2021 • 6m

Malware in pirated Windows installation files. [Research Saturday]

Jul 3, 2021 • 14m

Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.

Jul 2, 2021 • 31m

Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?

Jul 1, 2021 • 30m

A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.

Jun 30, 2021 • 28m

A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.

Jun 29, 2021 • 29m

Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.

Jun 28, 2021 • 28m

Introducing Security Unlocked: CISO Series with Bret Arsenault–Leading an Inclusive Workforce: Emma Smith, Vodafone

Jun 27, 2021 • 35m

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

Jun 27, 2021 • 7m

Exhibiting advanced APT-like behavior. [Research Saturday]

Jun 26, 2021 • 21m

REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.

Jun 25, 2021 • 21m

Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?

Jun 24, 2021 • 26m

Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.

Jun 23, 2021 • 27m

Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.

Jun 22, 2021 • 21m

South Korea’s nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.

Jun 21, 2021 • 24m

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

Jun 20, 2021 • 6m

Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]

Jun 19, 2021 • 14m

Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.

Jun 18, 2021 • 29m

The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.

Jun 17, 2021 • 25m

Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.

Jun 16, 2021 • 24m

Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.

Jun 15, 2021 • 24m

Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?

Jun 14, 2021 • 27m

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

Jun 13, 2021 • 5m

Taking a look behind the Science of Security. [Research Saturday]

Jun 12, 2021 • 24m

Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.

Jun 11, 2021 • 26m

Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBI’s partial recovery of DarkSide’s ransom take.

Jun 10, 2021 • 24m

Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATO’s Article 5 in cyberspace. Patch Tuesday notes.

Jun 9, 2021 • 23m

FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.

Jun 8, 2021 • 27m

Dark Side’s way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.

Jun 7, 2021 • 24m

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

Jun 6, 2021 • 6m

Bad building blocks: a new and unusual phishing campaign. [Research Saturday]

Jun 5, 2021 • 19m

Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.

Jun 4, 2021 • 24m

FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.

Jun 3, 2021 • 24m

The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobelium’s USAID impersonation campaign. Siemens addresses PLC vulnerabilities.

Jun 2, 2021 • 24m

Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.

Jun 1, 2021 • 25m

Zero trust: a change in mindset. [Special Editions]

May 31, 2021 • 19m

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

May 30, 2021 • 6m

Big data, big payoff for China's cybercrime underground. [Research Saturday]

May 29, 2021 • 19m

A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.

May 28, 2021 • 26m

Impersonation campaign targets China’s Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.

May 27, 2021 • 22m

Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.

May 26, 2021 • 25m

CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.

May 25, 2021 • 25m

Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.

May 24, 2021 • 22m

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

May 23, 2021 • 5m

Leveraging COVID-19 themes for malicious purposes. [Research Saturday]

May 22, 2021 • 24m

DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.

May 21, 2021 • 27m

DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.

May 20, 2021 • 22m

Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.

May 19, 2021 • 25m

WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.

May 18, 2021 • 24m

Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.

May 17, 2021 • 23m

Dominique West: Security found me. [Strategy] [Career Notes]

May 16, 2021 • 6m

Zeroing in on zero trust. [CyberWire-X]

May 16, 2021 • 32m

Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]

May 15, 2021 • 28m

Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).

May 14, 2021 • 25m

The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.

May 13, 2021 • 25m

The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.

May 12, 2021 • 26m

Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.

May 11, 2021 • 24m

Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.

May 10, 2021 • 26m

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

May 9, 2021 • 6m

Street cred: increasing trust in passwordless authentication. [CyberWire-X]

May 9, 2021 • 29m

SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]

May 8, 2021 • 20m

CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.

May 7, 2021 • 26m

Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.

May 6, 2021 • 23m

DDoS interrupts Belgium’s parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).

May 5, 2021 • 27m

VPN vulnerability exploited for cyberespionage closed. “IT security incident” at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.

May 4, 2021 • 24m

Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.

May 3, 2021 • 24m

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

May 2, 2021 • 6m

A snapshot of the ransomware threat landscape. [Research Saturday}

May 1, 2021 • 23m

Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.

Apr 30, 2021 • 25m

Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSA’s advice on OT security.

Apr 29, 2021 • 22m

More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.

Apr 28, 2021 • 23m

The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.

Apr 27, 2021 • 23m

Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.

Apr 26, 2021 • 25m

Channeling the data avalanche. [CyberWire-X]

Apr 25, 2021 • 35m

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Apr 25, 2021 • 6m

Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]

Apr 24, 2021 • 17m

Three ransomware gangs up their game. The US Postal Inspection Service’s “Internet Covert Operations Program.” GCHQ warns of dependence on Chinese tech. Undersea cable security.

Apr 23, 2021 • 25m

VPN users remediate systems. New Supernova infection. Cryptojacking botnet afflicts vulnerable Exchange Servers. Facebook takes down spyware groups. Ransomware. Cellebrite bug found.

Apr 22, 2021 • 26m

SonicWall, Pulse Secure products under exploitation (mitigations are available). Power grid security. Cyber conflict in the Near Abroad. ISIS worries about Bitcoin. Bad passwords.

Apr 21, 2021 • 23m

Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.

Apr 20, 2021 • 25m

Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.

Apr 19, 2021 • 24m

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

Apr 18, 2021 • 3m

Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]

Apr 17, 2021 • 17m

International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.

Apr 16, 2021 • 25m

Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.

Apr 15, 2021 • 26m

The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.

Apr 14, 2021 • 27m

Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.

Apr 13, 2021 • 25m

Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.

Apr 12, 2021 • 23m

Debra Danielson: Be fearless. [CTO] [Career Notes]

Apr 11, 2021 • 7m

Strategic titles point to something more than a commodity campaign. [Research Saturday]

Apr 10, 2021 • 22m

A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.

Apr 9, 2021 • 24m

Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.

Apr 8, 2021 • 23m

A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.

Apr 7, 2021 • 24m

Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.

Apr 6, 2021 • 22m

An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

Apr 5, 2021 • 21m

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

Apr 4, 2021 • 4m

Ezuri: Regenerating a different kind of target. [Research Saturday]

Apr 3, 2021 • 19m

Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

Apr 2, 2021 • 26m

Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

Apr 1, 2021 • 25m

Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

Mar 31, 2021 • 23m

US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

Mar 30, 2021 • 25m

Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

Mar 29, 2021 • 25m

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

Mar 28, 2021 • 5m

How are we doing in the industrial sector? [Research Saturday]

Mar 27, 2021 • 21m

Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

Mar 26, 2021 • 28m

Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

Mar 25, 2021 • 24m

Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

Mar 24, 2021 • 25m

Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

Mar 24, 2021 • 17m

Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

Mar 23, 2021 • 24m

Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

Mar 22, 2021 • 25m

Kevin Magee: Focus on the archer. (CSO) [Career Notes]

Mar 21, 2021 • 5m

BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

Mar 20, 2021 • 15m

Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

Mar 19, 2021 • 27m

Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

Mar 18, 2021 • 24m

US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.

Mar 17, 2021 • 24m

Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).

Mar 16, 2021 • 24m

Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.

Mar 15, 2021 • 25m

Dinah Davis: Building your network. [R&D] [Career Notes]

Mar 14, 2021 • 6m

SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]

Mar 14, 2021 • 36m

Keeping data confidential with fully homomorphic encryption. [Research Saturday]

Mar 13, 2021 • 23m

Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.

Mar 12, 2021 • 24m

More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.

Mar 11, 2021 • 25m

Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.

Mar 10, 2021 • 25m

Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.

Mar 9, 2021 • 24m

Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).

Mar 8, 2021 • 25m

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

Mar 7, 2021 • 5m

Diving deep into North Korea's APT37 tool kit. [Research Saturday]

Mar 6, 2021 • 18m

SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.

Mar 5, 2021 • 28m

Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.

Mar 4, 2021 • 22m

RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.

Mar 3, 2021 • 23m

India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).

Mar 2, 2021 • 23m

“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.

Mar 1, 2021 • 23m

Aarti Borkar: Make your own choices. [Product} [Career Notes]

Feb 28, 2021 • 5m

Shining a light on China's cyber underground. [Research Saturday]

Feb 27, 2021 • 23m

Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.

Feb 26, 2021 • 27m

PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.

Feb 25, 2021 • 24m

Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.

Feb 24, 2021 • 25m

DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.

Feb 23, 2021 • 24m

Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.

Feb 22, 2021 • 23m

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

Feb 21, 2021 • 5m

Attackers (ab)using Google Chrome. [Research Saturday]

Feb 20, 2021 • 19m

Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.

Feb 19, 2021 • 25m

The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.

Feb 18, 2021 • 23m

US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.

Feb 17, 2021 • 25m

France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE

Feb 16, 2021 • 23m

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]

Feb 16, 2021 • 38m

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

Feb 14, 2021 • 5m

Using the human body as a wire-like communication channel. [Research Saturday]

Feb 13, 2021 • 19m

Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.

Feb 12, 2021 • 27m

Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.

Feb 11, 2021 • 27m

Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.

Feb 10, 2021 • 21m

Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.

Feb 9, 2021 • 24m

A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?

Feb 8, 2021 • 25m

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

Feb 7, 2021 • 4m

In the clear: what it's like working as a woman in the cleared community. [Special Edition]

Feb 7, 2021 • 52m

"Follow the money" the cybersecurity way. [Research Saturday]

Feb 6, 2021 • 27m

Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.

Feb 5, 2021 • 27m

Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.

Feb 4, 2021 • 25m

China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.

Feb 3, 2021 • 25m

Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.

Feb 2, 2021 • 22m

Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.

Feb 1, 2021 • 26m

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Jan 31, 2021 • 5m

Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]

Jan 31, 2021 • 31m

The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]

Jan 30, 2021 • 17m

Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.

Jan 29, 2021 • 26m

Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.

Jan 28, 2021 • 24m

Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.

Jan 27, 2021 • 24m

Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?

Jan 26, 2021 • 24m

The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.

Jan 25, 2021 • 25m

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

Jan 24, 2021 • 5m

Trickbot may be down, but can we count it out? [Research Saturday]

Jan 23, 2021 • 19m

Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.

Jan 22, 2021 • 28m

Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.

Jan 21, 2021 • 24m

More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.

Jan 20, 2021 • 23m

EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.

Jan 19, 2021 • 23m

Encore: You will pay for that one way or another. [Caveat]

Jan 18, 2021 • 36m

Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

Jan 17, 2021 • 5m

Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

Jan 16, 2021 • 24m

Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.

Jan 15, 2021 • 26m

SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?

Jan 14, 2021 • 25m

Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.

Jan 13, 2021 • 22m

Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.

Jan 12, 2021 • 24m

More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.

Jan 11, 2021 • 27m

Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]

Jan 10, 2021 • 5m

Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]

Jan 9, 2021 • 24m

The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.

Jan 8, 2021 • 25m

CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.

Jan 7, 2021 • 23m

Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.

Jan 6, 2021 • 24m

It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.

Jan 5, 2021 • 24m

Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.

Jan 4, 2021 • 24m

Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]

Jan 3, 2021 • 5m

Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]

Jan 2, 2021 • 29m

Andy Greenberg on the Sandworm Indictments. [Interview Selects]

Jan 1, 2021 • 17m

SOAR – a first principle idea.

Dec 31, 2020 • 16m

Security operations centers: around the Hash Table.

Dec 30, 2020 • 27m

Security operations centers: a first principle idea.

Dec 29, 2020 • 16m

Cybersecurity First Principles: DevSecOps.

Dec 28, 2020 • 19m

Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]

Dec 27, 2020 • 7m

Encore: Seedworm digs Middle East intelligence. [Research Saturday]

Dec 26, 2020 • 20m

Encore: Separating fools from money. [Hacking Humans]

Dec 25, 2020 • 30m

Encore: Technology that allows cops to track your phone. [Caveat]

Dec 24, 2020 • 49m

Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.

Dec 23, 2020 • 26m

Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.

Dec 22, 2020 • 27m

Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.

Dec 21, 2020 • 25m

Robert Lee: Keeping the lights on. [ICS] [Word Notes]

Dec 20, 2020 • 5m

Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]

Dec 19, 2020 • 25m

Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.

Dec 18, 2020 • 31m

The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.

Dec 17, 2020 • 22m

SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.

Dec 16, 2020 • 22m

SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.

Dec 15, 2020 • 25m

A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.

Dec 14, 2020 • 23m

Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]

Dec 14, 2020 • 32m

Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]

Dec 13, 2020 • 5m

Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]

Dec 12, 2020 • 32m

OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.

Dec 11, 2020 • 25m

Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.

Dec 10, 2020 • 24m

Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.

Dec 9, 2020 • 24m

IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.

Dec 8, 2020 • 23m

NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.

Dec 7, 2020 • 22m

Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]

Dec 6, 2020 • 6m

SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]

Dec 5, 2020 • 15m

2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.

Dec 4, 2020 • 26m

Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?

Dec 3, 2020 • 25m

The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.

Dec 2, 2020 • 26m

Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.

Dec 1, 2020 • 22m

Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.

Nov 30, 2020 • 25m

Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]

Nov 29, 2020 • 6m

Encore: Using global events as lures for malicious activity.

Nov 28, 2020 • 22m

Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.

Nov 25, 2020 • 23m

Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.

Nov 24, 2020 • 22m

Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”

Nov 23, 2020 • 24m

James Hadley: Spend time on what interests you. [CEO] [Career Notes]

Nov 22, 2020 • 5m

Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]

Nov 21, 2020 • 19m

Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.

Nov 20, 2020 • 26m

Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).

Nov 19, 2020 • 24m

Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.

Nov 18, 2020 • 23m

Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.

Nov 17, 2020 • 23m

Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.

Nov 16, 2020 • 25m

Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]

Nov 15, 2020 • 4m

That first CVE was a fun find, for sure. [Research Saturday]

Nov 14, 2020 • 27m

CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.

Nov 13, 2020 • 25m

An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.

Nov 12, 2020 • 24m

shadow IT (noun) [Word Notes]

Nov 11, 2020 • 4m

remote access Trojan or RAT (noun) [Word Notes]

Nov 11, 2020 • 4m

A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.

Nov 10, 2020 • 24m

Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.

Nov 9, 2020 • 24m

Latest activity

Switch to the Fountain App

Open in Fountain