CyberWire Daily
By N2K Networks
Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.
Image by N2K Networks
Category: Tech News
Open in Apple Podcasts
Open RSS feed
Open Website
Rate for this podcast
Subscribers: 1632
Reviews: 5
Episodes: 2818
CyberGirl
Oct 28, 2020
An excellent resource for the cyber news of the day, without the extra "fluff". NOTE: this is NOT an educational podcast, it is strictly distilled news.
Matt Aguirre
Mar 10, 2019
Jan 16, 2019
Average Joe
Dec 12, 2018
This is a great source for a daily overview of what happened in Cyber Security and IT!
Mikey
Nov 11, 2018
Although I enjoy listening, it's like a new language which I'm slowly learning. I wish some more time was given to background regarding malware.
Description
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
| Episode | Date |
|---|---|
|
From phishing to felony.
|
Apr 18, 2024 |
|
The rebirth of Russia's cyber warfare.
|
Apr 17, 2024 |
|
Weathering the phishing front.
|
Apr 16, 2024 |
|
Hunting vulnerabilities.
|
Apr 15, 2024 |
|
AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]
|
Apr 15, 2024 |
|
Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]
|
Apr 14, 2024 |
|
AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]
|
Apr 14, 2024 |
|
Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]
|
Apr 13, 2024 |
|
Privacy, power, and the path forward.
|
Apr 12, 2024 |
|
Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]
|
Apr 12, 2024 |
|
Apple's worldwide warning on mercenary attacks.
|
Apr 11, 2024 |
|
From deadlock to debate on a revised Section 702 bill.
|
Apr 10, 2024 |
|
Unraveling a healthcare ransomware web.
|
Apr 09, 2024 |
|
A possible breakthrough in data privacy legislation.
|
Apr 08, 2024 |
|
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]
|
Apr 07, 2024 |
|
Leaking your AWS API keys, on purpose? [Research Saturday]
|
Apr 06, 2024 |
|
Deciphering the Acuity cybersecurity incident.
|
Apr 05, 2024 |
|
Securing secrets: The State Department's cyber hunt.
|
Apr 04, 2024 |
|
Biden administration brings down the hammer.
|
Apr 03, 2024 |
|
From lawsuit to logoff: Google's incognito mode makeover.
|
Apr 02, 2024 |
|
Unmasking the xzploitation.
|
Apr 01, 2024 |
|
Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
|
Mar 31, 2024 |
|
The supply chain in disarray. [Research Saturday]
|
Mar 30, 2024 |
|
Pentagon’s cybersecurity roadmap.
|
Mar 29, 2024 |
|
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
|
Mar 29, 2024 |
|
A battle against malware.
|
Mar 28, 2024 |
|
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
|
Mar 28, 2024 |
|
If there's something strange in your neighborhood, don't call Facebook.
|
Mar 27, 2024 |
|
Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]
|
Mar 27, 2024 |
|
The great firewall breached: China's covert cyber assault on America exposed.
|
Mar 26, 2024 |
|
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
|
Mar 26, 2024 |
|
Python developers under attack.
|
Mar 25, 2024 |
|
Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
|
Mar 24, 2024 |
|
HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]
|
Mar 23, 2024 |
|
When it rains, it pours.
|
Mar 22, 2024 |
|
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
|
Mar 22, 2024 |
|
Safeguarding American data from foreign hands.
|
Mar 21, 2024 |
|
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
|
Mar 21, 2024 |
|
Biden's cyber splash in protecting the nation's water systems.
|
Mar 20, 2024 |
|
The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]
|
Mar 20, 2024 |
|
SIM swap scammer pleads guilty.
|
Mar 19, 2024 |
|
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
|
Mar 19, 2024 |
|
The hot pursuit of Volt Typhoon.
|
Mar 18, 2024 |
|
Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]
|
Mar 17, 2024 |
|
Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
|
Mar 17, 2024 |
|
Inside SendGrid's phishy business. [Research Saturday]
|
Mar 16, 2024 |
|
Flight fiasco: UK Defence Minister's jet faces GPS jamming.
|
Mar 15, 2024 |
|
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
|
Mar 15, 2024 |
|
TikTok showdown: U.S. lawmakers target privacy and security.
|
Mar 14, 2024 |
|
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
|
Mar 14, 2024 |
|
The usual suspects are up to their usual tricks.
|
Mar 13, 2024 |
|
Biden's budget boost for cybersecurity.
|
Mar 12, 2024 |
|
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
|
Mar 12, 2024 |
|
CISA’s news trifecta.
|
Mar 11, 2024 |
|
Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
|
Mar 10, 2024 |
|
Setting better cyber job expectations to attract and retain talent. [Special Edition]
|
Mar 10, 2024 |
|
Understanding the multi-tiered impact of ransomware. [Research Saturday]
|
Mar 09, 2024 |
|
From breach to battle: The escalating threat of Midnight Blizzard.
|
Mar 08, 2024 |
|
Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]
|
Mar 08, 2024 |
|
A secret scheme resulting in stolen secrets.
|
Mar 07, 2024 |
|
Encore: Dinah Davis: Building your network. [R&D] [Career Notes]
|
Mar 07, 2024 |
|
No cyber blues on Super Tuesday.
|
Mar 06, 2024 |
|
From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
|
Mar 05, 2024 |
|
Change Healthcare hackers cash in $22 million ransom.
|
Mar 05, 2024 |
|
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]
|
Mar 05, 2024 |
|
Cyberattack causes a code red on US healthcare.
|
Mar 04, 2024 |
|
Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
|
Mar 03, 2024 |
|
The return of a malware menace. [Research Saturday]
|
Mar 02, 2024 |
|
WhatsApp's legal triumph cracks the spyware vault.
|
Mar 01, 2024 |
|
Iran's cyber quest in Middle Eastern aerospace.
|
Feb 29, 2024 |
|
Protecting American data.
|
Feb 28, 2024 |
|
Out with the old, in with the new.
|
Feb 27, 2024 |
|
LockBit reloaded: Unveiling the next chapter in cybercrime.
|
Feb 26, 2024 |
|
Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]
|
Feb 25, 2024 |
|
Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]
|
Feb 24, 2024 |
|
Crackdown on privacy leads to a multi-million dollar fine.
|
Feb 23, 2024 |
|
AT&T outage leaves major cities offline.
|
Feb 22, 2024 |
|
Anchoring security for US ports.
|
Feb 21, 2024 |
|
The reign of digital terror ends.
|
Feb 20, 2024 |
|
AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]
|
Feb 19, 2024 |
|
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
|
Feb 19, 2024 |
|
Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]
|
Feb 18, 2024 |
|
Hackers come hopping back. [Research Saturday]
|
Feb 17, 2024 |
|
FBI initiates router revolution.
|
Feb 16, 2024 |
|
An AI arms race.
|
Feb 15, 2024 |
|
It’s always DNS, but that may just be FUD.
|
Feb 14, 2024 |
|
Phishing threats unleashed.
|
Feb 13, 2024 |
|
DOJ strikes justice.
|
Feb 12, 2024 |
|
Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]
|
Feb 11, 2024 |
|
Ransomware is coming. [Research Saturday]
|
Feb 10, 2024 |
|
Imitation game: LastPass vs LassPass.
|
Feb 09, 2024 |
|
Volt Typhoon’s stealthy threat to US critical infrastructure.
|
Feb 08, 2024 |
|
Taking a bite out of Apple.
|
Feb 07, 2024 |
|
Cracking down on spyware.
|
Feb 06, 2024 |
|
A serious breach showdown.
|
Feb 05, 2024 |
|
Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]
|
Feb 04, 2024 |
|
Weathering the internet storm. [Research Saturday]
|
Feb 03, 2024 |
|
A digital leaker gets 40 years behind bars.
|
Feb 02, 2024 |
|
Defending America against China's ominous onslaught.
|
Feb 01, 2024 |
|
VPN compromise causes concerns.
|
Jan 31, 2024 |
|
A Typhoon counter.
|
Jan 30, 2024 |
|
Seeking dismissal of SEC allegations.
|
Jan 29, 2024 |
|
Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]
|
Jan 28, 2024 |
|
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
|
Jan 28, 2024 |
|
Hooked on pirated macOS applications. [Research Saturday]
|
Jan 27, 2024 |
|
A new purchase is cause for a call out.
|
Jan 26, 2024 |
|
Another day, another Blizzard attack.
|
Jan 25, 2024 |
|
The fight against exploiting Americans.
|
Jan 24, 2024 |
|
The mother of all data breaches.
|
Jan 23, 2024 |
|
Midnight Blizzard brings the storm.
|
Jan 22, 2024 |
|
Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]
|
Jan 21, 2024 |
|
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
|
Jan 21, 2024 |
|
A firewall wake up call. [Research Saturday]
|
Jan 20, 2024 |
|
New malware, new threats.
|
Jan 19, 2024 |
|
A credential dump hits the online underground.
|
Jan 18, 2024 |
|
Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]
|
Jan 18, 2024 |
|
Maximum severity vulnerability needs critical updates.
|
Jan 17, 2024 |
|
Vulnerabilities and security risks.
|
Jan 16, 2024 |
|
Putting a dent in the cybersecurity workforce gap. [Special Edition]
|
Jan 15, 2024 |
|
Encore: Examining the current state of security orchestration. [CyberWire-X]
|
Jan 15, 2024 |
|
Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]
|
Jan 14, 2024 |
|
Dual Russian cyber gangs hit 23 companies. [Research Saturday]
|
Jan 13, 2024 |
|
Casting a wider hiring net.
|
Jan 12, 2024 |
|
Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.
|
Jan 11, 2024 |
|
A pivotal global menace.
|
Jan 10, 2024 |
|
Swatting on the rise.
|
Jan 09, 2024 |
|
A conclusion on the xDedic Marketplace investigation.
|
Jan 08, 2024 |
|
Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]
|
Jan 07, 2024 |
|
Diving deep into Phobos ransomware. [Research Saturday]
|
Jan 06, 2024 |
|
Disruptions to the internet.
|
Jan 05, 2024 |
|
Russian hackers hide in Ukraine telecoms for months.
|
Jan 04, 2024 |
|
A digital disappearance in Utah.
|
Jan 03, 2024 |
|
Apple's clickless exploit.
|
Jan 02, 2024 |
|
Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]
|
Jan 01, 2024 |
|
Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]
|
Dec 31, 2023 |
|
Encore: What malicious campaign is lurking under the surface? [Research Saturday]
|
Dec 30, 2023 |
|
T-Minus Overview- Space Cybersecurity. [t-minus]
|
Dec 29, 2023 |
|
Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]
|
Dec 28, 2023 |
|
Encore: Active visibility into OT systems. [Control Loop]
|
Dec 27, 2023 |
|
NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]
|
Dec 27, 2023 |
|
Artificial Intelligence: Insights & Oddities [8th Layer Insights]
|
Dec 26, 2023 |
|
“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]
|
Dec 26, 2023 |
|
Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]
|
Dec 25, 2023 |
|
The CyberWire: The 12 Days of Malware. [Special Edition]
|
Dec 23, 2023 |
|
Sentenced to hospital detention.
|
Dec 22, 2023 |
|
Kingdom come, kingdom fall.
|
Dec 21, 2023 |
|
Leading the charge in cybercrime take downs.
|
Dec 20, 2023 |
|
A dark web take down.
|
Dec 19, 2023 |
|
14 million customers and stolen data.
|
Dec 18, 2023 |
|
Oren Koren: Crossing music and cybersecurity. [Career Notes]
|
Dec 17, 2023 |
|
Shedding light on fighting Ursa. [Research Saturday]
|
Dec 16, 2023 |
|
Remapping privacy.
|
Dec 15, 2023 |
|
Taking down the storm.
|
Dec 14, 2023 |
|
The United Kingdom's catastrophic ransomware attack.
|
Dec 13, 2023 |
|
An internet blackout.
|
Dec 12, 2023 |
|
China sets sights on US critical infrastructure.
|
Dec 11, 2023 |
|
Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]
|
Dec 10, 2023 |
|
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
|
Dec 09, 2023 |
|
On the hunt for popping up kernel drives. [Research Saturday]
|
Dec 09, 2023 |
|
Russia here, Russia there, Russia everywhere.
|
Dec 08, 2023 |
|
New vulnerability packs a punch.
|
Dec 07, 2023 |
|
Push notifications pushing surveillance.
|
Dec 06, 2023 |
|
Sleeper malware denied at Sellafield nuclear site.
|
Dec 05, 2023 |
|
Iran behind attacks on PLCs.
|
Dec 04, 2023 |
|
Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]
|
Dec 03, 2023 |
|
Exploits and vulnerabilities. [Research Saturday]
|
Dec 02, 2023 |
|
Wyden blocks the senate vote.
|
Dec 01, 2023 |
|
Widespread exploitation of severe vulnerability in ownCloud.
|
Nov 30, 2023 |
|
Major crackdown on international cybersecurity.
|
Nov 29, 2023 |
|
Hospitals on the hotplate after ransomware attacks.
|
Nov 28, 2023 |
|
Hacktivists assemble to attack Pennsylvania water utility.
|
Nov 27, 2023 |
|
Chris Hare: Find just three people. [Development] [Career Notes]
|
Nov 26, 2023 |
|
Encore: Another infection with new malware. [Research Saturday]
|
Nov 25, 2023 |
|
Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]
|
Nov 24, 2023 |
|
Cops in the catfish game. [Hacking Humans Goes to the Movies]
|
Nov 23, 2023 |
|
On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.
|
Nov 22, 2023 |
|
Threat actors with mixed motives: from the political to the financial.
|
Nov 21, 2023 |
|
Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.
|
Nov 20, 2023 |
|
Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]
|
Nov 19, 2023 |
|
Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
|
Nov 19, 2023 |
|
The malicious YoroTrooper in disguise. [Research Saturday]
|
Nov 18, 2023 |
|
AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
|
Nov 18, 2023 |
|
Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.
|
Nov 17, 2023 |
|
Shopping during wartime? Focus, people.
|
Nov 16, 2023 |
|
Examining the current state of security orchestration. [CyberWire-X]
|
Nov 16, 2023 |
|
A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.
|
Nov 15, 2023 |
|
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
|
Nov 14, 2023 |
|
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
|
Nov 13, 2023 |
|
Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]
|
Nov 12, 2023 |
|
CSO Perspectives Bonus: Veterans Day special.
|
Nov 10, 2023 |
|
Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.
|
Nov 09, 2023 |
|
No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.
|
Nov 08, 2023 |
|
Cybercriminals at the service of the state, and an array of new underworld tools.
|
Nov 07, 2023 |
|
Precautions, preparations, and resilience against cybercrime and hacktivism.
|
Nov 06, 2023 |
|
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]
|
Nov 05, 2023 |
|
Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
|
Nov 05, 2023 |
|
Sandman doesn't slow malware down. [Research Saturday]
|
Nov 04, 2023 |
|
In the offense-defense see-saw, the defense seems to be rising.
|
Nov 03, 2023 |
|
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
|
Nov 02, 2023 |
|
Hacktivism in two hybrid wars (with an excursus on gastropods).
|
Nov 01, 2023 |
|
What would it take to get you kids into a nice, late-model malware mealkit?
|
Oct 31, 2023 |
|
Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)
|
Oct 30, 2023 |
|
The Malware Mash! [Bonus]
|
Oct 30, 2023 |
|
Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
|
Oct 29, 2023 |
|
No rest for the wicked HiatusRAT. [Research Saturday]
|
Oct 28, 2023 |
|
Social engineering as a blunt instrument–almost like swatting without the middleman.
|
Oct 27, 2023 |
|
Some intelligence services understand the value of being underestimated.
|
Oct 26, 2023 |
|
AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.
|
Oct 25, 2023 |
|
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
|
Oct 24, 2023 |
|
How people get over on the content moderators.
|
Oct 23, 2023 |
|
Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]
|
Oct 22, 2023 |
|
AMBERSQUID hides in the depths. [Research Saturday]
|
Oct 21, 2023 |
|
Disinformation and its often overlooked potential for denial-of-services.
|
Oct 20, 2023 |
|
Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.
|
Oct 19, 2023 |
|
Hacktivist discipline is inversely correlated with sincerity of commitment.
|
Oct 18, 2023 |
|
Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.
|
Oct 17, 2023 |
|
Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.
|
Oct 16, 2023 |
|
Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
|
Oct 15, 2023 |
|
Unwanted guests harvest your information. [Research Saturday]
|
Oct 14, 2023 |
|
Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.
|
Oct 13, 2023 |
|
Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.
|
Oct 12, 2023 |
|
Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.
|
Oct 11, 2023 |
|
The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.
|
Oct 10, 2023 |
|
Solution spotlight: Paths to cybersecurity. [Interview Select]
|
Oct 09, 2023 |
|
Susie Squier: You're never alone. [President] [Career Notes]
|
Oct 08, 2023 |
|
Targets from DuckTail. [Research Saturday]
|
Oct 07, 2023 |
|
Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.
|
Oct 06, 2023 |
|
Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
|
Oct 05, 2023 |
|
A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.
|
Oct 04, 2023 |
|
Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
|
Oct 03, 2023 |
|
Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
|
Oct 02, 2023 |
|
Ted Wagner: Get that hands on experience. [CISO] [Career Notes]
|
Oct 01, 2023 |
|
Downloading cracked software. [Research Saturday]
|
Sep 30, 2023 |
|
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
|
Sep 29, 2023 |
|
Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
|
Sep 28, 2023 |
|
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
|
Sep 27, 2023 |
|
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
|
Sep 26, 2023 |
|
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.
|
Sep 25, 2023 |
|
Threat intelligence discussion with Chris Krebs. [Special Edition]
|
Sep 25, 2023 |
|
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
|
Sep 24, 2023 |
|
Behind the Google shopping ad masks. [Research Saturday]
|
Sep 23, 2023 |
|
Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
|
Sep 22, 2023 |
|
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
|
Sep 21, 2023 |
|
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
|
Sep 20, 2023 |
|
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
|
Sep 19, 2023 |
|
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
|
Sep 18, 2023 |
|
Karl Mattson: Defer gratification. (CISO) [Career Notes]
|
Sep 17, 2023 |
|
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
|
Sep 16, 2023 |
|
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
|
Sep 15, 2023 |
|
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
|
Sep 14, 2023 |
|
How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
|
Sep 13, 2023 |
|
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”
|
Sep 12, 2023 |
|
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
|
Sep 11, 2023 |
|
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
|
Sep 10, 2023 |
|
No honor in being a criminal. [Research Saturday]
|
Sep 09, 2023 |
|
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.
|
Sep 08, 2023 |
|
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
|
Sep 07, 2023 |
|
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
|
Sep 06, 2023 |
|
In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
|
Sep 05, 2023 |
|
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
|
Sep 04, 2023 |
|
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
|
Sep 03, 2023 |
|
Thwarting Muddled Libra. [Research Saturday]
|
Sep 02, 2023 |
|
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
|
Sep 01, 2023 |
|
GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
|
Aug 31, 2023 |
|
An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
|
Aug 30, 2023 |
|
A joint advisory on post-quantum readiness. [Special Edition]
|
Aug 30, 2023 |
|
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.
|
Aug 29, 2023 |
|
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
|
Aug 28, 2023 |
|
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
|
Aug 27, 2023 |
|
Google's not being ghosted from vulnerabilities. [Research Saturday]
|
Aug 26, 2023 |
|
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.
|
Aug 25, 2023 |
|
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.
|
Aug 24, 2023 |
|
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
|
Aug 23, 2023 |
|
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
|
Aug 22, 2023 |
|
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
|
Aug 21, 2023 |
|
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
|
Aug 20, 2023 |
|
Politicians targeted by RomCom. [Research Saturday]
|
Aug 19, 2023 |
|
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
|
Aug 18, 2023 |
|
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
|
Aug 17, 2023 |
|
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
|
Aug 16, 2023 |
|
Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.
|
Aug 15, 2023 |
|
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
|
Aug 14, 2023 |
|
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
|
Aug 13, 2023 |
|
It's raining credentials. [Research Saturday]
|
Aug 12, 2023 |
|
Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.
|
Aug 11, 2023 |
|
A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
|
Aug 10, 2023 |
|
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
|
Aug 09, 2023 |
|
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.
|
Aug 08, 2023 |
|
Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.
|
Aug 07, 2023 |
|
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
|
Aug 06, 2023 |
|
Who is that stealing my credentials? [Research Saturday]
|
Aug 05, 2023 |
|
2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.
|
Aug 04, 2023 |
|
Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
|
Aug 03, 2023 |
|
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
|
Aug 02, 2023 |
|
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
|
Aug 01, 2023 |
|
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.
|
Jul 31, 2023 |
|
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
|
Jul 30, 2023 |
|
Phishing for leeches. [Research Saturday]
|
Jul 29, 2023 |
|
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.
|
Jul 28, 2023 |
|
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
|
Jul 27, 2023 |
|
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
|
Jul 26, 2023 |
|
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
|
Jul 25, 2023 |
|
DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
|
Jul 24, 2023 |
|
Don Welch: Being a good leader. [CIO] [Career Notes]
|
Jul 23, 2023 |
|
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
|
Jul 23, 2023 |
|
Welcome to New York, it's been waitin' for you. [Research Saturday]
|
Jul 22, 2023 |
|
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
|
Jul 21, 2023 |
|
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
|
Jul 20, 2023 |
|
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
|
Jul 19, 2023 |
|
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
|
Jul 18, 2023 |
|
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
|
Jul 17, 2023 |
|
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
|
Jul 16, 2023 |
|
SCARLETEEL zaps back again. [Research Saturday]
|
Jul 15, 2023 |
|
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
|
Jul 14, 2023 |
|
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
|
Jul 13, 2023 |
|
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
|
Jul 12, 2023 |
|
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
|
Jul 11, 2023 |
|
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
|
Jul 10, 2023 |
|
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
|
Jul 09, 2023 |
|
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
|
Jul 09, 2023 |
|
Creating PANDA-monium. [Research Saturday]
|
Jul 08, 2023 |
|
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
|
Jul 07, 2023 |
|
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
|
Jul 06, 2023 |
|
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
|
Jul 05, 2023 |
|
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
|
Jul 04, 2023 |
|
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
|
Jul 03, 2023 |
|
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
|
Jul 02, 2023 |
|
The power behind artificial intelligence. [Research Saturday]
|
Jul 01, 2023 |
|
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.
|
Jun 30, 2023 |
|
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.
|
Jun 29, 2023 |
|
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
|
Jun 28, 2023 |
|
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
|
Jun 27, 2023 |
|
Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.
|
Jun 26, 2023 |
|
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
|
Jun 25, 2023 |
|
Unleashing the crypto gold rush. [Research Saturday]
|
Jun 24, 2023 |
|
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
|
Jun 23, 2023 |
|
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
|
Jun 22, 2023 |
|
A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
|
Jun 21, 2023 |
|
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
|
Jun 20, 2023 |
|
Lorna Mahlock: Build bridges. [Combat support] [Career Notes]
|
Jun 18, 2023 |
|
Managing machine learning risks. [Research Saturday]
|
Jun 17, 2023 |
|
The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
|
Jun 16, 2023 |
|
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
|
Jun 15, 2023 |
|
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
|
Jun 15, 2023 |
|
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.
|
Jun 14, 2023 |
|
CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.
|
Jun 13, 2023 |
|
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.
|
Jun 12, 2023 |
|
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
|
Jun 11, 2023 |
|
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
|
Jun 10, 2023 |
|
“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
|
Jun 09, 2023 |
|
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
|
Jun 09, 2023 |
|
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
|
Jun 08, 2023 |
|
PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
|
Jun 07, 2023 |
|
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
|
Jun 06, 2023 |
|
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
|
Jun 05, 2023 |
|
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
|
Jun 04, 2023 |
|
Lancefly screams bloody Merdoor.
|
Jun 03, 2023 |
|
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
|
Jun 02, 2023 |
|
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
|
Jun 01, 2023 |
|
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
|
May 31, 2023 |
|
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
|
May 30, 2023 |
|
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
|
May 28, 2023 |
|
8 GoAnywhere MFT breaches and counting. [Research Saturday]
|
May 27, 2023 |
|
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
|
May 26, 2023 |
|
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
|
May 25, 2023 |
|
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
|
May 25, 2023 |
|
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
|
May 24, 2023 |
|
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
|
May 23, 2023 |
|
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
|
May 22, 2023 |
|
Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]
|
May 22, 2023 |
|
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
|
May 21, 2023 |
|
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
|
May 20, 2023 |
|
Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.
|
May 19, 2023 |
|
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
|
May 18, 2023 |
|
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]
|
May 18, 2023 |
|
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.
|
May 17, 2023 |
|
What is data centric security and why should anyone care? [CyberWire-X]
|
May 17, 2023 |
|
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
|
May 16, 2023 |
|
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
|
May 15, 2023 |
|
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
|
May 14, 2023 |
|
Running away from operation Tainted Love. [Research Saturday]
|
May 13, 2023 |
|
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
|
May 12, 2023 |
|
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
|
May 12, 2023 |
|
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
|
May 11, 2023 |
|
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
|
May 11, 2023 |
|
Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.
|
May 10, 2023 |
|
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
|
May 09, 2023 |
|
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
|
May 08, 2023 |
|
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
|
May 07, 2023 |
|
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
|
May 06, 2023 |
|
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
|
May 05, 2023 |
|
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
|
May 04, 2023 |
|
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
|
May 03, 2023 |
|
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
|
May 02, 2023 |
|
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
|
May 01, 2023 |
|
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
|
Apr 30, 2023 |
|
HinataBot focuses on DDoS attack. [Research Saturday]
|
Apr 29, 2023 |
|
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
|
Apr 28, 2023 |
|
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
|
Apr 27, 2023 |
|
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
|
Apr 26, 2023 |
|
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.
|
Apr 25, 2023 |
|
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
|
Apr 24, 2023 |
|
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
|
Apr 23, 2023 |
|
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
|
Apr 23, 2023 |
|
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
|
Apr 22, 2023 |
|
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
|
Apr 21, 2023 |
|
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
|
Apr 20, 2023 |
|
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
|
Apr 20, 2023 |
|
Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”
|
Apr 19, 2023 |
|
A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]
|
Apr 19, 2023 |
|
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.
|
Apr 18, 2023 |
|
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
|
Apr 17, 2023 |
|
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
|
Apr 16, 2023 |
|
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
|
Apr 15, 2023 |
|
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
|
Apr 14, 2023 |
|
Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
|
Apr 13, 2023 |
|
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.
|
Apr 12, 2023 |
|
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
|
Apr 11, 2023 |
|
A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
|
Apr 10, 2023 |
|
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
|
Apr 09, 2023 |
|
A dark side to LLMs. [Research Saturday]
|
Apr 08, 2023 |
|
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
|
Apr 07, 2023 |
|
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
|
Apr 06, 2023 |
|
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.
|
Apr 05, 2023 |
|
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
|
Apr 04, 2023 |
|
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
|
Apr 03, 2023 |
|
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
|
Apr 02, 2023 |
|
Blackfly flies back again. [Research Saturday]
|
Apr 01, 2023 |
|
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
|
Mar 31, 2023 |
|
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.
|
Mar 30, 2023 |
|
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
|
Mar 29, 2023 |
|
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
|
Mar 28, 2023 |
|
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
|
Mar 27, 2023 |
|
An introduction to the National Cryptologic Museum. [Special Edition]
|
Mar 27, 2023 |
|
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
|
Mar 26, 2023 |
|
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
|
Mar 26, 2023 |
|
Popunders are not the good kind of ads. [Research Saturday]
|
Mar 25, 2023 |
|
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
|
Mar 24, 2023 |
|
Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
|
Mar 23, 2023 |
|
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
|
Mar 22, 2023 |
|
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
|
Mar 21, 2023 |
|
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
|
Mar 20, 2023 |
|
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
|
Mar 19, 2023 |
|
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
|
Mar 18, 2023 |
|
ChatGPT grants malicious wishes? [Research Saturday]
|
Mar 18, 2023 |
|
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
|
Mar 17, 2023 |
|
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
|
Mar 16, 2023 |
|
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
|
Mar 16, 2023 |
|
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
|
Mar 15, 2023 |
|
Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
|
Mar 14, 2023 |
|
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
|
Mar 13, 2023 |
|
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
|
Mar 12, 2023 |
|
Files stolen from a sneaky SymStealer. [Research Saturday]
|
Mar 11, 2023 |
|
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
|
Mar 10, 2023 |
|
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
|
Mar 09, 2023 |
|
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.
|
Mar 08, 2023 |
|
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
|
Mar 07, 2023 |
|
That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.
|
Mar 06, 2023 |
|
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
|
Mar 05, 2023 |
|
New exploits are tricking Chrome. [Research Saturday]
|
Mar 04, 2023 |
|
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
|
Mar 03, 2023 |
|
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
|
Mar 03, 2023 |
|
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
|
Mar 03, 2023 |
|
CyberWire commentary: Ukraine one year on. [Special Edition]
|
Mar 03, 2023 |
|
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
|
Mar 02, 2023 |
|
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
|
Mar 01, 2023 |
|
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
|
Feb 28, 2023 |
|
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
|
Feb 27, 2023 |
|
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
|
Feb 26, 2023 |
|
The next hot AI scam. [Research Saturday]
|
Feb 25, 2023 |
|
A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
|
Feb 24, 2023 |
|
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
|
Feb 23, 2023 |
|
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
|
Feb 22, 2023 |
|
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
|
Feb 21, 2023 |
|
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
|
Feb 20, 2023 |
|
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
|
Feb 19, 2023 |
|
Implementing and achieving security resilience. [Research Saturday]
|
Feb 18, 2023 |
|
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
|
Feb 17, 2023 |
|
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
|
Feb 16, 2023 |
|
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.
|
Feb 15, 2023 |
|
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.
|
Feb 14, 2023 |
|
Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
|
Feb 13, 2023 |
|
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
|
Feb 12, 2023 |
|
Knocking down the legs of the industrial security triad. [Research Saturday]
|
Feb 11, 2023 |
|
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)
|
Feb 10, 2023 |
|
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
|
Feb 10, 2023 |
|
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
|
Feb 09, 2023 |
|
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]
|
Feb 09, 2023 |
|
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
|
Feb 08, 2023 |
|
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
|
Feb 07, 2023 |
|
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
|
Feb 06, 2023 |
|
Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]
|
Feb 05, 2023 |
|
“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]
|
Feb 05, 2023 |
|
Can ransomware turn machines against us? [Research Saturday]
|
Feb 04, 2023 |
|
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
|
Feb 03, 2023 |
|
Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
|
Feb 02, 2023 |
|
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
|
Feb 01, 2023 |
|
The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.
|
Jan 31, 2023 |
|
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
|
Jan 30, 2023 |
|
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
|
Jan 29, 2023 |
|
Interview with the AI, part one. [Special Editions]
|
Jan 29, 2023 |
|
Flagging firmware vulnerabilities. [Research Saturday]
|
Jan 28, 2023 |
|
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
|
Jan 27, 2023 |
|
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
|
Jan 26, 2023 |
|
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]
|
Jan 26, 2023 |
|
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
|
Jan 25, 2023 |
|
Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]
|
Jan 25, 2023 |
|
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
|
Jan 24, 2023 |
|
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
|
Jan 23, 2023 |
|
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
|
Jan 22, 2023 |
|
The power of web data in cybersecurity. [CyberWire-X]
|
Jan 22, 2023 |
|
Billbug infests government agencies. [Research Saturday]
|
Jan 21, 2023 |
|
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
|
Jan 20, 2023 |
|
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
|
Jan 19, 2023 |
|
ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
|
Jan 18, 2023 |
|
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”
|
Jan 17, 2023 |
|
Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]
|
Jan 16, 2023 |
|
Gene Fay: Lead from the front. [CEO] [Career Notes]
|
Jan 15, 2023 |
|
DUCKTAIL waddles back again. [Research Saturday]
|
Jan 14, 2023 |
|
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
|
Jan 13, 2023 |
|
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
|
Jan 12, 2023 |
|
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
|
Jan 11, 2023 |
|
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
|
Jan 10, 2023 |
|
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
|
Jan 09, 2023 |
|
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
|
Jan 08, 2023 |
|
Stealer malware from Russia. [Research Saturday]
|
Jan 07, 2023 |
|
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
|
Jan 06, 2023 |
|
PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
|
Jan 05, 2023 |
|
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
|
Jan 04, 2023 |
|
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
|
Jan 03, 2023 |
|
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
|
Jan 03, 2023 |
|
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
|
Jan 02, 2023 |
|
Encore: LemonDucks evading detection.
|
Dec 31, 2022 |
|
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
|
Dec 30, 2022 |
|
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
|
Dec 29, 2022 |
|
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
|
Dec 28, 2022 |
|
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
|
Dec 27, 2022 |
|
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
|
Dec 26, 2022 |
|
The CyberWire: The 12 Days of Malware.[Special Editions]
|
Dec 25, 2022 |
|
Encore: Vulnerabilities in IoT devices.
|
Dec 24, 2022 |
|
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.
|
Dec 23, 2022 |
|
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.
|
Dec 22, 2022 |
|
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
|
Dec 21, 2022 |
|
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.
|
Dec 20, 2022 |
|
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
|
Dec 19, 2022 |
|
Strategies to get the most out of your toolsets. [CyberWire-X]
|
Dec 18, 2022 |
|
Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]
|
Dec 18, 2022 |
|
Hijacking holiday spirit with phishing scams. [Research Saturday]
|
Dec 17, 2022 |
|
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
|
Dec 16, 2022 |
|
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
|
Dec 15, 2022 |
|
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
|
Dec 14, 2022 |
|
Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
|
Dec 13, 2022 |
|
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
|
Dec 12, 2022 |
|
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
|
Dec 11, 2022 |
|
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
|
Dec 11, 2022 |
|
Cybersecurity during the World Cup. [Research Saturday]
|
Dec 10, 2022 |
|
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
|
Dec 09, 2022 |
|
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
|
Dec 08, 2022 |
|
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
|
Dec 07, 2022 |
|
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
|
Dec 07, 2022 |
|
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.
|
Dec 06, 2022 |
|
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
|
Dec 05, 2022 |
|
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
|
Dec 04, 2022 |
|
Old malware returns in a new way. [Research Saturday]
|
Dec 03, 2022 |
|
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
|
Dec 02, 2022 |
|
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
|
Dec 01, 2022 |
|
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.
|
Nov 30, 2022 |
|
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
|
Nov 29, 2022 |
|
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”
|
Nov 28, 2022 |
|
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
|
Nov 27, 2022 |
|
Encore: The secrets behind Docker.
|
Nov 26, 2022 |
|
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
|
Nov 25, 2022 |
|
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
|
Nov 24, 2022 |
|
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
|
Nov 23, 2022 |
|
Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.
|
Nov 22, 2022 |
|
Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.
|
Nov 21, 2022 |
|
Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]
|
Nov 20, 2022 |
|
Another infection with new malware. [Research Saturday]
|
Nov 19, 2022 |
|
Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
|
Nov 18, 2022 |
|
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]
|
Nov 18, 2022 |
|
Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.
|
Nov 17, 2022 |
|
Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022
|
Nov 16, 2022 |
|
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]
|
Nov 16, 2022 |
|
An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
|
Nov 15, 2022 |
|
Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
|
Nov 14, 2022 |
|
Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]
|
Nov 13, 2022 |
|
An in-depth look on the Crytox ransomware family. [Research Saturday]
|
Nov 12, 2022 |
|
CSO Perspectives Bonus: Veterans Day special.
|
Nov 11, 2022 |
|
US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.
|
Nov 10, 2022 |
|
A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
|
Nov 09, 2022 |
|
Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
|
Nov 08, 2022 |
|
Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
|
Nov 07, 2022 |
|
Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
|
Nov 06, 2022 |
|
Over-the-air 0-day vulnerabilities. [Research Saturday]
|
Nov 05, 2022 |
|
Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
|
Nov 04, 2022 |
|
“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
|
Nov 03, 2022 |
|
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
|
Nov 02, 2022 |
|
OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.
|
Nov 01, 2022 |
|
Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.
|
Oct 31, 2022 |
|
Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]
|
Oct 30, 2022 |
|
Bugs and working from home. [Research Saturday]
|
Oct 29, 2022 |
|
Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.
|
Oct 28, 2022 |
|
The Malware Mash! [Bonus]
|
Oct 28, 2022 |
|
CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.
|
Oct 27, 2022 |
|
Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
|
Oct 26, 2022 |
|
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.
|
Oct 25, 2022 |
|
US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.
|
Oct 24, 2022 |
|
CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]
|
Oct 24, 2022 |
|
Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]
|
Oct 23, 2022 |
|
New tools target governments in Middle East? [Research Saturday]
|
Oct 22, 2022 |
|
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.
|
Oct 21, 2022 |
|
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.
|
Oct 20, 2022 |
|
Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.
|
Oct 19, 2022 |
|
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.
|
Oct 18, 2022 |
|
Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.
|
Oct 17, 2022 |
|
Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]
|
Oct 16, 2022 |
|
Cyber confidence: Knowing what you have and where it is. [CyberWire-X]
|
Oct 16, 2022 |
|
Noberus ransomware: evolving tactics. [Research Saturday]
|
Oct 15, 2022 |
|
Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.
|
Oct 14, 2022 |
|
What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.
|
Oct 13, 2022 |
|
Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.
|
Oct 12, 2022 |
|
An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.
|
Oct 11, 2022 |
|
CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]
|
Oct 10, 2022 |
|
Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]
|
Oct 10, 2022 |
|
Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]
|
Oct 09, 2022 |
|
Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]
|
Oct 09, 2022 |
|
Google Drive used for malware? [Research Saturday]
|
Oct 08, 2022 |
|
A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.
|
Oct 07, 2022 |
|
CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.
|
Oct 07, 2022 |
|
Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.
|
Oct 06, 2022 |
|
Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.
|
Oct 05, 2022 |
|
CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
|
Oct 04, 2022 |
|
CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.
|
Oct 04, 2022 |
|
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
|
Oct 03, 2022 |
|
Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]
|
Oct 02, 2022 |
|
The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]
|
Oct 02, 2022 |
|
Targeting your browser bookmarks? [Research Saturday]
|
Oct 01, 2022 |
|
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
|
Sep 30, 2022 |
|
Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
|
Sep 29, 2022 |
|
DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.
|
Sep 28, 2022 |
|
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.
|
Sep 27, 2022 |
|
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
|
Sep 26, 2022 |
|
Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
|
Sep 25, 2022 |
|
Keeping an eye on RDS vulnerabilities. [Research Saturday]
|
Sep 24, 2022 |
|
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
|
Sep 23, 2022 |
|
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
|
Sep 22, 2022 |
|
CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
|
Sep 22, 2022 |
|
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
|
Sep 22, 2022 |
|
A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
|
Sep 21, 2022 |
|
An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.
|
Sep 20, 2022 |
|
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.
|
Sep 19, 2022 |
|
Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]
|
Sep 18, 2022 |
|
An increase in bypassing bot management? [Research Saturday]
|
Sep 17, 2022 |
|
Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.
|
Sep 16, 2022 |
|
CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
|
Sep 15, 2022 |
|
Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
|
Sep 15, 2022 |
|
Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).
|
Sep 14, 2022 |
|
A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]
|
Sep 13, 2022 |
|
Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.
|
Sep 13, 2022 |
|
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.
|
Sep 12, 2022 |
|
Mark Logan: March towards your goals. [CEO] [Career Notes]
|
Sep 11, 2022 |
|
A CSO's 9/11 Story: CSO Perspectives Bonus.
|
Sep 11, 2022 |
|
Evilnum APT returns with new targets. [Research Saturday]
|
Sep 10, 2022 |
|
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
|
Sep 09, 2022 |
|
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.
|
Sep 08, 2022 |
|
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
|
Sep 07, 2022 |
|
CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]
|
Sep 06, 2022 |
|
Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.
|
Sep 06, 2022 |
|
New CISO responsibilities: supply chain. [CSO Perspectives]
|
Sep 05, 2022 |
|
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
|
Sep 04, 2022 |
|
LockBit's contradiction on encryption speed. [Research Saturday]
|
Sep 03, 2022 |
|
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
|
Sep 02, 2022 |
|
News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.
|
Sep 01, 2022 |
|
Securing multi-cloud identity with orchestration. [CyberWire-X]
|
Sep 01, 2022 |
|
Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.
|
Aug 31, 2022 |
|
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.
|
Aug 30, 2022 |
|
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
|
Aug 29, 2022 |
|
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
|
Aug 28, 2022 |
|
How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]
|
Aug 27, 2022 |
|
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.
|
Aug 26, 2022 |
|
Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.
|
Aug 25, 2022 |
|
Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.
|
Aug 24, 2022 |
|
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
|
Aug 23, 2022 |
|
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.
|
Aug 22, 2022 |
|
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
|
Aug 21, 2022 |
|
Clipminer: Making millions off of malware. [Research Saturday]
|
Aug 20, 2022 |
|
Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.
|
Aug 19, 2022 |
|
BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.
|
Aug 18, 2022 |
|
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
|
Aug 17, 2022 |
|
CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}
|
Aug 17, 2022 |
|
Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.
|
Aug 16, 2022 |
|
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
|
Aug 15, 2022 |
|
Christian Lees: it's not always textbook. [CTO] [Career Notes]
|
Aug 14, 2022 |
|
Red teamer's perspective on demotivating attackers. [CyberWire-X]
|
Aug 14, 2022 |
|
Fake job ads and how to spot them. [Research Saturday]
|
Aug 13, 2022 |
|
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.
|
Aug 12, 2022 |
|
CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}
|
Aug 11, 2022 |
|
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.
|
Aug 11, 2022 |
|
Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.
|
Aug 10, 2022 |
|
Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.
|
Aug 09, 2022 |
|
Cybersecurity is a team sport. [CyberWire-X]
|
Aug 09, 2022 |
|
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.
|
Aug 08, 2022 |
|
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
|
Aug 07, 2022 |
|
Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]
|
Aug 06, 2022 |
|
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.
|
Aug 05, 2022 |
|
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.
|
Aug 04, 2022 |
|
CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]
|
Aug 04, 2022 |
|
Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.
|
Aug 03, 2022 |
|
Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?
|
Aug 02, 2022 |
|
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.
|
Aug 01, 2022 |
|
Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]
|
Jul 31, 2022 |
|
What malicious campaign is lurking under the surface? [Research Saturday]
|
Jul 30, 2022 |
|
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.
|
Jul 29, 2022 |
|
SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.
|
Jul 28, 2022 |
|
The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.
|
Jul 27, 2022 |
|
LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.
|
Jul 26, 2022 |
|
The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.
|
Jul 25, 2022 |
|
The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]
|
Jul 24, 2022 |
|
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
|
Jul 24, 2022 |
|
Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
|
Jul 23, 2022 |
|
Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”
|
Jul 22, 2022 |
|
Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.
|
Jul 21, 2022 |
|
Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.
|
Jul 20, 2022 |
|
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
|
Jul 19, 2022 |
|
Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.
|
Jul 18, 2022 |
|
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
|
Jul 17, 2022 |
|
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]
|
Jul 17, 2022 |
|
A record breaking DDoS attack. [Research Saturday]
|
Jul 16, 2022 |
|
Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.
|
Jul 15, 2022 |
|
A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]
|
Jul 15, 2022 |
|
Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.
|
Jul 14, 2022 |
|
AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.
|
Jul 13, 2022 |
|
High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.
|
Jul 12, 2022 |
|
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.
|
Jul 11, 2022 |
|
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
|
Jul 10, 2022 |
|
Information operations during a war. [Research Saturday]
|
Jul 09, 2022 |
|
An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
|
Jul 08, 2022 |
|
Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.
|
Jul 07, 2022 |
|
CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]
|
Jul 06, 2022 |
|
Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.
|
Jul 06, 2022 |
|
Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.
|
Jul 05, 2022 |
|
Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]
|
Jul 04, 2022 |
|
Could REvil have a copycat? [Research Saturday]
|
Jul 02, 2022 |
|
Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.
|
Jul 01, 2022 |
|
CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]
|
Jun 30, 2022 |
|
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.
|
Jun 30, 2022 |
|
Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.
|
Jun 29, 2022 |
|
DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?
|
Jun 28, 2022 |
|
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.
|
Jun 27, 2022 |
|
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
|
Jun 26, 2022 |
|
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
|
Jun 25, 2022 |
|
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
|
Jun 24, 2022 |
|
CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]
|
Jun 24, 2022 |
|
Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.
|
Jun 23, 2022 |
|
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.
|
Jun 22, 2022 |
|
Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.
|
Jun 21, 2022 |
|
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
|
Jun 20, 2022 |
|
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
|
Jun 19, 2022 |
|
Dissecting the Spring4Shell vulnerability. [Research Saturday]
|
Jun 18, 2022 |
|
Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.
|
Jun 17, 2022 |
|
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
|
Jun 16, 2022 |
|
Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.
|
Jun 15, 2022 |
|
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.
|
Jun 14, 2022 |
|
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
|
Jun 13, 2022 |
|
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
|
Jun 12, 2022 |
|
New developments in the WSL attack. [Research Saturday]
|
Jun 11, 2022 |
|
The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.
|
Jun 10, 2022 |
|
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
|
Jun 09, 2022 |
|
Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.
|
Jun 08, 2022 |
|
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]
|
Jun 08, 2022 |
|
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus
|
Jun 07, 2022 |
|
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."
|
Jun 06, 2022 |
|
Defining the intruder’s dilemma. [CyberWire-X]
|
Jun 05, 2022 |
|
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
|
Jun 05, 2022 |
|
LemonDucks evading detection. [Research Saturday]
|
Jun 04, 2022 |
|
Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.
|
Jun 03, 2022 |
|
Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.
|
Jun 02, 2022 |
|
CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]
|
Jun 01, 2022 |
|
Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!
|
Jun 01, 2022 |
|
Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.
|
May 31, 2022 |
|
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
|
May 29, 2022 |
|
Compromised military tech? [Research Saturday]
|
May 28, 2022 |
|
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
|
May 27, 2022 |
|
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
|
May 26, 2022 |
|
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
|
May 25, 2022 |
|
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
|
May 24, 2022 |
|
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.
|
May 23, 2022 |
|
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
|
May 22, 2022 |
|
AutoWarp bug leads to Automation headaches. [Research Saturday]
|
May 21, 2022 |
|
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
|
May 20, 2022 |
|
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]
|
May 20, 2022 |
|
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
|
May 19, 2022 |
|
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
|
May 19, 2022 |
|
Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
|
May 18, 2022 |
|
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]
|
May 17, 2022 |
|
Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
|
May 17, 2022 |
|
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
|
May 16, 2022 |
|
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
|
May 15, 2022 |
|
The current state of zero trust. [CyberWire-X]
|
May 15, 2022 |
|
Vulnerabilities in IoT devices. [Research Saturday]
|
May 14, 2022 |
|
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
|
May 13, 2022 |
|
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
|
May 12, 2022 |
|
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
|
May 12, 2022 |
|
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
|
May 11, 2022 |
|
Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.
|
May 10, 2022 |
|
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.
|
May 09, 2022 |
|
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
|
May 08, 2022 |
|
Attacking where vulnerable. [Research Saturday]
|
May 07, 2022 |
|
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).
|
May 06, 2022 |
|
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
|
May 05, 2022 |
|
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.
|
May 04, 2022 |
|
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
|
May 03, 2022 |
|
The future of security validation – what next? [CyberWire-X]
|
May 03, 2022 |
|
Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.
|
May 02, 2022 |
|
DevSecOps and securing the container. [CyberWire-X]
|
May 01, 2022 |
|
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
|
May 01, 2022 |
|
Attackers coming in from the Backdoor? [Research Saturday]
|
Apr 30, 2022 |
|
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
|
Apr 29, 2022 |
|
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.
|
Apr 28, 2022 |
|
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
|
Apr 27, 2022 |
|
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
|
Apr 26, 2022 |
|
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.
|
Apr 25, 2022 |
|
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
|
Apr 24, 2022 |
|
BABYSHARK is swimming again! [Research Saturday]
|
Apr 23, 2022 |
|
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.
|
Apr 22, 2022 |
|
Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
|
Apr 21, 2022 |
|
Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
|
Apr 20, 2022 |
|
In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
|
Apr 19, 2022 |
|
Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
|
Apr 18, 2022 |
|
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
|
Apr 17, 2022 |
|
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
|
Apr 17, 2022 |
|
A fight to defend Taiwan financial institutions. [Research Saturday]
|
Apr 16, 2022 |
|
Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
|
Apr 15, 2022 |
|
A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
|
Apr 14, 2022 |
|
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
|
Apr 13, 2022 |
|
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
|
Apr 12, 2022 |
|
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
|
Apr 11, 2022 |
|
SolarWinds through a first principle lens. [CSO Perspectives]
|
Apr 11, 2022 |
|
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
|
Apr 10, 2022 |
|
The secrets behind Docker. [Research Saturday]
|
Apr 09, 2022 |
|
Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
|
Apr 08, 2022 |
|
Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
|
Apr 07, 2022 |
|
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
|
Apr 06, 2022 |
|
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
|
Apr 05, 2022 |
|
Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
|
Apr 04, 2022 |
|
Living security: the current state of XDR. [CyberWire-X]
|
Apr 03, 2022 |
|
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
|
Apr 03, 2022 |
|
A popular malware scheme and pay-per-install services. [Research Saturday]
|
Apr 02, 2022 |
|
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.
|
Apr 01, 2022 |
|
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
|
Mar 31, 2022 |
|
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
|
Mar 30, 2022 |
|
Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
|
Mar 29, 2022 |
|
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
|
Mar 28, 2022 |
|
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
|
Mar 26, 2022 |
|
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
|
Mar 25, 2022 |
|
Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.
|
Mar 24, 2022 |
|
Insider Risk Excellence Awards. [CyberWire-X]
|
Mar 24, 2022 |
|
British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
|
Mar 23, 2022 |
|
White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
|
Mar 22, 2022 |
|
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
|
Mar 21, 2022 |
|
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
|
Mar 20, 2022 |
|
Implications of data leaks of sensitive OT information. [Research Saturday]
|
Mar 19, 2022 |
|
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
|
Mar 18, 2022 |
|
Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
|
Mar 17, 2022 |
|
Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
|
Mar 16, 2022 |
|
Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
|
Mar 15, 2022 |
|
Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
|
Mar 14, 2022 |
|
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
|
Mar 13, 2022 |
|
The story of REvil: From origin to beyond. [Research Saturday]
|
Mar 12, 2022 |
|
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
|
Mar 11, 2022 |
|
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
|
Mar 10, 2022 |
|
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.
|
Mar 09, 2022 |
|
Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
|
Mar 08, 2022 |
|
Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
|
Mar 07, 2022 |
|
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
|
Mar 06, 2022 |
|
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
|
Mar 06, 2022 |
|
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
|
Mar 05, 2022 |
|
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.
|
Mar 04, 2022 |
|
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
|
Mar 03, 2022 |
|
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
|
Mar 02, 2022 |
|
Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
|
Mar 01, 2022 |
|
An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
|
Feb 28, 2022 |
|
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
|
Feb 27, 2022 |
|
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
|
Feb 26, 2022 |
|
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
|
Feb 25, 2022 |
|
Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
|
Feb 24, 2022 |
|
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
|
Feb 23, 2022 |
|
Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.
|
Feb 22, 2022 |
|
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
|
Feb 21, 2022 |
|
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures
|
Feb 21, 2022 |
|
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
|
Feb 20, 2022 |
|
What Log4Shell has taught us. [CyberWire-X]
|
Feb 20, 2022 |
|
Instagram hijacks all start with a phish. [Research Saturday]
|
Feb 19, 2022 |
|
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.
|
Feb 18, 2022 |
|
Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
|
Feb 17, 2022 |
|
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.
|
Feb 16, 2022 |
|
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.
|
Feb 15, 2022 |
|
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
|
Feb 14, 2022 |
|
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
|
Feb 13, 2022 |
|
SysJoker backdoor masquerades as benign updates. [Research Saturday]
|
Feb 12, 2022 |
|
Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.
|
Feb 11, 2022 |
|
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.
|
Feb 10, 2022 |
|
A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
|
Feb 09, 2022 |
|
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
|
Feb 08, 2022 |
|
Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
|
Feb 07, 2022 |
|
The persistent and patient nature of advanced threat actors. [Research Saturday]
|
Feb 05, 2022 |
|
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
|
Feb 04, 2022 |
|
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
|
Feb 03, 2022 |
|
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
|
Feb 02, 2022 |
|
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
|
Feb 01, 2022 |
|
The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
|
Jan 31, 2022 |
|
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
|
Jan 30, 2022 |
|
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
|
Jan 30, 2022 |
|
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
|
Jan 29, 2022 |
|
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
|
Jan 28, 2022 |
|
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
|
Jan 27, 2022 |
|
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
|
Jan 26, 2022 |
|
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
|
Jan 25, 2022 |
|
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
|
Jan 24, 2022 |
|
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
|
Jan 23, 2022 |
|
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
|
Jan 22, 2022 |
|
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
|
Jan 22, 2022 |
|
Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
|
Jan 20, 2022 |
|
Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
|
Jan 19, 2022 |
|
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.
|
Jan 18, 2022 |
|
SOAR - a first principle idea. [CSO Perspectives}
|
Jan 17, 2022 |
|
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
|
Jan 16, 2022 |
|
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
|
Jan 15, 2022 |
|
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
|
Jan 14, 2022 |
|
A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.
|
Jan 13, 2022 |
|
The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.
|
Jan 12, 2022 |
|
Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.
|
Jan 11, 2022 |
|
CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.
|
Jan 10, 2022 |
|
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
|
Jan 09, 2022 |
|
The rise of Karakurt Hacking Team.
|
Jan 08, 2022 |
|
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.
|
Jan 07, 2022 |
|
Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.
|
Jan 06, 2022 |
|
CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.
|
Jan 05, 2022 |
|
Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.
|
Jan 04, 2022 |
|
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.
|
Jan 03, 2022 |
|
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
|
Jan 02, 2022 |
|
Cybersecurity predictions for 2022. [CyberWire-X]
|
Jan 02, 2022 |
|
Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]
|
Jan 01, 2022 |
|
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
|
Dec 31, 2021 |
|
CyberWire Pro Interview Selects: Sir David Omand.
|
Dec 30, 2021 |
|
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
|
Dec 29, 2021 |
|
CyberWire Pro Interview Selects: Bill Wright of Splunk.
|
Dec 28, 2021 |
|
CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.
|
Dec 27, 2021 |
|
Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
|
Dec 26, 2021 |
|
The CyberWire: The 12 Days of Malware.
|
Dec 25, 2021 |
|
CyberWire Pro Research Briefing from 12/21/2021.
|
Dec 25, 2021 |
|
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
|
Dec 24, 2021 |
|
Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.
|
Dec 23, 2021 |
|
The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.
|
Dec 22, 2021 |
|
Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.
|
Dec 21, 2021 |
|
Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.
|
Dec 20, 2021 |
|
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
|
Dec 19, 2021 |
|
Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]
|
Dec 18, 2021 |
|
Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.
|
Dec 17, 2021 |
|
Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.
|
Dec 16, 2021 |
|
Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.
|
Dec 15, 2021 |
|
Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.
|
Dec 14, 2021 |
|
Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.
|
Dec 13, 2021 |
|
Hannah Kenney: Focused on people. [Risk] [Career Notes]
|
Dec 12, 2021 |
|
FIN7 repositioning focus into ransomware. [Research Saturday]
|
Dec 11, 2021 |
|
Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.
|
Dec 10, 2021 |
|
Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.
|
Dec 09, 2021 |
|
AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.
|
Dec 08, 2021 |
|
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?
|
Dec 07, 2021 |
|
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
|
Dec 06, 2021 |
|
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
|
Dec 05, 2021 |
|
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
|
Dec 05, 2021 |
|
Getting in and getting out with SnapMC. [Research Saturday]
|
Dec 04, 2021 |
|
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
|
Dec 03, 2021 |
|
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
|
Dec 02, 2021 |
|
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.
|
Dec 01, 2021 |
|
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
|
Nov 30, 2021 |
|
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
|
Nov 29, 2021 |
|
Anisha Patel: Right along with them. [Program management] [Career Notes]
|
Nov 28, 2021 |
|
CyberWire Pro Research Briefing from 11/23/2021
|
Nov 27, 2021 |
|
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
|
Nov 26, 2021 |
|
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
|
Nov 25, 2021 |
|
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.
|
Nov 24, 2021 |
|
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.
|
Nov 23, 2021 |
|
Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.
|
Nov 22, 2021 |
|
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
|
Nov 21, 2021 |
|
How ransomware impacts organizations. [CyberWire-X]
|
Nov 21, 2021 |
|
Using bidirectionality override characters to obscure code. [Research Saturday]
|
Nov 20, 2021 |
|
Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?
|
Nov 19, 2021 |
|
Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.
|
Nov 18, 2021 |
|
CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.
|
Nov 17, 2021 |
|
Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.
|
Nov 16, 2021 |
|
Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.
|
Nov 15, 2021 |
|
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
|
Nov 14, 2021 |
|
The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]
|
Nov 14, 2021 |
|
A glimpse into TeamTNT. [Research Saturday]
|
Nov 13, 2021 |
|
Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.
|
Nov 12, 2021 |
|
Let's go to the movies. [Hacking Humans Goes to the Movies]
|
Nov 11, 2021 |
|
Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.
|
Nov 10, 2021 |
|
Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.
|
Nov 09, 2021 |
|
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.
|
Nov 08, 2021 |
|
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
|
Nov 07, 2021 |
|
An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]
|
Nov 06, 2021 |
|
$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.
|
Nov 05, 2021 |
|
Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.
|
Nov 04, 2021 |
|
Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.
|
Nov 03, 2021 |
|
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
|
Nov 02, 2021 |
|
Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).
|
Nov 01, 2021 |
|
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
|
Oct 31, 2021 |
|
Malware sometimes changes its behavior. [Research Saturday]
|
Oct 30, 2021 |
|
Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”
|
Oct 29, 2021 |
|
The Malware Mash!
|
Oct 29, 2021 |
|
Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.
|
Oct 28, 2021 |
|
Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.
|
Oct 27, 2021 |
|
Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.
|
Oct 26, 2021 |
|
SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.
|
Oct 25, 2021 |
|
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
|
Oct 24, 2021 |
|
When big ransomware goes away, where should affiliates go? [Research Saturday]
|
Oct 23, 2021 |
|
Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.
|
Oct 22, 2021 |
|
Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.
|
Oct 21, 2021 |
|
Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.
|
Oct 20, 2021 |
|
TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.
|
Oct 19, 2021 |
|
A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?
|
Oct 18, 2021 |
|
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
|
Oct 17, 2021 |
|
Groove Gang making a name for themselves. [Research Saturday]
|
Oct 16, 2021 |
|
CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.
|
Oct 15, 2021 |
|
Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.
|
Oct 14, 2021 |
|
Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.
|
Oct 13, 2021 |
|
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize
|
Oct 12, 2021 |
|
Extra: Let's talk about Facebook's research. [Caveat]
|
Oct 11, 2021 |
|
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
|
Oct 10, 2021 |
|
Taking a closer look at UNC1151. [Research Saturday]
|
Oct 09, 2021 |
|
Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.
|
Oct 08, 2021 |
|
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.
|
Oct 07, 2021 |
|
Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.
|
Oct 06, 2021 |
|
Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.
|
Oct 05, 2021 |
|
Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.
|
Oct 04, 2021 |
|
Cloud configuration security: Breaking the endless cycle. [CyberWire-X]
|
Oct 03, 2021 |
|
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
|
Oct 03, 2021 |
|
IoT security and the need for randomness. [Research Saturday]
|
Oct 02, 2021 |
|
Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.
|
Oct 01, 2021 |
|
GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.
|
Sep 30, 2021 |
|
DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.
|
Sep 29, 2021 |
|
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.
|
Sep 28, 2021 |
|
The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.
|
Sep 27, 2021 |
|
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
|
Sep 26, 2021 |
|
Why it’s time for cybersecurity to go mainstream. [CyberWire-X]
|
Sep 26, 2021 |
|
Vulnerabilities in the public cloud. [Research Saturday]
|
Sep 25, 2021 |
|
Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?
|
Sep 24, 2021 |
|
Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.
|
Sep 23, 2021 |
|
Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.
|
Sep 22, 2021 |
|
BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.
|
Sep 21, 2021 |
|
Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.
|
Sep 20, 2021 |
|
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
|
Sep 19, 2021 |
|
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
|
Sep 18, 2021 |
|
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.
|
Sep 17, 2021 |
|
A CSO's 9/11 Story: CSO Perspectives Bonus.
|
Sep 17, 2021 |
|
Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.
|
Sep 16, 2021 |
|
No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.
|
Sep 15, 2021 |
|
NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.
|
Sep 14, 2021 |
|
The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.
|
Sep 13, 2021 |
|
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
|
Sep 12, 2021 |
|
A Google Chrome update that just didn't feel right. [Research Saturday]
|
Sep 11, 2021 |
|
Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.
|
Sep 10, 2021 |
|
Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.
|
Sep 09, 2021 |
|
BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.
|
Sep 08, 2021 |
|
A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.
|
Sep 07, 2021 |
|
Security operations centers: a first principle idea. [CSO Perspectives]
|
Sep 06, 2021 |
|
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
|
Sep 05, 2021 |
|
Like a computer network but for physical objects. [Research Saturday]
|
Sep 04, 2021 |
|
Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.
|
Sep 03, 2021 |
|
LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.
|
Sep 02, 2021 |
|
A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.
|
Sep 01, 2021 |
|
Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airline’s data. CISA opens registration for the President’s Cup. Too much gaming, kids.
|
Aug 31, 2021 |
|
Data breaches and ransomware. Another gang says it’s retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?
|
Aug 30, 2021 |
|
Rich Hale: Understanding the data. [CTO] [Career Notes]
|
Aug 29, 2021 |
|
Joker malware family: not a joke for Google Play. [Research Saturday]
|
Aug 28, 2021 |
|
The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrite’s availability. Ragnarok ransomware says it’s going out of business.
|
Aug 27, 2021 |
|
A quick look back at yesterday’s White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.
|
Aug 26, 2021 |
|
Hacktivism in Belarus. The Taliban’s data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.
|
Aug 25, 2021 |
|
Apple CSAM: well-intentioned, slippery slope. [Caveat]
|
Aug 25, 2021 |
|
Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man
|
Aug 24, 2021 |
|
Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.
|
Aug 23, 2021 |
|
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
|
Aug 22, 2021 |
|
From board advisor to board member: evolution of the modern CISO. [CyberWire-X]
|
Aug 22, 2021 |
|
Exploring vulnerabilities of off-the-shelf software. [Research Saturday]
|
Aug 21, 2021 |
|
Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?
|
Aug 20, 2021 |
|
T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.
|
Aug 19, 2021 |
|
Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.
|
Aug 18, 2021 |
|
Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.
|
Aug 17, 2021 |
|
Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?
|
Aug 16, 2021 |
|
Rick Howard: Give people resources. [CSO] [Career Notes]
|
Aug 15, 2021 |
|
You can add new features, just secure the old stuff first. [Research Saturday]
|
Aug 14, 2021 |
|
Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.
|
Aug 13, 2021 |
|
More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.
|
Aug 12, 2021 |
|
A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.
|
Aug 11, 2021 |
|
A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.
|
Aug 10, 2021 |
|
Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.
|
Aug 09, 2021 |
|
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
|
Aug 08, 2021 |
|
SideCopy malware campaigns expand and evolve. [Research Saturday]
|
Aug 07, 2021 |
|
FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.
|
Aug 06, 2021 |
|
CISA’s new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naiveté about a gang’s reform, or optimism over signs the gang is worried?
|
Aug 05, 2021 |
|
Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDuck’s rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhou’s extradition.
|
Aug 04, 2021 |
|
Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.
|
Aug 03, 2021 |
|
SVR was reading the US Attorneys’ emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.
|
Aug 02, 2021 |
|
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
|
Aug 01, 2021 |
|
Behavioral transparency – the patterns within. [CyberWire-X]
|
Aug 01, 2021 |
|
China's influence grows through Digital Silk Road Initiative. [Research Saturday]
|
Jul 31, 2021 |
|
Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.
|
Jul 30, 2021 |
|
Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.
|
Jul 29, 2021 |
|
US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.
|
Jul 28, 2021 |
|
South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?
|
Jul 27, 2021 |
|
The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.
|
Jul 26, 2021 |
|
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
|
Jul 25, 2021 |
|
Is enhanced hardware security the answer to ransomware? [CyberWire-X]
|
Jul 25, 2021 |
|
Free malware with cracked software. [Research Saturday]
|
Jul 24, 2021 |
|
Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.
|
Jul 23, 2021 |
|
Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.
|
Jul 22, 2021 |
|
Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.
|
Jul 21, 2021 |
|
APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.
|
Jul 20, 2021 |
|
Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Group’s Pegasus tool reported.
|
Jul 19, 2021 |
|
Peter Baumann: Adding value to data. [CEO] [Career Notes]
|
Jul 18, 2021 |
|
Enabling connectivity enables exposures. [Research Saturday]
|
Jul 17, 2021 |
|
DDoS at Russia’s MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendor’s activities are exposed. No signs of the US softening on Huawei bans.
|
Jul 16, 2021 |
|
Luminous Moth or Mustang Panda, it’s the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.
|
Jul 15, 2021 |
|
Patch notes. What’s happening with REvil remains unclear, but it would be rash to count the gang out.
|
Jul 14, 2021 |
|
SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.
|
Jul 13, 2021 |
|
Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.
|
Jul 12, 2021 |
|
Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]
|
Jul 11, 2021 |
|
APTs transitioning to the cloud. [CyberWire-X]
|
Jul 11, 2021 |
|
Dealing illicit goods on encrypted chat apps. [Research Saturday]
|
Jul 10, 2021 |
|
Kaseya continues to work through its REvil days, as does the US Administration. In other news, there’s cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.
|
Jul 09, 2021 |
|
Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvil’s victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.
|
Jul 08, 2021 |
|
Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.
|
Jul 07, 2021 |
|
The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.
|
Jul 06, 2021 |
|
Dwayne Price: Sharing information. [Project Management] [Career Notes]
|
Jul 04, 2021 |
|
Malware in pirated Windows installation files. [Research Saturday]
|
Jul 03, 2021 |
|
Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.
|
Jul 02, 2021 |
|
Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?
|
Jul 01, 2021 |
|
A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.
|
Jun 30, 2021 |
|
A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.
|
Jun 29, 2021 |
|
Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.
|
Jun 28, 2021 |
|
Introducing Security Unlocked: CISO Series with Bret Arsenault–Leading an Inclusive Workforce: Emma Smith, Vodafone
|
Jun 27, 2021 |
|
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
|
Jun 27, 2021 |
|
Exhibiting advanced APT-like behavior. [Research Saturday]
|
Jun 26, 2021 |
|
REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.
|
Jun 25, 2021 |
|
Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?
|
Jun 24, 2021 |
|
Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.
|
Jun 23, 2021 |
|
Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.
|
Jun 22, 2021 |
|
South Korea’s nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.
|
Jun 21, 2021 |
|
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
|
Jun 20, 2021 |
|
Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]
|
Jun 19, 2021 |
|
Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.
|
Jun 18, 2021 |
|
The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.
|
Jun 17, 2021 |
|
Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.
|
Jun 16, 2021 |
|
Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.
|
Jun 15, 2021 |
|
Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?
|
Jun 14, 2021 |
|
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
|
Jun 13, 2021 |
|
Taking a look behind the Science of Security. [Research Saturday]
|
Jun 12, 2021 |
|
Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.
|
Jun 11, 2021 |
|
Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBI’s partial recovery of DarkSide’s ransom take.
|
Jun 10, 2021 |
|
Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATO’s Article 5 in cyberspace. Patch Tuesday notes.
|
Jun 09, 2021 |
|
FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.
|
Jun 08, 2021 |
|
Dark Side’s way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.
|
Jun 07, 2021 |
|
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
|
Jun 06, 2021 |
|
Bad building blocks: a new and unusual phishing campaign. [Research Saturday]
|
Jun 05, 2021 |
|
Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.
|
Jun 04, 2021 |
|
FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.
|
Jun 03, 2021 |
|
The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobelium’s USAID impersonation campaign. Siemens addresses PLC vulnerabilities.
|
Jun 02, 2021 |
|
Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.
|
Jun 01, 2021 |
|
Zero trust: a change in mindset. [Special Editions]
|
May 31, 2021 |
|
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
|
May 30, 2021 |
|
Big data, big payoff for China's cybercrime underground. [Research Saturday]
|
May 29, 2021 |
|
A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.
|
May 28, 2021 |
|
Impersonation campaign targets China’s Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.
|
May 27, 2021 |
|
Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.
|
May 26, 2021 |
|
CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.
|
May 25, 2021 |
|
Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.
|
May 24, 2021 |
|
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
|
May 23, 2021 |
|
Leveraging COVID-19 themes for malicious purposes. [Research Saturday]
|
May 22, 2021 |
|
DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.
|
May 21, 2021 |
|
DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.
|
May 20, 2021 |
|
Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.
|
May 19, 2021 |
|
WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.
|
May 18, 2021 |
|
Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.
|
May 17, 2021 |
|
Zeroing in on zero trust. [CyberWire-X]
|
May 16, 2021 |
|
Dominique West: Security found me. [Strategy] [Career Notes]
|
May 16, 2021 |
|
Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]
|
May 15, 2021 |
|
Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
|
May 14, 2021 |
|
The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.
|
May 13, 2021 |
|
The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.
|
May 12, 2021 |
|
Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.
|
May 11, 2021 |
|
Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.
|
May 10, 2021 |
|
Street cred: increasing trust in passwordless authentication. [CyberWire-X]
|
May 09, 2021 |
|
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
|
May 09, 2021 |
|
SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]
|
May 08, 2021 |
|
CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.
|
May 07, 2021 |
|
Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.
|
May 06, 2021 |
|
DDoS interrupts Belgium’s parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).
|
May 05, 2021 |
|
VPN vulnerability exploited for cyberespionage closed. “IT security incident” at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.
|
May 04, 2021 |
|
Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.
|
May 03, 2021 |
|
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
|
May 02, 2021 |
|
A snapshot of the ransomware threat landscape. [Research Saturday}
|
May 01, 2021 |
|
Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.
|
Apr 30, 2021 |
|
Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSA’s advice on OT security.
|
Apr 29, 2021 |
|
More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.
|
Apr 28, 2021 |
|
The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.
|
Apr 27, 2021 |
|
Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.
|
Apr 26, 2021 |
|
Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
|
Apr 25, 2021 |
|
Channeling the data avalanche. [CyberWire-X]
|
Apr 25, 2021 |
|
Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]
|
Apr 24, 2021 |
|
Three ransomware gangs up their game. The US Postal Inspection Service’s “Internet Covert Operations Program.” GCHQ warns of dependence on Chinese tech. Undersea cable security.
|
Apr 23, 2021 |
|
VPN users remediate systems. New Supernova infection. Cryptojacking botnet afflicts vulnerable Exchange Servers. Facebook takes down spyware groups. Ransomware. Cellebrite bug found.
|
Apr 22, 2021 |
|
SonicWall, Pulse Secure products under exploitation (mitigations are available). Power grid security. Cyber conflict in the Near Abroad. ISIS worries about Bitcoin. Bad passwords.
|
Apr 21, 2021 |
|
Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.
|
Apr 20, 2021 |
|
Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.
|
Apr 19, 2021 |
|
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
|
Apr 18, 2021 |
|
Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]
|
Apr 17, 2021 |
|
International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
|
Apr 16, 2021 |
|
Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
|
Apr 15, 2021 |
|
The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.
|
Apr 14, 2021 |
|
Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.
|
Apr 13, 2021 |
|
Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.
|
Apr 12, 2021 |
|
Debra Danielson: Be fearless. [CTO] [Career Notes]
|
Apr 11, 2021 |
|
Strategic titles point to something more than a commodity campaign. [Research Saturday]
|
Apr 10, 2021 |
|
A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.
|
Apr 09, 2021 |
|
Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.
|
Apr 08, 2021 |
|
A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.
|
Apr 07, 2021 |
|
Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.
|
Apr 06, 2021 |
|
An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.
|
Apr 05, 2021 |
|
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
|
Apr 04, 2021 |
|
Ezuri: Regenerating a different kind of target. [Research Saturday]
|
Apr 03, 2021 |
|
Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.
|
Apr 02, 2021 |
|
Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.
|
Apr 01, 2021 |
|
Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.
|
Mar 31, 2021 |
|
US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.
|
Mar 30, 2021 |
|
Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.
|
Mar 29, 2021 |
|
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
|
Mar 28, 2021 |
|
How are we doing in the industrial sector? [Research Saturday]
|
Mar 27, 2021 |
|
Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.
|
Mar 26, 2021 |
|
Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.
|
Mar 25, 2021 |
|
Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?
|
Mar 24, 2021 |
|
Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail
|
Mar 24, 2021 |
|
Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.
|
Mar 23, 2021 |
|
Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.
|
Mar 22, 2021 |
|
Kevin Magee: Focus on the archer. (CSO) [Career Notes]
|
Mar 21, 2021 |
|
BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]
|
Mar 20, 2021 |
|
Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.
|
Mar 19, 2021 |
|
Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.
|
Mar 18, 2021 |
|
US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.
|
Mar 17, 2021 |
|
Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).
|
Mar 16, 2021 |
|
Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.
|
Mar 15, 2021 |
|
SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]
|
Mar 14, 2021 |
|
Dinah Davis: Building your network. [R&D] [Career Notes]
|
Mar 14, 2021 |
|
Keeping data confidential with fully homomorphic encryption. [Research Saturday]
|
Mar 13, 2021 |
|
Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.
|
Mar 12, 2021 |
|
More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.
|
Mar 11, 2021 |
|
Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.
|
Mar 10, 2021 |
|
Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.
|
Mar 09, 2021 |
|
Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).
|
Mar 08, 2021 |
|
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
|
Mar 07, 2021 |
|
Diving deep into North Korea's APT37 tool kit. [Research Saturday]
|
Mar 06, 2021 |
|
SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.
|
Mar 05, 2021 |
|
Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.
|
Mar 04, 2021 |
|
RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
|
Mar 03, 2021 |
|
India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
|
Mar 02, 2021 |
|
“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.
|
Mar 01, 2021 |
|
Aarti Borkar: Make your own choices. [Product} [Career Notes]
|
Feb 28, 2021 |
|
Shining a light on China's cyber underground. [Research Saturday]
|
Feb 27, 2021 |
|
Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.
|
Feb 26, 2021 |
|
PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.
|
Feb 25, 2021 |
|
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
|
Feb 24, 2021 |
|
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
|
Feb 23, 2021 |
|
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
|
Feb 22, 2021 |
|
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
|
Feb 21, 2021 |
|
Attackers (ab)using Google Chrome. [Research Saturday]
|
Feb 20, 2021 |
|
Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.
|
Feb 19, 2021 |
|
The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.
|
Feb 18, 2021 |
|
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.
|
Feb 17, 2021 |
|
France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE
|
Feb 16, 2021 |
|
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
|
Feb 16, 2021 |
|
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
|
Feb 14, 2021 |
|
Using the human body as a wire-like communication channel. [Research Saturday]
|
Feb 13, 2021 |
|
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.
|
Feb 12, 2021 |
|
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
|
Feb 11, 2021 |
|
Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
|
Feb 10, 2021 |
|
Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.
|
Feb 09, 2021 |
|
A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?
|
Feb 08, 2021 |
|
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
|
Feb 07, 2021 |
|
In the clear: what it's like working as a woman in the cleared community. [Special Edition]
|
Feb 07, 2021 |
|
"Follow the money" the cybersecurity way. [Research Saturday]
|
Feb 06, 2021 |
|
Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.
|
Feb 05, 2021 |
|
Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.
|
Feb 04, 2021 |
|
China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.
|
Feb 03, 2021 |
|
Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.
|
Feb 02, 2021 |
|
Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.
|
Feb 01, 2021 |
|
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
|
Jan 31, 2021 |
|
Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]
|
Jan 31, 2021 |
|
The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]
|
Jan 30, 2021 |
|
Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.
|
Jan 29, 2021 |
|
Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.
|
Jan 28, 2021 |
|
Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.
|
Jan 27, 2021 |
|
Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?
|
Jan 26, 2021 |
|
The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.
|
Jan 25, 2021 |
|
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
|
Jan 24, 2021 |
|
Trickbot may be down, but can we count it out? [Research Saturday]
|
Jan 23, 2021 |
|
Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
|
Jan 22, 2021 |
|
Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
|
Jan 21, 2021 |
|
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.
|
Jan 20, 2021 |
|
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
|
Jan 19, 2021 |
|
Encore: You will pay for that one way or another. [Caveat]
|
Jan 18, 2021 |
|
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
|
Jan 17, 2021 |
|
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
|
Jan 16, 2021 |
|
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
|
Jan 15, 2021 |
|
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
|
Jan 14, 2021 |
|
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
|
Jan 13, 2021 |
|
Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
|
Jan 12, 2021 |
|
More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.
|
Jan 11, 2021 |
|
Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
|
Jan 10, 2021 |
|
Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]
|
Jan 09, 2021 |
|
The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.
|
Jan 08, 2021 |
|
CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.
|
Jan 07, 2021 |
|
Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.
|
Jan 06, 2021 |
|
It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.
|
Jan 05, 2021 |
|
Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.
|
Jan 04, 2021 |
|
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
|
Jan 03, 2021 |
|
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
|
Jan 02, 2021 |
|
Andy Greenberg on the Sandworm Indictments. [Interview Selects]
|
Jan 01, 2021 |
|
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]
|
Dec 27, 2020 |
|
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
|
Dec 26, 2020 |
|
Encore: Separating fools from money. [Hacking Humans]
|
Dec 25, 2020 |
|
Encore: Technology that allows cops to track your phone. [Caveat]
|
Dec 24, 2020 |
|
Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.
|
Dec 23, 2020 |
|
Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.
|
Dec 22, 2020 |
|
Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.
|
Dec 21, 2020 |
|
Robert Lee: Keeping the lights on. [ICS] [Word Notes]
|
Dec 20, 2020 |
|
Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]
|
Dec 19, 2020 |
|
Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.
|
Dec 18, 2020 |
|
The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.
|
Dec 17, 2020 |
|
SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
|
Dec 16, 2020 |
|
SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.
|
Dec 15, 2020 |
|
A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.
|
Dec 14, 2020 |
|
Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]
|
Dec 14, 2020 |
|
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]
|
Dec 13, 2020 |
|
Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]
|
Dec 12, 2020 |
|
OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.
|
Dec 11, 2020 |
|
Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.
|
Dec 10, 2020 |
|
Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.
|
Dec 09, 2020 |
|
IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.
|
Dec 08, 2020 |
|
NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.
|
Dec 07, 2020 |
|
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
|
Dec 06, 2020 |
|
SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]
|
Dec 05, 2020 |
|
2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.
|
Dec 04, 2020 |
|
Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?
|
Dec 03, 2020 |
|
The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.
|
Dec 02, 2020 |
|
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.
|
Dec 01, 2020 |
|
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.
|
Nov 30, 2020 |
|
Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
|
Nov 29, 2020 |
|
Encore: Using global events as lures for malicious activity.
|
Nov 28, 2020 |
|
Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.
|
Nov 25, 2020 |
|
Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.
|
Nov 24, 2020 |
|
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”
|
Nov 23, 2020 |
|
James Hadley: Spend time on what interests you. [CEO] [Career Notes]
|
Nov 22, 2020 |
|
Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]
|
Nov 21, 2020 |
|
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.
|
Nov 20, 2020 |
|
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).
|
Nov 19, 2020 |
|
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.
|
Nov 18, 2020 |
|
Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.
|
Nov 17, 2020 |
|
Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.
|
Nov 16, 2020 |
|
Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
|
Nov 15, 2020 |
|
That first CVE was a fun find, for sure. [Research Saturday]
|
Nov 14, 2020 |
|
CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
|
Nov 13, 2020 |
|
An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.
|
Nov 12, 2020 |
|
shadow IT (noun) [Word Notes]
|
Nov 11, 2020 |
|
remote access Trojan or RAT (noun) [Word Notes]
|
Nov 11, 2020 |
|
A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.
|
Nov 10, 2020 |
|
Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.
|
Nov 09, 2020 |
|
Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
|
Nov 08, 2020 |
|
PoetRAT: a complete lack of operational security. [Research Saturday]
|
Nov 07, 2020 |
|
IRGC domains taken down. A look at 2021’s threatscape. Russia says its didn’t do anything (others see Bears.) Forfeiture of Silk Road’s hitherto unaccounted for billion-plus dollars.
|
Nov 06, 2020 |
|
CISA’s happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.
|
Nov 05, 2020 |
|
US elections: CISA calls security success, but reminds all that it’s not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.
|
Nov 04, 2020 |
|
Election security updates from CISA. Maze says it’s out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.
|
Nov 03, 2020 |
|
Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.
|
Nov 02, 2020 |
|
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
|
Nov 01, 2020 |
|
Carole Theriault: Constantly learning new things. [Media] [Career Notes]
|
Nov 01, 2020 |
|
Leveraging for a bigger objective. [Research Saturday]
|
Oct 31, 2020 |
|
Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Don’t exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.
|
Oct 30, 2020 |
|
The Malware Mash!
|
Oct 30, 2020 |
|
Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.
|
Oct 29, 2020 |
|
Warnings about the DPRK’s Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.
|
Oct 28, 2020 |
|
Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.
|
Oct 27, 2020 |
|
Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.
|
Oct 26, 2020 |
|
Sal Aurigemma: How things work. [Education] [Career Notes]
|
Oct 25, 2020 |
|
Just saying there are attacks is not enough. [Research Saturday]
|
Oct 24, 2020 |
|
Energetic Bear’s battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.
|
Oct 23, 2020 |
|
Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the “blatant Russophobia,” TASS?
|
Oct 22, 2020 |
|
TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.
|
Oct 21, 2020 |
|
International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.
|
Oct 20, 2020 |
|
Influence operations and cyber probes of presidential campaigns. TrickBot’s recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.
|
Oct 19, 2020 |
|
Rosa Smothers: Secure the planet. [Career Notes]
|
Oct 18, 2020 |
|
Intentionally not drawing attention. [Research Saturday]
|
Oct 17, 2020 |
|
Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.
|
Oct 16, 2020 |
|
Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.
|
Oct 15, 2020 |
|
Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.
|
Oct 14, 2020 |
|
Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.
|
Oct 13, 2020 |
|
Rigging the game. [Caveat]
|
Oct 12, 2020 |
|
Geoff White: Suddenly all of the pieces start to line up. [Career Notes]
|
Oct 11, 2020 |
|
It's still possible to find ways to break out. [Research Saturday]
|
Oct 10, 2020 |
|
A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.
|
Oct 09, 2020 |
|
Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.
|
Oct 08, 2020 |
|
Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.
|
Oct 07, 2020 |
|
New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.
|
Oct 06, 2020 |
|
Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.
|
Oct 05, 2020 |
|
Diane M. Janosek: It's only together that we are going to rise. [Career Notes]
|
Oct 04, 2020 |
|
Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]
|
Oct 03, 2020 |
|
CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.
|
Oct 02, 2020 |
|
Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.
|
Oct 01, 2020 |
|
Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.
|
Sep 30, 2020 |
|
Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.
|
Sep 29, 2020 |
|
Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.
|
Sep 28, 2020 |
|
Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
|
Sep 27, 2020 |
|
What came first, the Golden Chickens or more_eggs? [Research Saturday]
|
Sep 26, 2020 |
|
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
|
Sep 25, 2020 |
|
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
|
Sep 24, 2020 |
|
Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.
|
Sep 23, 2020 |
|
Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.
|
Sep 22, 2020 |
|
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.
|
Sep 21, 2020 |
|
The cybersecurity paradox. [CyberWire-X]
|
Sep 20, 2020 |
|
Monica Ruiz: Moving ahead when not many look like you. [Career Notes]
|
Sep 20, 2020 |
|
Election 2020: What to expect when we are electing. [Research Saturday]
|
Sep 19, 2020 |
|
Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.
|
Sep 18, 2020 |
|
Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.
|
Sep 17, 2020 |
|
VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.
|
Sep 16, 2020 |
|
Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.
|
Sep 15, 2020 |
|
Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.
|
Sep 14, 2020 |
|
Ode to Wealthy Elite. [Shadowspeak]
|
Sep 14, 2020 |
|
Brandon Robinson: Built from the ground up. [Career Notes]
|
Sep 13, 2020 |
|
Leveraging legitimate tools. [Research Saturday]
|
Sep 12, 2020 |
|
Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.
|
Sep 11, 2020 |
|
Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.
|
Sep 10, 2020 |
|
Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.
|
Sep 09, 2020 |
|
Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?
|
Sep 08, 2020 |
|
Exploring the cultural values of personal privacy. [Caveat]
|
Sep 07, 2020 |
|
Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]
|
Sep 06, 2020 |
|
Going after the most valuable data. [Research Saturday]
|
Sep 05, 2020 |
|
Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.
|
Sep 04, 2020 |
|
Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.
|
Sep 03, 2020 |
|
Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.
|
Sep 02, 2020 |
|
The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.
|
Sep 01, 2020 |
|
DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.
|
Aug 31, 2020 |
|
Jack Rhysider: Get your experience points in everything. [Career Notes]
|
Aug 30, 2020 |
|
They fooled a lot of people. [Research Saturday]
|
Aug 29, 2020 |
|
Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.
|
Aug 28, 2020 |
|
Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.
|
Aug 27, 2020 |
|
New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?
|
Aug 26, 2020 |
|
The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.
|
Aug 25, 2020 |
|
Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.
|
Aug 24, 2020 |
|
Kiersten Todt: Problem solving and building solutions. [Career Notes]
|
Aug 23, 2020 |
|
Using global events as lures. [Research Saturday]
|
Aug 22, 2020 |
|
Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.
|
Aug 21, 2020 |
|
Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.
|
Aug 20, 2020 |
|
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.
|
Aug 19, 2020 |
|
Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.
|
Aug 18, 2020 |
|
North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.
|
Aug 17, 2020 |
|
Trying for a win, win, win game. [Career Notes]
|
Aug 16, 2020 |
|
The ABCs of cybersecurity for the education sector. [CyberWire-X]
|
Aug 16, 2020 |
|
Waiting for their victims. [Research Saturday]
|
Aug 15, 2020 |
|
Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).
|
Aug 14, 2020 |
|
This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.
|
Aug 13, 2020 |
|
Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?
|
Aug 12, 2020 |
|
Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
|
Aug 11, 2020 |
|
NMAP (noun) [Word Notes]
|
Aug 11, 2020 |
|
What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
|
Aug 10, 2020 |
|
The Green Goldfish and cyber threat intelligence. [Career Notes]
|
Aug 09, 2020 |
|
Like anything these days, you have to disinfect it first. [Research Saturday]
|
Aug 08, 2020 |
|
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
|
Aug 07, 2020 |
|
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
|
Aug 06, 2020 |
|
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
|
Aug 05, 2020 |
|
US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
|
Aug 04, 2020 |
|
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
|
Aug 03, 2020 |
|
Rely on your strengths in the areas of the unknown. [Career Notes]
|
Aug 02, 2020 |
|
Detecting Twitter bots in real time. [Research Saturday]
|
Aug 01, 2020 |
|
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
|
Jul 31, 2020 |
|
A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
|
Jul 30, 2020 |
|
Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.
|
Jul 29, 2020 |
|
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
|
Jul 28, 2020 |
|
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
|
Jul 27, 2020 |
|
No matter the statistic, even if against the odds, focus on what you want. [Career Notes]
|
Jul 26, 2020 |
|
It was only a matter of time. [Research Saturday]
|
Jul 25, 2020 |
|
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.
|
Jul 24, 2020 |
|
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
|
Jul 23, 2020 |
|
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
|
Jul 22, 2020 |
|
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
|
Jul 21, 2020 |
|
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
|
Jul 20, 2020 |
|
Have to be able to communicate to everybody. [Career Notes]
|
Jul 19, 2020 |
|
Every time we get smarter, the bad guy changes something. [Research Saturday]
|
Jul 18, 2020 |
|
High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.
|
Jul 17, 2020 |
|
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.
|
Jul 16, 2020 |
|
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
|
Jul 15, 2020 |
|
Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
|
Jul 14, 2020 |
|
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
|
Jul 13, 2020 |
|
Turn challenges into opportunities. [Career Notes]
|
Jul 12, 2020 |
|
Are you running what you think you're running? [Research Saturday]
|
Jul 11, 2020 |
|
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.
|
Jul 10, 2020 |
|
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
|
Jul 09, 2020 |
|
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
|
Jul 08, 2020 |
|
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
|
Jul 07, 2020 |
|
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
|
Jul 06, 2020 |
|
Solving hard problems and pursuing your passions. [Career Notes]
|
Jul 05, 2020 |
|
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
|
Jul 02, 2020 |
|
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
|
Jul 01, 2020 |
|
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
|
Jun 30, 2020 |
|
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
|
Jun 29, 2020 |
|
Get your foot in the door and prove your worth. [Career Notes]
|
Jun 28, 2020 |
|
Enter the RAT. [Research Saturday]
|
Jun 27, 2020 |
|
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
|
Jun 26, 2020 |
|
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
|
Jun 25, 2020 |
|
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
|
Jun 24, 2020 |
|
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
|
Jun 23, 2020 |
|
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
|
Jun 22, 2020 |
|
Superhero origin stories and lessons that last. [Career Notes]
|
Jun 21, 2020 |
|
Click here to update your webhook. [Research Saturday]
|
Jun 20, 2020 |
|
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
|
Jun 19, 2020 |
|
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
|
Jun 18, 2020 |
|
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
|
Jun 17, 2020 |
|
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
|
Jun 16, 2020 |
|
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
|
Jun 15, 2020 |
|
The mark of making a difference. [Career Notes]
|
Jun 14, 2020 |
|
The value of the why and the who. [Research Saturday]
|
Jun 13, 2020 |
|
Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
|
Jun 12, 2020 |
|
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
|
Jun 11, 2020 |
|
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
|
Jun 10, 2020 |
|
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
|
Jun 09, 2020 |
|
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
|
Jun 08, 2020 |
|
Ask more people to dance. [Career Notes]
|
Jun 07, 2020 |
|
Due diligence cannot be done as a one-off. [Research Saturday]
|
Jun 06, 2020 |
|
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.
|
Jun 05, 2020 |
|
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.
|
Jun 04, 2020 |
|
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
|
Jun 03, 2020 |
|
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
|
Jun 02, 2020 |
|
Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
|
Jun 01, 2020 |
|
Extending security tools to the at home workforce during the pandemic. [Research Saturday]
|
May 31, 2020 |
|
Twofold snooping venture. [Research Saturday]
|
May 30, 2020 |
|
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
|
May 29, 2020 |
|
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
|
May 28, 2020 |
|
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.
|
May 27, 2020 |
|
The evolution of malware, both criminal and state-run.
|
May 26, 2020 |
|
Naming and shaming is the worst thing we can do. [Research Saturday]
|
May 23, 2020 |
|
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...
|
May 22, 2020 |
|
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
|
May 21, 2020 |
|
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
|
May 20, 2020 |
|
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
|
May 19, 2020 |
|
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
|
May 18, 2020 |
|
Gangnam Industrial Style APT campaign targets South Korea. [Research Saturday]
|
May 16, 2020 |
|
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
|
May 15, 2020 |
|
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
|
May 14, 2020 |
|
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
|
May 13, 2020 |
|
Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
|
May 12, 2020 |
|
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
|
May 11, 2020 |
|
The U.S. campaign trail is actually quite secure. [Research Saturday]
|
May 09, 2020 |
|
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
|
May 08, 2020 |
|
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
|
May 07, 2020 |
|
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
|
May 06, 2020 |
|
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
|
May 05, 2020 |
|
A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
|
May 04, 2020 |
|
Fingerprint authentication is not completely secure. [Research Saturday]
|
May 02, 2020 |
|
China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
|
May 01, 2020 |
|
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
|
Apr 30, 2020 |
|
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
|
Apr 29, 2020 |
|
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
|
Apr 28, 2020 |
|
Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
|
Apr 27, 2020 |
|
Contact tracing as COVID-19 aid. [Research Saturday]
|
Apr 25, 2020 |
|
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
|
Apr 24, 2020 |
|
APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
|
Apr 23, 2020 |
|
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.
|
Apr 22, 2020 |
|
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
|
Apr 21, 2020 |
|
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
|
Apr 20, 2020 |
|
Complementary colors: teaming tactics in cybersecurity. [Research Saturday]
|
Apr 19, 2020 |
|
How low can they go? A spike in Coronavirus phishing. [Research Saturday]
|
Apr 18, 2020 |
|
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
|
Apr 17, 2020 |
|
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
|
Apr 16, 2020 |
|
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
|
Apr 15, 2020 |
|
The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.
|
Apr 14, 2020 |
|
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
|
Apr 13, 2020 |
|
Profiling an audacious Nigerian cybercriminal. [Research Saturday]
|
Apr 11, 2020 |
|
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
|
Apr 10, 2020 |
|
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.
|
Apr 09, 2020 |
|
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
|
Apr 08, 2020 |
|
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
|
Apr 07, 2020 |
|
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
|
Apr 06, 2020 |
|
A rough year ahead for ransomware attacks - and how to stop them. [Research Saturday]
|
Apr 04, 2020 |
|
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
|
Apr 03, 2020 |
|
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
|
Apr 02, 2020 |
|
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
|
Apr 01, 2020 |
|
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
|
Mar 31, 2020 |
|
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
|
Mar 30, 2020 |
|
Hidden dangers inside Windows and LINUX computers. [Research Saturday]
|
Mar 28, 2020 |
|
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
|
Mar 27, 2020 |
|
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
|
Mar 26, 2020 |
|
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
|
Mar 25, 2020 |
|
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
|
Mar 24, 2020 |
|
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.
|
Mar 23, 2020 |
|
The security implications of cloud infrastructure in IoT. [Research Saturday]
|
Mar 21, 2020 |
|
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.
|
Mar 20, 2020 |
|
EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
|
Mar 19, 2020 |
|
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.
|
Mar 18, 2020 |
|
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
|
Mar 17, 2020 |
|
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
|
Mar 16, 2020 |
|
TLS is here to stay. [Research Saturday]
|
Mar 14, 2020 |
|
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.
|
Mar 13, 2020 |
|
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
|
Mar 12, 2020 |
|
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.
|
Mar 11, 2020 |
|
Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
|
Mar 10, 2020 |
|
Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.
|
Mar 09, 2020 |
|
Overworked developers write vulnerable software. [Research Saturday]
|
Mar 07, 2020 |
|
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
|
Mar 06, 2020 |
|
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
|
Mar 05, 2020 |
|
Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
|
Mar 04, 2020 |
|
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.
|
Mar 03, 2020 |
|
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
|
Mar 02, 2020 |
|
Application tracking in Wacom tablets. [Research Saturday]
|
Feb 29, 2020 |
|
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
|
Feb 28, 2020 |
|
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
|
Feb 27, 2020 |
|
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.
|
Feb 26, 2020 |
|
Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.
|
Feb 25, 2020 |
|
Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.
|
Feb 24, 2020 |
|
New vulnerabilities in PC sound cards. [Research Saturday]
|
Feb 22, 2020 |
|
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
|
Feb 21, 2020 |
|
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.
|
Feb 20, 2020 |
|
Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
|
Feb 19, 2020 |
|
Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
|
Feb 18, 2020 |
|
If you can't detect it, you can't steal it. [Research Saturday]
|
Feb 15, 2020 |
|
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
|
Feb 14, 2020 |
|
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
|
Feb 13, 2020 |
|
Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
|
Feb 12, 2020 |
|
Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
|
Feb 11, 2020 |
|
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
|
Feb 10, 2020 |
|
The Chameleon attacks Online Social Networks. [Research Saturday]
|
Feb 08, 2020 |
|
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
|
Feb 07, 2020 |
|
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.
|
Feb 06, 2020 |
|
Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
|
Feb 05, 2020 |
|
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
|
Feb 04, 2020 |
|
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
|
Feb 03, 2020 |
|
Eric Haseltine on his book, "The Spy in Moscow Station." [Special Editions]
|
Feb 02, 2020 |
|
Tracking one of China's hidden hacking groups. [Research Saturday]
|
Feb 01, 2020 |
|
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T
|
Jan 31, 2020 |
|
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
|
Jan 30, 2020 |
|
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.
|
Jan 29, 2020 |
|
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
|
Jan 28, 2020 |
|
A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
|
Jan 27, 2020 |
|
Know Thine Enemy - Identifying North American Cyber Threats. [Research Saturday]
|
Jan 25, 2020 |
|
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
|
Jan 24, 2020 |
|
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
|
Jan 23, 2020 |
|
The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
|
Jan 22, 2020 |
|
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
|
Jan 21, 2020 |
|
Clever breaches demonstrate IoT security gaps. [Research Saturday]
|
Jan 18, 2020 |
|
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
|
Jan 17, 2020 |
|
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
|
Jan 16, 2020 |
|
Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
|
Jan 15, 2020 |
|
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
|
Jan 14, 2020 |
|
Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
|
Jan 13, 2020 |
|
Profiling the Linken Sphere anti-detection browser. [Research Saturday]
|
Jan 11, 2020 |
|
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
|
Jan 10, 2020 |
|
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
|
Jan 09, 2020 |
|
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
|
Jan 08, 2020 |
|
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
|
Jan 07, 2020 |
|
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
|
Jan 06, 2020 |
|
Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.
|
Jan 03, 2020 |
|
A Jira vulnerability that’s leaking data in the public cloud. [Research Saturday]
|
Jan 02, 2020 |
|
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
|
Jan 02, 2020 |
|
Ron Gula and Mike Janke - VC pitfalls and how to avoid them. [Special Editions]
|
Dec 30, 2019 |
|
Inside Magecart and Genesis. [Research Saturday]
|
Dec 21, 2019 |
|
Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
|
Dec 20, 2019 |
|
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.
|
Dec 19, 2019 |
|
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
|
Dec 18, 2019 |
|
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
|
Dec 17, 2019 |
|
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
|
Dec 16, 2019 |
|
Capturing the flag at NXTWORK 2019 [Special Editions]
|
Dec 15, 2019 |
|
WAV files carry malicious data payloads. [Research Saturday]
|
Dec 14, 2019 |
|
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
|
Dec 13, 2019 |
|
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
|
Dec 12, 2019 |
|
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
|
Dec 11, 2019 |
|
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
|
Dec 10, 2019 |
|
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
|
Dec 09, 2019 |
|
Targeting routers to hit gaming servers. [Research Saturday]
|
Dec 07, 2019 |
|
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
|
Dec 06, 2019 |
|
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
|
Dec 05, 2019 |
|
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
|
Dec 04, 2019 |
|
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
|
Dec 03, 2019 |
|
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
|
Dec 02, 2019 |
|
Peter W. Singer author of LikeWar [Special Editions]
|
Nov 30, 2019 |
|
John Maeda author of How to Speak Machine [Special Editions]
|
Nov 29, 2019 |
|
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
|
Nov 27, 2019 |
|
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
|
Nov 26, 2019 |
|
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
|
Nov 25, 2019 |
|
Mustang Panda leverages Windows shortcut files. [Research Saturday]
|
Nov 23, 2019 |
|
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
|
Nov 22, 2019 |
|
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
|
Nov 21, 2019 |
|
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
|
Nov 20, 2019 |
|
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
|
Nov 19, 2019 |
|
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
|
Nov 18, 2019 |
|
Sodinokibi aka REvil connections to GandCrab. [Research Saturday]
|
Nov 16, 2019 |
|
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
|
Nov 15, 2019 |
|
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
|
Nov 14, 2019 |
|
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
|
Nov 13, 2019 |
|
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
|
Nov 12, 2019 |
|
Andy Greenberg from WIRED on his book "Sandworm." [Special Editions]
|
Nov 11, 2019 |
|
Monitoring the growing sophistication of PKPLUG. [Research Saturday]
|
Nov 09, 2019 |
|
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
|
Nov 08, 2019 |
|
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
|
Nov 07, 2019 |
|
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
|
Nov 06, 2019 |
|
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
|
Nov 05, 2019 |
|
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
|
Nov 04, 2019 |
|
Insider Threats [Special Editions]
|
Nov 03, 2019 |
|
Usable security is a delicate balance. [Research Saturday]
|
Nov 02, 2019 |
|
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
|
Nov 01, 2019 |
|
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
|
Oct 31, 2019 |
|
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
|
Oct 30, 2019 |
|
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
|
Oct 29, 2019 |
|
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
|
Oct 28, 2019 |
|
Masad Steals via Social Media. [Research Saturday]
|
Oct 26, 2019 |
|
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
|
Oct 25, 2019 |
|
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
|
Oct 24, 2019 |
|
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
|
Oct 23, 2019 |
|
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
|
Oct 22, 2019 |
|
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
|
Oct 21, 2019 |
|
Hoping for SOHO security. [Research Saturday]
|
Oct 19, 2019 |
|
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
|
Oct 18, 2019 |
|
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
|
Oct 17, 2019 |
|
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
|
Oct 16, 2019 |
|
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
|
Oct 15, 2019 |
|
Decrypting ransomware for good. [Research Saturday]
|
Oct 12, 2019 |
|
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
|
Oct 11, 2019 |
|
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
|
Oct 10, 2019 |
|
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
|
Oct 09, 2019 |
|
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
|
Oct 08, 2019 |
|
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
|
Oct 07, 2019 |
|
The fuzzy boundaries of APT41. [Research Saturday]
|
Oct 05, 2019 |
|
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
|
Oct 04, 2019 |
|
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
|
Oct 03, 2019 |
|
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
|
Oct 02, 2019 |
|
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
|
Oct 01, 2019 |
|
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
|
Sep 30, 2019 |
|
Focusing on Autumn Aperture. [Research Saturday]
|
Sep 28, 2019 |
|
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
|
Sep 27, 2019 |
|
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
|
Sep 26, 2019 |
|
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
|
Sep 25, 2019 |
|
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
|
Sep 24, 2019 |
|
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
|
Sep 23, 2019 |
|
Leaky guest networks and covert channels. [Research Saturday]
|
Sep 21, 2019 |
|
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
|
Sep 20, 2019 |
|
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
|
Sep 19, 2019 |
|
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
|
Sep 18, 2019 |
|
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
|
Sep 17, 2019 |
|
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
|
Sep 16, 2019 |
|
Bluetooth blues: KNOB attack explained. [Research Saturday]
|
Sep 14, 2019 |
|
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
|
Sep 13, 2019 |
|
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
|
Sep 12, 2019 |
|
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
|
Sep 11, 2019 |
|
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
|
Sep 10, 2019 |
|
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
|
Sep 09, 2019 |
|
VOIP phone system harbors decade-old vulnerability. [Research Saturday]
|
Sep 07, 2019 |
|
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
|
Sep 06, 2019 |
|
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
|
Sep 05, 2019 |
|
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
|
Sep 04, 2019 |
|
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
|
Sep 03, 2019 |
|
Emotet's updated business model. [Research Saturday]
|
Aug 31, 2019 |
|
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
|
Aug 30, 2019 |
|
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
|
Aug 29, 2019 |
|
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
|
Aug 28, 2019 |
|
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
|
Aug 27, 2019 |
|
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
|
Aug 26, 2019 |
|
Gift card bots evolve and adapt. [Research Saturday]
|
Aug 24, 2019 |
|
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
|
Aug 23, 2019 |
|
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
|
Aug 22, 2019 |
|
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
|
Aug 21, 2019 |
|
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
|
Aug 20, 2019 |
|
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
|
Aug 19, 2019 |
|
Detecting dating profile fraud. [Research Saturday]
|
Aug 17, 2019 |
|
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
|
Aug 16, 2019 |
|
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
|
Aug 15, 2019 |
|
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
|
Aug 14, 2019 |
|
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
|
Aug 13, 2019 |
|
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
|
Aug 12, 2019 |
|
Unpacking the Malvertising Ecosystem. [Research Saturday]
|
Aug 10, 2019 |
|
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
|
Aug 09, 2019 |
|
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
|
Aug 08, 2019 |
|
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
|
Aug 07, 2019 |
|
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
|
Aug 06, 2019 |
|
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
|
Aug 05, 2019 |
|
Package manager repository malware detection. [Research Saturday]
|
Aug 03, 2019 |
|
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
|
Aug 02, 2019 |
|
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
|
Aug 01, 2019 |
|
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
|
Jul 31, 2019 |
|
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
|
Jul 30, 2019 |
|
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
|
Jul 29, 2019 |
|
Cult of the Dead Cow author Joseph Menn extended interview. [Special Editions]
|
Jul 28, 2019 |
|
Day to day app fraud in the Google Play store. [Research Saturday]
|
Jul 27, 2019 |
|
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
|
Jul 26, 2019 |
|
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
|
Jul 25, 2019 |
|
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
|
Jul 24, 2019 |
|
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
|
Jul 23, 2019 |
|
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
|
Jul 22, 2019 |
|
The Fifth Domain coauthor Richard A. Clarke. [Special Editions]
|
Jul 21, 2019 |
|
Nansh0u not your normal cryptominer. [Research Saturday]
|
Jul 20, 2019 |
|
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
|
Jul 19, 2019 |
|
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
|
Jul 18, 2019 |
|
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
|
Jul 17, 2019 |
|
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
|
Jul 16, 2019 |
|
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
|
Jul 15, 2019 |
|
Opportunistic botnets round up vulnerable routers. [Research Saturday]
|
Jul 13, 2019 |
|
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
|
Jul 12, 2019 |
|
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
|
Jul 11, 2019 |
|
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
|
Jul 10, 2019 |
|
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
|
Jul 09, 2019 |
|
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
|
Jul 08, 2019 |
|
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.
|
Jul 03, 2019 |
|
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
|
Jul 02, 2019 |
|
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
|
Jul 01, 2019 |
|
Giving everyone a stake in the success of Open Source implementation. [Research Saturday]
|
Jun 29, 2019 |
|
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”
|
Jun 28, 2019 |
|
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
|
Jun 27, 2019 |
|
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
|
Jun 26, 2019 |
|
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.
|
Jun 25, 2019 |
|
Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.
|
Jun 24, 2019 |
|
Middleboxes may be meddling with TLS connections. [Research Saturday]
|
Jun 22, 2019 |
|
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
|
Jun 21, 2019 |
|
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
|
Jun 20, 2019 |
|
BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
|
Jun 19, 2019 |
|
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
|
Jun 18, 2019 |
|
Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
|
Jun 17, 2019 |
|
Apps on third-party Android store carry unwelcome code. [Research Saturday]
|
Jun 15, 2019 |
|
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
|
Jun 14, 2019 |
|
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.
|
Jun 13, 2019 |
|
Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
|
Jun 12, 2019 |
|
Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
|
Jun 11, 2019 |
|
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
|
Jun 10, 2019 |
|
Xwo scans for default credentials and exposed web services. [Research Saturday]
|
Jun 08, 2019 |
|
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.
|
Jun 07, 2019 |
|
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?
|
Jun 06, 2019 |
|
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.
|
Jun 05, 2019 |
|
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
|
Jun 04, 2019 |
|
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.
|
Jun 03, 2019 |
|
Blockchain bandits plunder weak wallets. [Research Saturday]
|
Jun 01, 2019 |
|
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
|
May 31, 2019 |
|
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
|
May 30, 2019 |
|
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
|
May 29, 2019 |
|
Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.
|
May 28, 2019 |
|
A fresh look at GOSSIPGIRL and the Supra Threat Actors. [Research Saturday]
|
May 25, 2019 |
|
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
|
May 24, 2019 |
|
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
|
May 23, 2019 |
|
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
|
May 22, 2019 |
|
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
|
May 21, 2019 |
|
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
|
May 20, 2019 |
|
Elfin APT group targets Middle East energy sector. [Research Saturday]
|
May 18, 2019 |
|
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
|
May 17, 2019 |
|
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
|
May 16, 2019 |
|
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
|
May 15, 2019 |
|
Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.
|
May 14, 2019 |
|
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
|
May 13, 2019 |
|
Steganography enables sophisticated OceanLotus payloads. [Research Saturday]
|
May 11, 2019 |
|
Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
|
May 10, 2019 |
|
Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
|
May 09, 2019 |
|
Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.
|
May 08, 2019 |
|
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
|
May 07, 2019 |
|
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
|
May 06, 2019 |
|
Sea Turtle state-sponsored DNS hijacking. [Research Saturday]
|
May 04, 2019 |
|
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
|
May 03, 2019 |
|
Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
|
May 02, 2019 |
|
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
|
May 01, 2019 |
|
Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
|
Apr 30, 2019 |
|
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.
|
Apr 29, 2019 |
|
Deep Learning threatens 3D medical imaging integrity. [Research Saturday]
|
Apr 27, 2019 |
|
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
|
Apr 26, 2019 |
|
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
|
Apr 25, 2019 |
|
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.
|
Apr 24, 2019 |
|
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
|
Apr 23, 2019 |
|
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
|
Apr 22, 2019 |
|
Undetectable vote manipulation in SwissPost e-voting system. [Research Saturday]
|
Apr 20, 2019 |
|
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
|
Apr 19, 2019 |
|
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
|
Apr 18, 2019 |
|
Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
|
Apr 17, 2019 |
|
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.
|
Apr 16, 2019 |
|
ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
|
Apr 15, 2019 |
|
The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]
|
Apr 14, 2019 |
|
Establishing software root of trust unconditionally. [Research Saturday]
|
Apr 13, 2019 |
|
Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
|
Apr 12, 2019 |
|
Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
|
Apr 11, 2019 |
|
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.
|
Apr 10, 2019 |
|
GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
|
Apr 09, 2019 |
|
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
|
Apr 08, 2019 |
|
Lessons learned from Ukraine elections. [Research Saturday]
|
Apr 06, 2019 |
|
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
|
Apr 05, 2019 |
|
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
|
Apr 04, 2019 |
|
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
|
Apr 03, 2019 |
|
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
|
Apr 02, 2019 |
|
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
|
Apr 01, 2019 |
|
Alarming vulnerabilities in automotive security systems. [Research Saturday]
|
Mar 30, 2019 |
|
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
|
Mar 29, 2019 |
|
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.
|
Mar 28, 2019 |
|
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.
|
Mar 27, 2019 |
|
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
|
Mar 26, 2019 |
|
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
|
Mar 25, 2019 |
|
Ryuk ransomware relationship revelations. [Research Saturday]
|
Mar 23, 2019 |
|
Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
|
Mar 22, 2019 |
|
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
|
Mar 21, 2019 |
|
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
|
Mar 20, 2019 |
|
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
|
Mar 19, 2019 |
|
Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.
|
Mar 18, 2019 |
|
ThinkPHP exploit from Asia-Pacific region goes global. [Research Saturday]
|
Mar 16, 2019 |
|
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.
|
Mar 15, 2019 |
|
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.
|
Mar 14, 2019 |
|
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).
|
Mar 13, 2019 |
|
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
|
Mar 12, 2019 |
|
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
|
Mar 11, 2019 |
|
Job-seeker exposes banking network to Lazurus Group. [Research Saturday]
|
Mar 09, 2019 |
|
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
|
Mar 08, 2019 |
|
Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.
|
Mar 07, 2019 |
|
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
|
Mar 06, 2019 |
|
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
|
Mar 05, 2019 |
|
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.
|
Mar 04, 2019 |
|
Fake Fortnite app scams infect gamers. [Research Saturday]
|
Mar 02, 2019 |
|
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.
|
Mar 01, 2019 |
|
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
|
Feb 28, 2019 |
|
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
|
Feb 27, 2019 |
|
Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.
|
Feb 26, 2019 |
|
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
|
Feb 25, 2019 |
|
Rosneft suspicions shift from espionage to business email compromise. [Research Saturday]
|
Feb 23, 2019 |
|
Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
|
Feb 22, 2019 |
|
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
|
Feb 21, 2019 |
|
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
|
Feb 20, 2019 |
|
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
|
Feb 19, 2019 |
|
Seedworm digs Middle East intelligence. [Research Saturday]
|
Feb 16, 2019 |
|
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
|
Feb 15, 2019 |
|
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
|
Feb 14, 2019 |
|
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.
|
Feb 13, 2019 |
|
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
|
Feb 12, 2019 |
|
Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
|
Feb 11, 2019 |
|
Trends and tips for cloud security. [Research Saturday]
|
Feb 09, 2019 |
|
Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
|
Feb 08, 2019 |
|
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
|
Feb 07, 2019 |
|
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
|
Feb 06, 2019 |
|
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
|
Feb 05, 2019 |
|
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.
|
Feb 04, 2019 |
|
Online underground markets in the Middle East. [Research Saturday]
|
Feb 02, 2019 |
|
No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.
|
Feb 01, 2019 |
|
Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.
|
Jan 31, 2019 |
|
US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.
|
Jan 30, 2019 |
|
Case studies in risk and regulation. [CyberWire-X]
|
Jan 30, 2019 |
|
FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.
|
Jan 29, 2019 |
|
Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.
|
Jan 28, 2019 |
|
Amplification bots and how to detect them. [Research Saturday]
|
Jan 26, 2019 |
|
Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
|
Jan 25, 2019 |
|
The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.
|
Jan 24, 2019 |
|
Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.
|
Jan 23, 2019 |
|
Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.
|
Jan 22, 2019 |
|
Luring IoT botnets to the honeypot. [Research Saturday]
|
Jan 19, 2019 |
|
Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.
|
Jan 18, 2019 |
|
Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.
|
Jan 17, 2019 |
|
SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.
|
Jan 16, 2019 |
|
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.
|
Jan 15, 2019 |
|
Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.
|
Jan 14, 2019 |
|
Magecart payment card theft analysis. [Research Saturday]
|
Jan 12, 2019 |
|
Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.
|
Jan 11, 2019 |
|
TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.
|
Jan 10, 2019 |
|
ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?
|
Jan 09, 2019 |
|
German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.
|
Jan 08, 2019 |
|
German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?
|
Jan 07, 2019 |
|
NOKKI, Reaper and DOGCALL target Russians and Cambodians. [Research Saturday]
|
Jan 05, 2019 |
|
Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.
|
Jan 04, 2019 |
|
2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.
|
Jan 03, 2019 |
|
Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore.
|
Jan 02, 2019 |
|
Apple Device Enrollment Program vulnerabilities explored. [Research Saturday]
|
Dec 22, 2018 |
|
Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.
|
Dec 21, 2018 |
|
Risk and regulation in the financial sector. [CyberWire-X]
|
Dec 21, 2018 |
|
US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
|
Dec 20, 2018 |
|
Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.
|
Dec 19, 2018 |
|
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.
|
Dec 18, 2018 |
|
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
|
Dec 17, 2018 |
|
The Sony hack and the perils of attribution. [Research Saturday]
|
Dec 15, 2018 |
|
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
|
Dec 14, 2018 |
|
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.
|
Dec 13, 2018 |
|
Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.
|
Dec 12, 2018 |
|
Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.
|
Dec 11, 2018 |
|
A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
|
Dec 10, 2018 |
|
Operation Red Signature targets South Korean supply chain. [Research Saturday]
|
Dec 08, 2018 |
|
Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.
|
Dec 07, 2018 |
|
Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.
|
Dec 06, 2018 |
|
DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.
|
Dec 05, 2018 |
|
Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.
|
Dec 04, 2018 |
|
US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
|
Dec 03, 2018 |
|
Settling in with GDPR. [CyberWire-X]
|
Dec 03, 2018 |
|
Getting an education on Cobalt Dickens. [Research Saturday]
|
Dec 01, 2018 |
|
Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.
|
Nov 30, 2018 |
|
Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.
|
Nov 29, 2018 |
|
DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.
|
Nov 28, 2018 |
|
Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.
|
Nov 27, 2018 |
|
A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.
|
Nov 26, 2018 |
|
Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.
|
Nov 21, 2018 |