![Cerber ransomware strikes Linux. [Research Saturday]](https://is5-ssl.mzstatic.com/image/thumb/Podcasts116/v4/12/16/ca/1216caa3-af21-5352-8400-c6e0e84332b5/mza_6844882071149318753.jpg/250x250bb.jpg)
Episoder
-
An alleged leak of Google’s search algorithm contradicts the company’s public statements. German researchers discover a critical vulnerability in a TP-Link router. Breachforums is back…maybe. The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Korea’s Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study. A cracked password results in a multimillion dollar windfall.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 6: Security Assessment and Testing and tackle the following question together:
You are hiring a vendor to perform a penetration test that would simulate a breach from an insider threat. What type of test would be BEST to perform?
Blue Box
Black Box
White-hat hack
White box
CyberWire Guest
Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Study. You can find out more about the study here.
Selected Reading
Google won’t comment on a potentially massive leak of its search algorithm documentation (The Verge)
Update TP-Link's Archer C5400X router now to fix remote takeover vulnerability (TechSpot)
Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? (Malwarebytes)
Ransomware attack on Seattle Public Library knocks out online systems (The Record)
Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes (United States Department of Justice)
Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet (United States Department of Treasury)
First American December data breach impacts 44,000 people (Bleeping Computer)
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks (Microsoft Security Blog)
Cybersecurity at a crossroads: Time to shift to an architectural approach (CSO Online)
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet (WIRED)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christie’s. Prescription services warn customers of data breaches. Personal data from public sector workers in India is leaked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you can’t beat ‘em, troll ‘em.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space.
Selected Reading
Potent youth cybercrime ring made up of 1,000 people, FBI official says (CyberScoop)
Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack (ITPro)
Data Stolen From MediSecure for Sale on Dark Web (SecurityWeek)
2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx (SecurityWeek)
Data leak exposes personal data of Indian military and police (CSO Online)
Check Point warns of threat actors targeting its VPNs (TechMonitor)
Internet Archive Hit With DDoS Attack (PCMag)
Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer)
Cops Are Just Trolling Cybercriminals Now (WIRED)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Mangler du episoder?
-
Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day.
References:
Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online.
Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY.
Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History.
Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY.
General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube.
JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College.
John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music.
John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe.
Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times.
Paul Robeson, 2021. John Brown’s Body [Song]. YouTube.
Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb.
Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College.
Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust.
Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives.
Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube. -
Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us.
-
Jon DiMaggio, a Chief Security Strategist at Analyst1, is sharing his work on "Ransomware Diaries Volume 5: Unmasking LockBit." On February 19, 2024, the National Crime Agency (NCA), a UK sovereign law enforcement agency, in collaboration with the FBI, Europol, and nine other countries under "Operation Cronos," disrupted the LockBit ransomware gang’s data leak site used for shaming, extorting, and leaking victim data.
The NCA greeted visitors to LockBit’s dark web leak site with a seizure banner, revealing they had been controlling LockBit’s infrastructure for some time, collecting information, acquiring victim decryption keys, and even compromising the new ransomware payload intended for LockBit 4.0.
The research can be found here:
Ransomware Diaries Volume 5: Unmasking LockBit -
LockBit drops 300 gigabytes of data from London Drugs. Video software used in courtrooms worldwide contains a backdoor. Google patches another Chrome zero-day. The EU seeks collaboration between research universities and intelligence agencies. Atlas Lion targets retailers with gift card scams. Researchers explore an Apple reappearing photo bug. Hackers access a Japanese solar power grid. Congress floats a bill to enhance cyber workforce diversity. Ben Yelin joins us with a groundbreaking legal case involving AI generated CSAM. Whistling past the expired domain graveyard.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, discusses "FBI Arrests Man For Generating AI Child Sexual Abuse Imagery."
Selected Reading
Hackers release corporate data stolen from London Drugs, company says (The Star)
Crooks plant backdoor in software used by courtrooms around the world (Ars Technica)
Google fixes eighth actively exploited Chrome zero-day this year (Bleeping Computer)
EU wants universities to work with intelligence agencies to protect their research (The Record)
US retailers under attack by gift card-thieving cyber gang (Help Net Security)
Apple wasn’t storing deleted iOS photos in iCloud after all (Bleeping Computer)
Hijack of monitoring devices highlights cyber threat to solar power infrastructure (CSO Online)
New Diverse Cybersecurity Workforce bill to promote inclusivity, provide CISA with millions for outreach (Industrial Cyber)
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains (INTI)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apple’s Wi-Fi positioning system. Scotland’s NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on Legal Perspectives on Cyberattacks Targeting Space Systems. Tone-blasting underwater data centers.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on their paper: Law in Orbit: International Legal Perspectives on Cyberattacks Targeting Space Systems. You can learn more about their work in this post. Check out T-Minus Space Daily for your daily space intelligence.
Selected Reading
Spyware found on US hotel check-in computers ( TechCrunch)
Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search (Bleeping Computer)
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea (Bitdefender)
Apple’s Wi-Fi Positioning Can Be System Abused To Track Users (GB Hackers)
National Records of Scotland Data Breached in NHS Cyber-Attack (Infosecurity Magazine)
Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report (SecurityWeek)
NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack (SecurityWeek)
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia (Palo Alto Networks Unit 42 Intel)
FCC chair proposes requirement for political ads to disclose when AI content is used (The Record)
Acoustic attacks could be a serious threat to the future of underwater data centers (TechSpot)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Some say Microsoft’s Recall should be. A breach of a Texas healthcare provided affects over four hundred thousand. Police in the Philippines shut down services following a breach. Ivanti patches multiple products. GitHub fixes a critical authentication bypass vulnerability. Researchers discover critical vulnerabilities in Honeywell’s ControlEdge Unit Operations Controller. The DoD releases their Cybersecurity Reciprocity Playbook. Hackers leak a database with millions of Americans’ criminal records. Mastercard speeds fraud detection with AI. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 5: Identity and Access Management. Remembering a computing visionary.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Joe and Sam dive into Domain 5: Identity and Access Management (IAM) and tackle a question together about biometric configuration. Try the question yourself before listening to the discussion!
You are configuring a biometric hand scanner to secure your data center. Which of the following practices is BEST to follow?
Decrease the reader sensitivity
Increase the FAR
Decrease the FRR
Increase the reader sensitivity
Selected Reading
UK watchdog looking into Microsoft AI taking screenshots (BBC)
How the new Microsoft Recall feature fundamentally undermines Windows security (DoublePulsar)
CentroMed Confirms Data Breach Affecting an Estimated 400k | Console and Associates, P.C. (JDSupra)
PNP suspends online services amid data breach probe (Philippine News Agency)
Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager (SecurityWeek)
Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server (Heimdal Security)
Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution (SecurityWeek)
DoD CIO debuts cybersecurity reciprocity playbook to streamline system authorizations, boost cybersecurity efficiency (Industrial Cyber)
Criminal record database of millions of Americans dumped online (Malwarebytes)
Mastercard Doubles Speed of Fraud Detection with Generative AI (Infosecurity Magazine)
Gordon Bell, Legendary Designer of Computers, Dies at 89 (Gizmodo)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar?
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco.
Selected Reading
“Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice)
Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)
CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar)
CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek)
Fluent Bit flaw discovered that impacts every major cloud provider (Tech Monitor)
EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems (SecurityWeek)
New BiBi Wiper version also destroys the disk partition table (Bleeping Computer)
Enhancing Open Source Security: Introducing Siren by OpenSSF (OpenSSF)
HHS offering $50 million for proposals to improve hospital cybersecurity (The Record)
Scarlett Johansson Said No, but OpenAI’s Virtual Assistant Sounds Just Like Her (The New York Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Germany’s BSI sues Microsoft for more information on recent security incidents. Julian Assange can appeal his U.S. extradition. AI chatbots may have itchy trigger fingers. CISA warns of vulnerabilities affecting Google Chrome and D-Link routers. Ham Radio’s association suffers a data breach. New underground marketplaces pop up to replace BreachForums. An updated banking trojan targets users in Central and South America. Cybercom’s founders share its origin story. Examining gender bias in open source software contributors. For our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2K’s Brandon Karpf at the 2024 RSA Conference to discuss personal cybersecurity risks for executives. College students unlock free laundering — no money required.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2K’s Brandon Karpf at the 2024 RSA Conference. Chris and Brandon discussed personal cybersecurity risks for executives.
Selected Reading
BSI sues Microsoft for disclosure of information on security disaster (Ground News)
Assange Can Appeal U.S. Extradition, English Court Rules (The New York Times)
ChatGPT likes to fight. For military AI researchers, that’s a problem (Tech Brew)
CISA warns of hackers exploiting Chrome, EoL D-Link bugs (Bleeping Computer)
American Radio Relay League Hit by Cyberattack (SecurityWeek)
FBI seizes BreachForums infrastructure — but successor sites are already popping up (ITPro)
Grandoreiro Banking Trojan is Back With Major Updates (Infosecurity Magazine)
(PDF) Gender bias in open source: Pull request acceptance of women versus men (ResearchGate)
The inside story of Cyber Command’s creation (CSO Online)
Two Santa Cruz students uncover security bug that could let millions do their laundry for free (TechCrunch)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.
-
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs).
These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems.
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API -
On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton, Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, and former US Attorney, on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event.
On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.
The indictment alleges that the defendants conspired to hack into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity.
US Attorney Dave Hickton represented the Western District of Pennsylvania and was the signatory on the indictment. His team worked with the FBI Cyber Team in Pittsburgh, PA to bring about this historic action.
Resources:
Press Release: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage
Indictment -
Australia warns of a large-scale ransomware data breach. The justice department charges five with helping North Korean IT workers evade sanctions. The FCC wants to beef up BGP. Antidot is a new Android banking trojan. The SEC enhances disclosure obligations. Researchers uncover vulnerabilities in GE ultrasound devices. A Baltimore neo-nazi pleads guilty to conspiring to take down an electrical grid. On our Solution Spotlight: N2K’s Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. “Tanks” for the warm water, but you can keep the vulnerabilities.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Solution Spotlight: N2K’s Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. Simone and Alicja spoke at the 2024 RSA Conference.
Selected Reading
Australian government warns of 'large-scale ransomware data breach' (The Record)
US exposes scheme enabling North Korean IT workers to bypass sanctions (Help Net Security)
FCC proposes BGP security measures (Network World)
BGP: What is border gateway protocol, and how does it work? (Network World)
New 'Antidot' Android Trojan Allows Cybercriminals to Hack Devices, Steal Data (SecurityWeek)
SEC beefs up data privacy rules (Investment Executive)
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft (DarkReading)
Baltimore County woman pleads guilty to conspiring with neo-Nazi leader to attack energy grid (The Baltimore banner)
How I upgraded my water heater and discovered how bad smart home security can be (Ars Technica)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. ESports gaming gets a level up in their security. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak, the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, discusses the challenges and opportunities of AI adoption with guest Mike Spisak, Managing Director of Proactive Security at Unit 42. They emphasize the importance of early security involvement in the AI development lifecycle and the crucial role of inventorying AI usage to tailor protection measures. You can listen to the full episode here.
Selected Reading
FBI seize BreachForums hacking forum used to leak stolen data (Bleeping Computer)
New UK system will see ISPs benefit from same protections as government networks (The Record)
Riot Games, Cisco to Connect and Protect League of Legends Esports Through Expanded Global Partnership (Cisco)
To the Moon and back(doors): Lunar landing in diplomatic missions (WeLiveSecurity)
New Black Basta Social Engineering Scheme (ReliaQuest)
IoT Cameras Exposed by Chainable Exploits, Millions Affected (HackRead)
Kimsuky APT Using Newly Discovered Gomir Linux Backdoor (Decipher)
Law enforcement data stolen in Wichita ransomware attack (The Record)
Nigeria Halts Cybersecurity Tax After Public Outrage (Dark Reading)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
U.S. Senators look to enhance American leadership in AI. Federal Agencies Warn of Rising Cyberattacks on Civil Society. The Pentagon says they’re satisfied with Microsoft’s post-breach security pivots. Patch Tuesday updates. A Mississippi health system alerts users of a post-ransomware data breach. The FTC cautions automakers over data collection. CISOs feel pressure to understate cyber risks. On the Learning Layer, Sam and Joe continue their certification journey. Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf about cyber civil defense clinics. A crypto mixing service developer finds himself behind bars.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf at 2024 RSA Conference about cyber civil defense clinics and the CLTC. Learn about their upcoming Cyber Civil Defense Summit being held at the International Spy Museum in Washington DC next month.
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss how to use the midterm exam and Test Day Strategy video.
Selected Reading
Senators Propose $32 Billion in Annual A.I. Spending but Defer Regulation (The New York Times)
Civil society under increasing threats from 'malicious' state cyber actors, US warns (The Record)
Post-data breach, DOD held 'very candid discussions' with Microsoft (DefenseScoop)
Microsoft issues patches for over 60 software vulnerabilities (Tech Monitor)
Adobe releases May 2024 fixes for critical issues in Reader, Acrobat, Illustrator and other products (BeyondMachines.net)
CISA issues ICS advisories on hardware vulnerabilities from Rockwell, SUBNET, Johnson Controls, Mitsubishi Electric (Industrial Cyber)
900k Impacted by Data Breach at Mississippi Healthcare Provider (SecurityWeek)
FTC fires 'shot across the bow' at automakers over connected-car data privacy (The Record)
Security leaders report pressure from boards to downplay cyber risks (ITPro)
Tornado Cash Developer Jailed for Laundering Billions of Dollars (GB Hackers)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malicious Python package targets macOS users. ESET unpacks Ebury malware. Don’t answer Jenny’s email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America.” The White House says, “Keep your crypto mining away from our missile silos!”
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Barbara McQuade joins us to discuss her book "Attack from Within: How Disinformation is Sabotaging America" with Caveat co host Ben Yelin. You can hear Barbara and Ben’s full conversation on last week’s episode of Caveat here. You can catch Caveat on your favorite podcast app each Thursday where hosts Dave and Ben examine the latest in surveillance, digital privacy, cybersecurity law and policy.
Selected Reading
Google Patches Second Chrome Zero-Day in One Week (SecurityWeek)
UK Insurance and NCSC Join Forces to Fight Ransomware Payments (Infosecurity Magazine)
FCC Warns of 'Royal Tiger' Robocall Scammers (SecurityWeek)
Vermont passes data privacy law allowing consumers to sue companies (The Record)
PyPi package backdoors Macs using the Sliver pen-testing suite (Bleeping Computer)
Apple backports fix for RTKit iOS zero-day to older iPhones (Bleeping Computer)
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain (WeLiveSecurity)
Security Experts Issue Jenny Green Email Warning For Millions (Forbes)
US government shuts down Chinese-owned cryptomine near nuclear missile base in Wyoming (Data Centre Dynamics)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Chris Betz, CISO of AWS, discussing how to build a strong culture of security. In his blog, Chris writes about how AWS’s security culture starts at the top, and it extends through every part of the organization.
Selected Reading
Europol confirms web portal breach, says no operational data stolen (Bleeping Computer)
US and China to Hold Discussions on AI Risks and Security (BankInfo Security)
CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber)
'Russian' hackers deface potentially hundreds of local British news sites (The Record)
Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security)
MoD hack: IT contractor concealed major hack for months (Computing)
AI's rapid growth puts pressure on CISOs to adapt to new security risks (Help Net Security)
Reality Defender Wins RSAC Innovation Sandbox Competition (Dark Reading)
Solar Storms are disrupting farmer GPS systems during critical planting time (The Verge)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us.
-
Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The team observed an increasing number of threats that have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes."
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API - Se mer
