CyberWire Daily

By N2K Networks

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.

Image by N2K Networks

Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1661
Reviews: 5
Episodes: 2873

CyberGirl
 Oct 28, 2020
An excellent resource for the cyber news of the day, without the extra "fluff". NOTE: this is NOT an educational podcast, it is strictly distilled news.

Matt Aguirre
 Mar 10, 2019


 Jan 16, 2019

Average Joe
 Dec 12, 2018
This is a great source for a daily overview of what happened in Cyber Security and IT!

Mikey
 Nov 11, 2018
Although I enjoy listening, it's like a new language which I'm slowly learning. I wish some more time was given to background regarding malware.

Description

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Episode Date
Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.
Jun 03, 2024
Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition]
Jun 03, 2024
SolarWinds and the SEC.
Jun 03, 2024
Solution Spotlight on the 2024 NICE Conference: Business Roundtable.
Jun 02, 2024
1700 IPs and counting. [Research Saturday]
Jun 01, 2024
Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]
Jun 01, 2024
New cybersecurity bill aims to untangle federal regulations.
May 31, 2024
Operation Endgame: Hackers' hideouts exposed.
May 30, 2024
Alleged leaked files expose a dirty secret.
May 29, 2024
FBI untangles the web that is Scattered Spider.
May 28, 2024
Memorial Day special.
May 27, 2024
Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]
May 26, 2024
International effort dismantles LockBit. [Research Saturday]
May 25, 2024
Cybercriminals target London drugs.
May 24, 2024
Checkmate at check in.
May 23, 2024
Privacy nightmare or useful tool?
May 22, 2024
The secrets of a dark web drug lord.
May 21, 2024
Double key encryption debate.
May 20, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]
May 19, 2024
From secret images to encryption keys. [Research Saturday]
May 18, 2024
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
May 18, 2024
MediSecure data breach hits Aussie healthcare.
May 17, 2024
FBI strikes against a cybercrime syndicate.
May 16, 2024
A bipartisan blueprint for American leadership.
May 15, 2024
Google strikes back.
May 14, 2024
A battle for digital sovereignty.
May 13, 2024
Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]
May 12, 2024
The double-edged sword of cyber espionage. [Research Saturday]
May 11, 2024
Treasury's offensive in financial defense.
May 10, 2024
Healthcare in the crosshairs.
May 09, 2024
The takedown of a ransomware ringleader.
May 08, 2024
Hack-proofing the future to shape cyberspace.
May 07, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP]
May 07, 2024
Charting the course: Biden's blueprint for global cybersecurity.
May 06, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]
May 06, 2024
Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]
May 05, 2024
Geopolitical tensions rise with China. [Research Saturday]
May 04, 2024
Ransomware attack turns legal attack.
May 03, 2024
Dropbox sign breach exposes secrets.
May 02, 2024
Retirement plan breach shakes financial giant.
May 01, 2024
Ransomware is just a prescription for chaos.
Apr 30, 2024
An unprecedented surge in credential stuffing.
Apr 29, 2024
Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]
Apr 28, 2024
Cerber ransomware strikes Linux. [Research Saturday]
Apr 27, 2024
Kaiser Permanente's privacy predicament.
Apr 26, 2024
Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]
Apr 26, 2024
The shadowy adversary in Cisco's crosshairs.
Apr 25, 2024
Iran's covert cyber operations exposed.
Apr 24, 2024
Visa crackdown against spyware swindlers.
Apr 23, 2024
Renewed surveillance sparks controversy.
Apr 22, 2024
Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]
Apr 21, 2024
Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]
Apr 21, 2024
The art of information gathering. [Research Saturday]
Apr 20, 2024
Swift responses to cyberattacks.
Apr 19, 2024
Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]
Apr 19, 2024
From phishing to felony.
Apr 18, 2024
The rebirth of Russia's cyber warfare.
Apr 17, 2024
Weathering the phishing front.
Apr 16, 2024
Hunting vulnerabilities.
Apr 15, 2024
AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]
Apr 15, 2024
Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]
Apr 14, 2024
AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]
Apr 14, 2024
Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]
Apr 13, 2024
Privacy, power, and the path forward.
Apr 12, 2024
Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]
Apr 12, 2024
Apple's worldwide warning on mercenary attacks.
Apr 11, 2024
From deadlock to debate on a revised Section 702 bill.
Apr 10, 2024
Unraveling a healthcare ransomware web.
Apr 09, 2024
A possible breakthrough in data privacy legislation.
Apr 08, 2024
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]
Apr 07, 2024
Leaking your AWS API keys, on purpose? [Research Saturday]
Apr 06, 2024
Deciphering the Acuity cybersecurity incident.
Apr 05, 2024
Securing secrets: The State Department's cyber hunt.
Apr 04, 2024
Biden administration brings down the hammer.
Apr 03, 2024
From lawsuit to logoff: Google's incognito mode makeover.
Apr 02, 2024
Unmasking the xzploitation.
Apr 01, 2024
Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Mar 31, 2024
The supply chain in disarray. [Research Saturday]
Mar 30, 2024
Pentagon’s cybersecurity roadmap.
Mar 29, 2024
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
Mar 29, 2024
A battle against malware.
Mar 28, 2024
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Mar 28, 2024
If there's something strange in your neighborhood, don't call Facebook.
Mar 27, 2024
Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]
Mar 27, 2024
The great firewall breached: China's covert cyber assault on America exposed.
Mar 26, 2024
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Mar 26, 2024
Python developers under attack.
Mar 25, 2024
Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Mar 24, 2024
HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]
Mar 23, 2024
When it rains, it pours.
Mar 22, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
Mar 22, 2024
Safeguarding American data from foreign hands.
Mar 21, 2024
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Mar 21, 2024
Biden's cyber splash in protecting the nation's water systems.
Mar 20, 2024
The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]
Mar 20, 2024
SIM swap scammer pleads guilty.
Mar 19, 2024
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
Mar 19, 2024
The hot pursuit of Volt Typhoon.
Mar 18, 2024
Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]
Mar 17, 2024
Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Mar 17, 2024
Inside SendGrid's phishy business. [Research Saturday]
Mar 16, 2024
Flight fiasco: UK Defence Minister's jet faces GPS jamming.
Mar 15, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
Mar 15, 2024
TikTok showdown: U.S. lawmakers target privacy and security.
Mar 14, 2024
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Mar 14, 2024
The usual suspects are up to their usual tricks.
Mar 13, 2024
Biden's budget boost for cybersecurity.
Mar 12, 2024
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Mar 12, 2024
CISA’s news trifecta.
Mar 11, 2024
Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Mar 10, 2024
Setting better cyber job expectations to attract and retain talent. [Special Edition]
Mar 10, 2024
Understanding the multi-tiered impact of ransomware. [Research Saturday]
Mar 09, 2024
From breach to battle: The escalating threat of Midnight Blizzard.
Mar 08, 2024
Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]
Mar 08, 2024
A secret scheme resulting in stolen secrets.
Mar 07, 2024
Encore: Dinah Davis: Building your network. [R&D] [Career Notes]
Mar 07, 2024
No cyber blues on Super Tuesday.
Mar 06, 2024
From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
Mar 05, 2024
Change Healthcare hackers cash in $22 million ransom.
Mar 05, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]
Mar 05, 2024
Cyberattack causes a code red on US healthcare.
Mar 04, 2024
Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Mar 03, 2024
The return of a malware menace. [Research Saturday]
Mar 02, 2024
WhatsApp's legal triumph cracks the spyware vault.
Mar 01, 2024
Iran's cyber quest in Middle Eastern aerospace.
Feb 29, 2024
Protecting American data.
Feb 28, 2024
Out with the old, in with the new.
Feb 27, 2024
LockBit reloaded: Unveiling the next chapter in cybercrime.
Feb 26, 2024
Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]
Feb 25, 2024
Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]
Feb 24, 2024
Crackdown on privacy leads to a multi-million dollar fine.
Feb 23, 2024
AT&T outage leaves major cities offline.
Feb 22, 2024
Anchoring security for US ports.
Feb 21, 2024
The reign of digital terror ends.
Feb 20, 2024
AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]
Feb 19, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
Feb 19, 2024
Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]
Feb 18, 2024
Hackers come hopping back. [Research Saturday]
Feb 17, 2024
FBI initiates router revolution.
Feb 16, 2024
An AI arms race.
Feb 15, 2024
It’s always DNS, but that may just be FUD.
Feb 14, 2024
Phishing threats unleashed.
Feb 13, 2024
DOJ strikes justice.
Feb 12, 2024
Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]
Feb 11, 2024
Ransomware is coming. [Research Saturday]
Feb 10, 2024
Imitation game: LastPass vs LassPass.
Feb 09, 2024
Volt Typhoon’s stealthy threat to US critical infrastructure.
Feb 08, 2024
Taking a bite out of Apple.
Feb 07, 2024
Cracking down on spyware.
Feb 06, 2024
A serious breach showdown.
Feb 05, 2024
Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]
Feb 04, 2024
Weathering the internet storm. [Research Saturday]
Feb 03, 2024
A digital leaker gets 40 years behind bars.
Feb 02, 2024
Defending America against China's ominous onslaught.
Feb 01, 2024
VPN compromise causes concerns.
Jan 31, 2024
A Typhoon counter.
Jan 30, 2024
Seeking dismissal of SEC allegations.
Jan 29, 2024
Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]
Jan 28, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
Jan 28, 2024
Hooked on pirated macOS applications. [Research Saturday]
Jan 27, 2024
A new purchase is cause for a call out.
Jan 26, 2024
Another day, another Blizzard attack.
Jan 25, 2024
The fight against exploiting Americans.
Jan 24, 2024
The mother of all data breaches.
Jan 23, 2024
Midnight Blizzard brings the storm.
Jan 22, 2024
Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]
Jan 21, 2024
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Jan 21, 2024
A firewall wake up call. [Research Saturday]
Jan 20, 2024
New malware, new threats.
Jan 19, 2024
A credential dump hits the online underground.
Jan 18, 2024
Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]
Jan 18, 2024
Maximum severity vulnerability needs critical updates.
Jan 17, 2024
Vulnerabilities and security risks.
Jan 16, 2024
Putting a dent in the cybersecurity workforce gap. [Special Edition]
Jan 15, 2024
Encore: Examining the current state of security orchestration. [CyberWire-X]
Jan 15, 2024
Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]
Jan 14, 2024
Dual Russian cyber gangs hit 23 companies. [Research Saturday]
Jan 13, 2024
Casting a wider hiring net.
Jan 12, 2024
Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.
Jan 11, 2024
A pivotal global menace.
Jan 10, 2024
Swatting on the rise.
Jan 09, 2024
A conclusion on the xDedic Marketplace investigation.
Jan 08, 2024
Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]
Jan 07, 2024
Diving deep into Phobos ransomware. [Research Saturday]
Jan 06, 2024
Disruptions to the internet.
Jan 05, 2024
Russian hackers hide in Ukraine telecoms for months.
Jan 04, 2024
A digital disappearance in Utah.
Jan 03, 2024
Apple's clickless exploit.
Jan 02, 2024
Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]
Jan 01, 2024
Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]
Dec 31, 2023
Encore: What malicious campaign is lurking under the surface? [Research Saturday]
Dec 30, 2023
T-Minus Overview- Space Cybersecurity. [t-minus]
Dec 29, 2023
Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]
Dec 28, 2023
Encore: Active visibility into OT systems. [Control Loop]
Dec 27, 2023
NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]
Dec 27, 2023
Artificial Intelligence: Insights & Oddities [8th Layer Insights]
Dec 26, 2023
“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]
Dec 26, 2023
Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]
Dec 25, 2023
The CyberWire: The 12 Days of Malware. [Special Edition]
Dec 23, 2023
Sentenced to hospital detention.
Dec 22, 2023
Kingdom come, kingdom fall.
Dec 21, 2023
Leading the charge in cybercrime take downs.
Dec 20, 2023
A dark web take down.
Dec 19, 2023
14 million customers and stolen data.
Dec 18, 2023
Oren Koren: Crossing music and cybersecurity. [Career Notes]
Dec 17, 2023
Shedding light on fighting Ursa. [Research Saturday]
Dec 16, 2023
Remapping privacy.
Dec 15, 2023
Taking down the storm.
Dec 14, 2023
The United Kingdom's catastrophic ransomware attack.
Dec 13, 2023
An internet blackout.
Dec 12, 2023
China sets sights on US critical infrastructure.
Dec 11, 2023
Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]
Dec 10, 2023
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
Dec 09, 2023
On the hunt for popping up kernel drives. [Research Saturday]
Dec 09, 2023
Russia here, Russia there, Russia everywhere.
Dec 08, 2023
New vulnerability packs a punch.
Dec 07, 2023
Push notifications pushing surveillance.
Dec 06, 2023
Sleeper malware denied at Sellafield nuclear site.
Dec 05, 2023
Iran behind attacks on PLCs.
Dec 04, 2023
Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]
Dec 03, 2023
Exploits and vulnerabilities. [Research Saturday]
Dec 02, 2023
Wyden blocks the senate vote.
Dec 01, 2023
Widespread exploitation of severe vulnerability in ownCloud.
Nov 30, 2023
Major crackdown on international cybersecurity.
Nov 29, 2023
Hospitals on the hotplate after ransomware attacks.
Nov 28, 2023
Hacktivists assemble to attack Pennsylvania water utility.
Nov 27, 2023
Chris Hare: Find just three people. [Development] [Career Notes]
Nov 26, 2023
Encore: Another infection with new malware. [Research Saturday]
Nov 25, 2023
Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]
Nov 24, 2023
Cops in the catfish game. [Hacking Humans Goes to the Movies]
Nov 23, 2023
On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.
Nov 22, 2023
Threat actors with mixed motives: from the political to the financial.
Nov 21, 2023
Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.
Nov 20, 2023
Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]
Nov 19, 2023
Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
Nov 19, 2023
The malicious YoroTrooper in disguise. [Research Saturday]
Nov 18, 2023
AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
Nov 18, 2023
Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.
Nov 17, 2023
Shopping during wartime? Focus, people.
Nov 16, 2023
Examining the current state of security orchestration. [CyberWire-X]
Nov 16, 2023
A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.
Nov 15, 2023
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
Nov 14, 2023
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
Nov 13, 2023
Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]
Nov 12, 2023
CSO Perspectives Bonus: Veterans Day special.
Nov 10, 2023
Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.
Nov 09, 2023
No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.
Nov 08, 2023
Cybercriminals at the service of the state, and an array of new underworld tools.
Nov 07, 2023
Precautions, preparations, and resilience against cybercrime and hacktivism.
Nov 06, 2023
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]
Nov 05, 2023
Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
Nov 05, 2023
Sandman doesn't slow malware down. [Research Saturday]
Nov 04, 2023
In the offense-defense see-saw, the defense seems to be rising.
Nov 03, 2023
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Nov 02, 2023
Hacktivism in two hybrid wars (with an excursus on gastropods).
Nov 01, 2023
What would it take to get you kids into a nice, late-model malware mealkit?
Oct 31, 2023
Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)
Oct 30, 2023
The Malware Mash! [Bonus]
Oct 30, 2023
Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
Oct 29, 2023
No rest for the wicked HiatusRAT. [Research Saturday]
Oct 28, 2023
Social engineering as a blunt instrument–almost like swatting without the middleman.
Oct 27, 2023
Some intelligence services understand the value of being underestimated.
Oct 26, 2023
AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.
Oct 25, 2023
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
Oct 24, 2023
How people get over on the content moderators.
Oct 23, 2023
Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]
Oct 22, 2023
AMBERSQUID hides in the depths. [Research Saturday]
Oct 21, 2023
Disinformation and its often overlooked potential for denial-of-services.
Oct 20, 2023
Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.
Oct 19, 2023
Hacktivist discipline is inversely correlated with sincerity of commitment.
Oct 18, 2023
Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.
Oct 17, 2023
Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.
Oct 16, 2023
Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
Oct 15, 2023
Unwanted guests harvest your information. [Research Saturday]
Oct 14, 2023
Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.
Oct 13, 2023
Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.
Oct 12, 2023
Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.
Oct 11, 2023
The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.
Oct 10, 2023
Solution spotlight: Paths to cybersecurity. [Interview Select]
Oct 09, 2023
Susie Squier: You're never alone. [President] [Career Notes]
Oct 08, 2023
Targets from DuckTail. [Research Saturday]
Oct 07, 2023
Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.
Oct 06, 2023
Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Oct 05, 2023
A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.
Oct 04, 2023
Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
Oct 03, 2023
Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
Oct 02, 2023
Ted Wagner: Get that hands on experience. [CISO] [Career Notes]
Oct 01, 2023
Downloading cracked software. [Research Saturday]
Sep 30, 2023
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
Sep 29, 2023
Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
Sep 28, 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
Sep 27, 2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
Sep 26, 2023
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.
Sep 25, 2023
Threat intelligence discussion with Chris Krebs. [Special Edition]
Sep 25, 2023
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
Sep 24, 2023
Behind the Google shopping ad masks. [Research Saturday]
Sep 23, 2023
Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
Sep 22, 2023
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
Sep 21, 2023
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
Sep 20, 2023
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
Sep 19, 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Sep 18, 2023
Karl Mattson: Defer gratification. (CISO) [Career Notes]
Sep 17, 2023
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
Sep 16, 2023
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
Sep 15, 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
Sep 14, 2023
How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
Sep 13, 2023
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”
Sep 12, 2023
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
Sep 11, 2023
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
Sep 10, 2023
No honor in being a criminal. [Research Saturday]
Sep 09, 2023
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.
Sep 08, 2023
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
Sep 07, 2023
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
Sep 06, 2023
In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
Sep 05, 2023
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
Sep 04, 2023
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
Sep 03, 2023
Thwarting Muddled Libra. [Research Saturday]
Sep 02, 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
Sep 01, 2023
GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
Aug 31, 2023
An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
Aug 30, 2023
A joint advisory on post-quantum readiness. [Special Edition]
Aug 30, 2023
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.
Aug 29, 2023
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
Aug 28, 2023
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
Aug 27, 2023
Google's not being ghosted from vulnerabilities. [Research Saturday]
Aug 26, 2023
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.
Aug 25, 2023
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.
Aug 24, 2023
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
Aug 23, 2023
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
Aug 22, 2023
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
Aug 21, 2023
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
Aug 20, 2023
Politicians targeted by RomCom. [Research Saturday]
Aug 19, 2023
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
Aug 18, 2023
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
Aug 17, 2023
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
Aug 16, 2023
Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.
Aug 15, 2023
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
Aug 14, 2023
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
Aug 13, 2023
It's raining credentials. [Research Saturday]
Aug 12, 2023
Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.
Aug 11, 2023
A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
Aug 10, 2023
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
Aug 09, 2023
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.
Aug 08, 2023
Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.
Aug 07, 2023
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Aug 06, 2023
Who is that stealing my credentials? [Research Saturday]
Aug 05, 2023
2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.
Aug 04, 2023
Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
Aug 03, 2023
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
Aug 02, 2023
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
Aug 01, 2023
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.
Jul 31, 2023
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
Jul 30, 2023
Phishing for leeches. [Research Saturday]
Jul 29, 2023
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.
Jul 28, 2023
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
Jul 27, 2023
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
Jul 26, 2023
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
Jul 25, 2023
DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
Jul 24, 2023
Don Welch: Being a good leader. [CIO] [Career Notes]
Jul 23, 2023
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
Jul 23, 2023
Welcome to New York, it's been waitin' for you. [Research Saturday]
Jul 22, 2023
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
Jul 21, 2023
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
Jul 20, 2023
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
Jul 19, 2023
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
Jul 18, 2023
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
Jul 17, 2023
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
Jul 16, 2023
SCARLETEEL zaps back again. [Research Saturday]
Jul 15, 2023
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
Jul 14, 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
Jul 13, 2023
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
Jul 12, 2023
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
Jul 11, 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
Jul 10, 2023
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
Jul 09, 2023
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Jul 09, 2023
Creating PANDA-monium. [Research Saturday]
Jul 08, 2023
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
Jul 07, 2023
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
Jul 06, 2023
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
Jul 05, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Jul 04, 2023
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
Jul 03, 2023
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Jul 02, 2023
The power behind artificial intelligence. [Research Saturday]
Jul 01, 2023
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.
Jun 30, 2023
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.
Jun 29, 2023
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
Jun 28, 2023
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
Jun 27, 2023
Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.
Jun 26, 2023
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
Jun 25, 2023
Unleashing the crypto gold rush. [Research Saturday]
Jun 24, 2023
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
Jun 23, 2023
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
Jun 22, 2023
A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
Jun 21, 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
Jun 20, 2023
Lorna Mahlock: Build bridges. [Combat support] [Career Notes]
Jun 18, 2023
Managing machine learning risks. [Research Saturday]
Jun 17, 2023
The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
Jun 16, 2023
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
Jun 15, 2023
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
Jun 15, 2023
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.
Jun 14, 2023
CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.
Jun 13, 2023
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.
Jun 12, 2023
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
Jun 11, 2023
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
Jun 10, 2023
“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
Jun 09, 2023
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
Jun 09, 2023
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
Jun 08, 2023
PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
Jun 07, 2023
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
Jun 06, 2023
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
Jun 05, 2023
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
Jun 04, 2023
Lancefly screams bloody Merdoor.
Jun 03, 2023
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
Jun 02, 2023
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
Jun 01, 2023
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
May 31, 2023
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
May 30, 2023
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
May 28, 2023
8 GoAnywhere MFT breaches and counting. [Research Saturday]
May 27, 2023
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
May 26, 2023
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
May 25, 2023
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
May 25, 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
May 24, 2023
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
May 23, 2023
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
May 22, 2023
Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]
May 22, 2023
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
May 21, 2023
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
May 20, 2023
Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.
May 19, 2023
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
May 18, 2023
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]
May 18, 2023
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.
May 17, 2023
What is data centric security and why should anyone care? [CyberWire-X]
May 17, 2023
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
May 16, 2023
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
May 15, 2023
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
May 14, 2023
Running away from operation Tainted Love. [Research Saturday]
May 13, 2023
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
May 12, 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
May 12, 2023
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
May 11, 2023
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
May 11, 2023
Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.
May 10, 2023
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
May 09, 2023
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
May 08, 2023
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
May 07, 2023
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
May 06, 2023
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
May 05, 2023
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
May 04, 2023
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
May 03, 2023
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
May 02, 2023
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
May 01, 2023
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Apr 30, 2023
HinataBot focuses on DDoS attack. [Research Saturday]
Apr 29, 2023
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
Apr 28, 2023
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
Apr 27, 2023
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
Apr 26, 2023
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.
Apr 25, 2023
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
Apr 24, 2023
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
Apr 23, 2023
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
Apr 23, 2023
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Apr 22, 2023
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
Apr 21, 2023
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
Apr 20, 2023
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
Apr 20, 2023
Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”
Apr 19, 2023
A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]
Apr 19, 2023
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.
Apr 18, 2023
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
Apr 17, 2023
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Apr 16, 2023
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
Apr 15, 2023
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
Apr 14, 2023
Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
Apr 13, 2023
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.
Apr 12, 2023
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
Apr 11, 2023
A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
Apr 10, 2023
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
Apr 09, 2023
A dark side to LLMs. [Research Saturday]
Apr 08, 2023
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
Apr 07, 2023
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
Apr 06, 2023
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.
Apr 05, 2023
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
Apr 04, 2023
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
Apr 03, 2023
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
Apr 02, 2023
Blackfly flies back again. [Research Saturday]
Apr 01, 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
Mar 31, 2023
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.
Mar 30, 2023
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
Mar 29, 2023
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
Mar 28, 2023
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
Mar 27, 2023
An introduction to the National Cryptologic Museum. [Special Edition]
Mar 27, 2023
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Mar 26, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Mar 26, 2023
Popunders are not the good kind of ads. [Research Saturday]
Mar 25, 2023
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
Mar 24, 2023
Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
Mar 23, 2023
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
Mar 22, 2023
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
Mar 21, 2023
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
Mar 20, 2023
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
Mar 19, 2023
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
Mar 18, 2023
ChatGPT grants malicious wishes? [Research Saturday]
Mar 18, 2023
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
Mar 17, 2023
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
Mar 16, 2023
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
Mar 16, 2023
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
Mar 15, 2023
Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
Mar 14, 2023
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
Mar 13, 2023
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
Mar 12, 2023
Files stolen from a sneaky SymStealer. [Research Saturday]
Mar 11, 2023
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
Mar 10, 2023
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
Mar 09, 2023
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.
Mar 08, 2023
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
Mar 07, 2023
That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.
Mar 06, 2023
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
Mar 05, 2023
New exploits are tricking Chrome. [Research Saturday]
Mar 04, 2023
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
Mar 03, 2023
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
Mar 03, 2023
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
Mar 03, 2023
CyberWire commentary: Ukraine one year on. [Special Edition]
Mar 03, 2023
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
Mar 02, 2023
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
Mar 01, 2023
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
Feb 28, 2023
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
Feb 27, 2023
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
Feb 26, 2023
The next hot AI scam. [Research Saturday]
Feb 25, 2023
A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
Feb 24, 2023
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
Feb 23, 2023
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
Feb 22, 2023
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
Feb 21, 2023
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
Feb 20, 2023
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
Feb 19, 2023
Implementing and achieving security resilience. [Research Saturday]
Feb 18, 2023
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
Feb 17, 2023
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
Feb 16, 2023
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.
Feb 15, 2023
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.
Feb 14, 2023
Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
Feb 13, 2023
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
Feb 12, 2023
Knocking down the legs of the industrial security triad. [Research Saturday]
Feb 11, 2023
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)
Feb 10, 2023
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
Feb 10, 2023
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
Feb 09, 2023
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]
Feb 09, 2023
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
Feb 08, 2023
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
Feb 07, 2023
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
Feb 06, 2023
Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]
Feb 05, 2023
“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]
Feb 05, 2023
Can ransomware turn machines against us? [Research Saturday]
Feb 04, 2023
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
Feb 03, 2023
Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
Feb 02, 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Feb 01, 2023
The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.
Jan 31, 2023
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Jan 30, 2023
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
Jan 29, 2023
Interview with the AI, part one. [Special Editions]
Jan 29, 2023
Flagging firmware vulnerabilities. [Research Saturday]
Jan 28, 2023
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
Jan 27, 2023
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
Jan 26, 2023
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]
Jan 26, 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
Jan 25, 2023
Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]
Jan 25, 2023
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
Jan 24, 2023
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
Jan 23, 2023
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
Jan 22, 2023
The power of web data in cybersecurity. [CyberWire-X]
Jan 22, 2023
Billbug infests government agencies. [Research Saturday]
Jan 21, 2023
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Jan 20, 2023
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
Jan 19, 2023
ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
Jan 18, 2023
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”
Jan 17, 2023
Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]
Jan 16, 2023
Gene Fay: Lead from the front. [CEO] [Career Notes]
Jan 15, 2023
DUCKTAIL waddles back again. [Research Saturday]
Jan 14, 2023
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
Jan 13, 2023
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
Jan 12, 2023
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
Jan 11, 2023
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
Jan 10, 2023
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
Jan 09, 2023
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Jan 08, 2023
Stealer malware from Russia. [Research Saturday]
Jan 07, 2023
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
Jan 06, 2023
PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
Jan 05, 2023
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
Jan 04, 2023
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
Jan 03, 2023
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
Jan 03, 2023
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
Jan 02, 2023
Encore: LemonDucks evading detection.
Dec 31, 2022
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
Dec 30, 2022
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Dec 29, 2022
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
Dec 28, 2022
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
Dec 27, 2022
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Dec 26, 2022
The CyberWire: The 12 Days of Malware.[Special Editions]
Dec 25, 2022
Encore: Vulnerabilities in IoT devices.
Dec 24, 2022
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.
Dec 23, 2022
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.
Dec 22, 2022
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
Dec 21, 2022
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.
Dec 20, 2022
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
Dec 19, 2022
Strategies to get the most out of your toolsets. [CyberWire-X]
Dec 18, 2022
Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]
Dec 18, 2022
Hijacking holiday spirit with phishing scams. [Research Saturday]
Dec 17, 2022
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
Dec 16, 2022
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
Dec 15, 2022
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
Dec 14, 2022
Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
Dec 13, 2022
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
Dec 12, 2022
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Dec 11, 2022
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
Dec 11, 2022
Cybersecurity during the World Cup. [Research Saturday]
Dec 10, 2022
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
Dec 09, 2022
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
Dec 08, 2022
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Dec 07, 2022
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
Dec 07, 2022
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.
Dec 06, 2022
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
Dec 05, 2022
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
Dec 04, 2022
Old malware returns in a new way. [Research Saturday]
Dec 03, 2022
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
Dec 02, 2022
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
Dec 01, 2022
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.
Nov 30, 2022
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
Nov 29, 2022
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”
Nov 28, 2022
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
Nov 27, 2022
Encore: The secrets behind Docker.
Nov 26, 2022
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
Nov 25, 2022
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
Nov 24, 2022
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
Nov 23, 2022
Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.
Nov 22, 2022
Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.
Nov 21, 2022
Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]
Nov 20, 2022
Another infection with new malware. [Research Saturday]
Nov 19, 2022
Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
Nov 18, 2022
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]
Nov 18, 2022
Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.
Nov 17, 2022
Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022
Nov 16, 2022
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]
Nov 16, 2022
An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
Nov 15, 2022
Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
Nov 14, 2022
Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]
Nov 13, 2022
An in-depth look on the Crytox ransomware family. [Research Saturday]
Nov 12, 2022
CSO Perspectives Bonus: Veterans Day special.
Nov 11, 2022
US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.
Nov 10, 2022
A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
Nov 09, 2022
Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Nov 08, 2022
Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
Nov 07, 2022
Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
Nov 06, 2022
Over-the-air 0-day vulnerabilities. [Research Saturday]
Nov 05, 2022
Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
Nov 04, 2022
“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
Nov 03, 2022
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
Nov 02, 2022
OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.
Nov 01, 2022
Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.
Oct 31, 2022
Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]
Oct 30, 2022
Bugs and working from home. [Research Saturday]
Oct 29, 2022
Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.
Oct 28, 2022
The Malware Mash! [Bonus]
Oct 28, 2022
CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.
Oct 27, 2022
Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
Oct 26, 2022
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.
Oct 25, 2022
US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.
Oct 24, 2022
CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]
Oct 24, 2022
Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]
Oct 23, 2022
New tools target governments in Middle East? [Research Saturday]
Oct 22, 2022
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.
Oct 21, 2022
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.
Oct 20, 2022
Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.
Oct 19, 2022
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.
Oct 18, 2022
Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.
Oct 17, 2022
Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]
Oct 16, 2022
Cyber confidence: Knowing what you have and where it is. [CyberWire-X]
Oct 16, 2022
Noberus ransomware: evolving tactics. [Research Saturday]
Oct 15, 2022
Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.
Oct 14, 2022
What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.
Oct 13, 2022
Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.
Oct 12, 2022
An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.
Oct 11, 2022
CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]
Oct 10, 2022
Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]
Oct 10, 2022
Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]
Oct 09, 2022
Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]
Oct 09, 2022
Google Drive used for malware? [Research Saturday]
Oct 08, 2022
A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.
Oct 07, 2022
CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.
Oct 07, 2022
Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.
Oct 06, 2022
Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.
Oct 05, 2022
CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
Oct 04, 2022
CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.
Oct 04, 2022
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Oct 03, 2022
Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]
Oct 02, 2022
The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]
Oct 02, 2022
Targeting your browser bookmarks? [Research Saturday]
Oct 01, 2022
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
Sep 30, 2022
Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
Sep 29, 2022
DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.
Sep 28, 2022
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.
Sep 27, 2022
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
Sep 26, 2022
Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
Sep 25, 2022
Keeping an eye on RDS vulnerabilities. [Research Saturday]
Sep 24, 2022
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
Sep 23, 2022
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
Sep 22, 2022
CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
Sep 22, 2022
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
Sep 22, 2022
A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
Sep 21, 2022
An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.
Sep 20, 2022
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.
Sep 19, 2022
Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]
Sep 18, 2022
An increase in bypassing bot management? [Research Saturday]
Sep 17, 2022
Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.
Sep 16, 2022
CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
Sep 15, 2022
Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
Sep 15, 2022
Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).
Sep 14, 2022
A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]
Sep 13, 2022
Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.
Sep 13, 2022
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.
Sep 12, 2022
Mark Logan: March towards your goals. [CEO] [Career Notes]
Sep 11, 2022
A CSO's 9/11 Story: CSO Perspectives Bonus.
Sep 11, 2022
Evilnum APT returns with new targets. [Research Saturday]
Sep 10, 2022
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
Sep 09, 2022
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.
Sep 08, 2022
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
Sep 07, 2022
CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]
Sep 06, 2022
Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.
Sep 06, 2022
New CISO responsibilities: supply chain. [CSO Perspectives]
Sep 05, 2022
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
Sep 04, 2022
LockBit's contradiction on encryption speed. [Research Saturday]
Sep 03, 2022
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
Sep 02, 2022
News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.
Sep 01, 2022
Securing multi-cloud identity with orchestration. [CyberWire-X]
Sep 01, 2022
Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.
Aug 31, 2022
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.
Aug 30, 2022
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
Aug 29, 2022
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
Aug 28, 2022
How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]
Aug 27, 2022
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.
Aug 26, 2022
Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.
Aug 25, 2022
Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.
Aug 24, 2022
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
Aug 23, 2022
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.
Aug 22, 2022
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
Aug 21, 2022
Clipminer: Making millions off of malware. [Research Saturday]
Aug 20, 2022
Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.
Aug 19, 2022
BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.
Aug 18, 2022
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
Aug 17, 2022
CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}
Aug 17, 2022
Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.
Aug 16, 2022
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
Aug 15, 2022
Christian Lees: it's not always textbook. [CTO] [Career Notes]
Aug 14, 2022
Red teamer's perspective on demotivating attackers. [CyberWire-X]
Aug 14, 2022
Fake job ads and how to spot them. [Research Saturday]
Aug 13, 2022
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.
Aug 12, 2022
CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}
Aug 11, 2022
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.
Aug 11, 2022
Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.
Aug 10, 2022
Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.
Aug 09, 2022
Cybersecurity is a team sport. [CyberWire-X]
Aug 09, 2022
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.
Aug 08, 2022
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
Aug 07, 2022
Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]
Aug 06, 2022
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.
Aug 05, 2022
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.
Aug 04, 2022
CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]
Aug 04, 2022
Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.
Aug 03, 2022
Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?
Aug 02, 2022
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.
Aug 01, 2022
Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]
Jul 31, 2022
What malicious campaign is lurking under the surface? [Research Saturday]
Jul 30, 2022
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.
Jul 29, 2022
SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.
Jul 28, 2022
The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.
Jul 27, 2022
LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.
Jul 26, 2022
The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.
Jul 25, 2022
The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]
Jul 24, 2022
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
Jul 24, 2022
Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
Jul 23, 2022
Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”
Jul 22, 2022
Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.
Jul 21, 2022
Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.
Jul 20, 2022
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
Jul 19, 2022
Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.
Jul 18, 2022
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
Jul 17, 2022
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]
Jul 17, 2022
A record breaking DDoS attack. [Research Saturday]
Jul 16, 2022
Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.
Jul 15, 2022
A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]
Jul 15, 2022
Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.
Jul 14, 2022
AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.
Jul 13, 2022
High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.
Jul 12, 2022
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.
Jul 11, 2022
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
Jul 10, 2022
Information operations during a war. [Research Saturday]
Jul 09, 2022
An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
Jul 08, 2022
Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.
Jul 07, 2022
CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]
Jul 06, 2022
Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.
Jul 06, 2022
Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.
Jul 05, 2022
Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]
Jul 04, 2022
Could REvil have a copycat? [Research Saturday]
Jul 02, 2022
Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.
Jul 01, 2022
CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]
Jun 30, 2022
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.
Jun 30, 2022
Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.
Jun 29, 2022
DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?
Jun 28, 2022
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.
Jun 27, 2022
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
Jun 26, 2022
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
Jun 25, 2022
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
Jun 24, 2022
CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]
Jun 24, 2022
Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.
Jun 23, 2022
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.
Jun 22, 2022
Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.
Jun 21, 2022
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
Jun 20, 2022
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
Jun 19, 2022
Dissecting the Spring4Shell vulnerability. [Research Saturday]
Jun 18, 2022
Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.
Jun 17, 2022
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
Jun 16, 2022
Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.
Jun 15, 2022
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.
Jun 14, 2022
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
Jun 13, 2022
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Jun 12, 2022
New developments in the WSL attack. [Research Saturday]
Jun 11, 2022
The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.
Jun 10, 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Jun 09, 2022
Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.
Jun 08, 2022
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]
Jun 08, 2022
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus
Jun 07, 2022
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."
Jun 06, 2022
Defining the intruder’s dilemma. [CyberWire-X]
Jun 05, 2022
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
Jun 05, 2022
LemonDucks evading detection. [Research Saturday]
Jun 04, 2022
Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.
Jun 03, 2022
Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.
Jun 02, 2022
CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]
Jun 01, 2022
Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!
Jun 01, 2022
Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.
May 31, 2022
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
May 29, 2022
Compromised military tech? [Research Saturday]
May 28, 2022
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
May 27, 2022
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
May 26, 2022
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
May 25, 2022
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
May 24, 2022
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.
May 23, 2022
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
May 22, 2022
AutoWarp bug leads to Automation headaches. [Research Saturday]
May 21, 2022
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
May 20, 2022
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]
May 20, 2022
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
May 19, 2022
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
May 19, 2022
Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
May 18, 2022
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]
May 17, 2022
Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
May 17, 2022
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
May 16, 2022
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
May 15, 2022
The current state of zero trust. [CyberWire-X]
May 15, 2022
Vulnerabilities in IoT devices. [Research Saturday]
May 14, 2022
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
May 13, 2022
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
May 12, 2022
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
May 12, 2022
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
May 11, 2022
Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.
May 10, 2022
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.
May 09, 2022
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
May 08, 2022
Attacking where vulnerable. [Research Saturday]
May 07, 2022
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).
May 06, 2022
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
May 05, 2022
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.
May 04, 2022
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
May 03, 2022
The future of security validation – what next? [CyberWire-X]
May 03, 2022
Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.
May 02, 2022
DevSecOps and securing the container. [CyberWire-X]
May 01, 2022
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
May 01, 2022
Attackers coming in from the Backdoor? [Research Saturday]
Apr 30, 2022
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
Apr 29, 2022
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.
Apr 28, 2022
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
Apr 27, 2022
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
Apr 26, 2022
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.
Apr 25, 2022
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
Apr 24, 2022
BABYSHARK is swimming again! [Research Saturday]
Apr 23, 2022
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.
Apr 22, 2022
Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
Apr 21, 2022
Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
Apr 20, 2022
In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
Apr 19, 2022
Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
Apr 18, 2022
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Apr 17, 2022
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
Apr 17, 2022
A fight to defend Taiwan financial institutions. [Research Saturday]
Apr 16, 2022
Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
Apr 15, 2022
A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
Apr 14, 2022
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
Apr 13, 2022
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
Apr 12, 2022
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
Apr 11, 2022
SolarWinds through a first principle lens. [CSO Perspectives]
Apr 11, 2022
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
Apr 10, 2022
The secrets behind Docker. [Research Saturday]
Apr 09, 2022
Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
Apr 08, 2022
Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
Apr 07, 2022
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
Apr 06, 2022
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
Apr 05, 2022
Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
Apr 04, 2022
Living security: the current state of XDR. [CyberWire-X]
Apr 03, 2022
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
Apr 03, 2022
A popular malware scheme and pay-per-install services. [Research Saturday]
Apr 02, 2022
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.
Apr 01, 2022
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
Mar 31, 2022
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
Mar 30, 2022
Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
Mar 29, 2022
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
Mar 28, 2022
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
Mar 26, 2022
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
Mar 25, 2022
Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.
Mar 24, 2022
Insider Risk Excellence Awards. [CyberWire-X]
Mar 24, 2022
British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
Mar 23, 2022
White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
Mar 22, 2022
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
Mar 21, 2022
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
Mar 20, 2022
Implications of data leaks of sensitive OT information. [Research Saturday]
Mar 19, 2022
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
Mar 18, 2022
Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
Mar 17, 2022
Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
Mar 16, 2022
Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
Mar 15, 2022
Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
Mar 14, 2022
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
Mar 13, 2022
The story of REvil: From origin to beyond. [Research Saturday]
Mar 12, 2022
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
Mar 11, 2022
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
Mar 10, 2022
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.
Mar 09, 2022
Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
Mar 08, 2022
Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
Mar 07, 2022
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
Mar 06, 2022
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
Mar 06, 2022
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
Mar 05, 2022
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.
Mar 04, 2022
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
Mar 03, 2022
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
Mar 02, 2022
Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
Mar 01, 2022
An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
Feb 28, 2022
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Feb 27, 2022
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
Feb 26, 2022
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
Feb 25, 2022
Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
Feb 24, 2022
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
Feb 23, 2022
Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.
Feb 22, 2022
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
Feb 21, 2022
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures
Feb 21, 2022
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Feb 20, 2022
What Log4Shell has taught us. [CyberWire-X]
Feb 20, 2022
Instagram hijacks all start with a phish. [Research Saturday]
Feb 19, 2022
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.
Feb 18, 2022
Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
Feb 17, 2022
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.
Feb 16, 2022
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.
Feb 15, 2022
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
Feb 14, 2022
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
Feb 13, 2022
SysJoker backdoor masquerades as benign updates. [Research Saturday]
Feb 12, 2022
Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.
Feb 11, 2022
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.
Feb 10, 2022
A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
Feb 09, 2022
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
Feb 08, 2022
Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
Feb 07, 2022
The persistent and patient nature of advanced threat actors. [Research Saturday]
Feb 05, 2022
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
Feb 04, 2022
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
Feb 03, 2022
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
Feb 02, 2022
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
Feb 01, 2022
The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
Jan 31, 2022
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Jan 30, 2022
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
Jan 30, 2022
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
Jan 29, 2022
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
Jan 28, 2022
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
Jan 27, 2022
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
Jan 26, 2022
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
Jan 25, 2022
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
Jan 24, 2022
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
Jan 23, 2022
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
Jan 22, 2022
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
Jan 22, 2022
Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
Jan 20, 2022
Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
Jan 19, 2022
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.
Jan 18, 2022
SOAR - a first principle idea. [CSO Perspectives}
Jan 17, 2022
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
Jan 16, 2022
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
Jan 15, 2022
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
Jan 14, 2022
A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.
Jan 13, 2022
The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.
Jan 12, 2022
Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.
Jan 11, 2022
CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.
Jan 10, 2022
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Jan 09, 2022
The rise of Karakurt Hacking Team.
Jan 08, 2022
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.
Jan 07, 2022
Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.
Jan 06, 2022
CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.
Jan 05, 2022
Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.
Jan 04, 2022
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.
Jan 03, 2022
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Jan 02, 2022
Cybersecurity predictions for 2022. [CyberWire-X]
Jan 02, 2022
Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]
Jan 01, 2022
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
Dec 31, 2021
CyberWire Pro Interview Selects: Sir David Omand.
Dec 30, 2021
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
Dec 29, 2021
CyberWire Pro Interview Selects: Bill Wright of Splunk.
Dec 28, 2021
CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.
Dec 27, 2021
Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Dec 26, 2021
The CyberWire: The 12 Days of Malware.
Dec 25, 2021
CyberWire Pro Research Briefing from 12/21/2021.
Dec 25, 2021
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
Dec 24, 2021
Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.
Dec 23, 2021
The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.
Dec 22, 2021
Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.
Dec 21, 2021
Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.
Dec 20, 2021
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
Dec 19, 2021
Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]
Dec 18, 2021
Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.
Dec 17, 2021
Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.
Dec 16, 2021
Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.
Dec 15, 2021
Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.
Dec 14, 2021
Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.
Dec 13, 2021
Hannah Kenney: Focused on people. [Risk] [Career Notes]
Dec 12, 2021
FIN7 repositioning focus into ransomware. [Research Saturday]
Dec 11, 2021
Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.
Dec 10, 2021
Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.
Dec 09, 2021
AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.
Dec 08, 2021
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?
Dec 07, 2021
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
Dec 06, 2021
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
Dec 05, 2021
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Dec 05, 2021
Getting in and getting out with SnapMC. [Research Saturday]
Dec 04, 2021
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
Dec 03, 2021
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
Dec 02, 2021
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.
Dec 01, 2021
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
Nov 30, 2021
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
Nov 29, 2021
Anisha Patel: Right along with them. [Program management] [Career Notes]
Nov 28, 2021
CyberWire Pro Research Briefing from 11/23/2021
Nov 27, 2021
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Nov 26, 2021
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Nov 25, 2021
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.  
Nov 24, 2021
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.
Nov 23, 2021
Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.
Nov 22, 2021
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
Nov 21, 2021
How ransomware impacts organizations. [CyberWire-X]
Nov 21, 2021
Using bidirectionality override characters to obscure code. [Research Saturday]
Nov 20, 2021
Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?
Nov 19, 2021
Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.
Nov 18, 2021
CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.
Nov 17, 2021
Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.
Nov 16, 2021
Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.
Nov 15, 2021
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Nov 14, 2021
The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]
Nov 14, 2021
A glimpse into TeamTNT. [Research Saturday]
Nov 13, 2021
Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.
Nov 12, 2021
Let's go to the movies. [Hacking Humans Goes to the Movies]
Nov 11, 2021
Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.
Nov 10, 2021
Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.
Nov 09, 2021
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.
Nov 08, 2021
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
Nov 07, 2021
An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]
Nov 06, 2021
$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.
Nov 05, 2021
Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.
Nov 04, 2021
Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.
Nov 03, 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Nov 02, 2021
Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).
Nov 01, 2021
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
Oct 31, 2021
Malware sometimes changes its behavior. [Research Saturday]
Oct 30, 2021
Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”
Oct 29, 2021
The Malware Mash!
Oct 29, 2021
Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.
Oct 28, 2021
Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.
Oct 27, 2021
Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.
Oct 26, 2021
SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.
Oct 25, 2021
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
Oct 24, 2021
When big ransomware goes away, where should affiliates go? [Research Saturday]
Oct 23, 2021
Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.
Oct 22, 2021
Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.
Oct 21, 2021
Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.
Oct 20, 2021
TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.
Oct 19, 2021
A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?
Oct 18, 2021
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
Oct 17, 2021
Groove Gang making a name for themselves. [Research Saturday]
Oct 16, 2021
CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.
Oct 15, 2021
Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.
Oct 14, 2021
Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.
Oct 13, 2021
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize
Oct 12, 2021
Extra: Let's talk about Facebook's research. [Caveat]
Oct 11, 2021
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
Oct 10, 2021
Taking a closer look at UNC1151. [Research Saturday]
Oct 09, 2021
Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.
Oct 08, 2021
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.
Oct 07, 2021
Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.
Oct 06, 2021
Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.
Oct 05, 2021
Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.
Oct 04, 2021
Cloud configuration security: Breaking the endless cycle. [CyberWire-X]
Oct 03, 2021
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Oct 03, 2021
IoT security and the need for randomness. [Research Saturday]
Oct 02, 2021
Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.
Oct 01, 2021
GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.
Sep 30, 2021
DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.
Sep 29, 2021
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.
Sep 28, 2021
The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.
Sep 27, 2021
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
Sep 26, 2021
Why it’s time for cybersecurity to go mainstream. [CyberWire-X]
Sep 26, 2021
Vulnerabilities in the public cloud. [Research Saturday]
Sep 25, 2021
Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?
Sep 24, 2021
Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.
Sep 23, 2021
Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.
Sep 22, 2021
BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.
Sep 21, 2021
Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.
Sep 20, 2021
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Sep 19, 2021
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
Sep 18, 2021
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.
Sep 17, 2021
A CSO's 9/11 Story: CSO Perspectives Bonus.
Sep 17, 2021
Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.
Sep 16, 2021
No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.
Sep 15, 2021
NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.
Sep 14, 2021
The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.
Sep 13, 2021
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
Sep 12, 2021
A Google Chrome update that just didn't feel right. [Research Saturday]
Sep 11, 2021
Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.
Sep 10, 2021
Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.
Sep 09, 2021
BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.
Sep 08, 2021
A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.
Sep 07, 2021
Security operations centers: a first principle idea. [CSO Perspectives]
Sep 06, 2021
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
Sep 05, 2021
Like a computer network but for physical objects. [Research Saturday]
Sep 04, 2021
Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.
Sep 03, 2021
LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.
Sep 02, 2021
A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.
Sep 01, 2021
Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airline’s data. CISA opens registration for the President’s Cup. Too much gaming, kids.
Aug 31, 2021
Data breaches and ransomware. Another gang says it’s retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?
Aug 30, 2021
Rich Hale: Understanding the data. [CTO] [Career Notes]
Aug 29, 2021
Joker malware family: not a joke for Google Play. [Research Saturday]
Aug 28, 2021
The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrite’s availability. Ragnarok ransomware says it’s going out of business.
Aug 27, 2021
A quick look back at yesterday’s White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.
Aug 26, 2021
Hacktivism in Belarus. The Taliban’s data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.
Aug 25, 2021
Apple CSAM: well-intentioned, slippery slope. [Caveat]
Aug 25, 2021
Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man
Aug 24, 2021
Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.
Aug 23, 2021
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Aug 22, 2021
From board advisor to board member: evolution of the modern CISO. [CyberWire-X]
Aug 22, 2021
Exploring vulnerabilities of off-the-shelf software. [Research Saturday]
Aug 21, 2021
Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?
Aug 20, 2021
T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.
Aug 19, 2021
Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.
Aug 18, 2021
Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.
Aug 17, 2021
Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?
Aug 16, 2021
Rick Howard: Give people resources. [CSO] [Career Notes]
Aug 15, 2021
You can add new features, just secure the old stuff first. [Research Saturday]
Aug 14, 2021
Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.
Aug 13, 2021
More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.
Aug 12, 2021
A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.
Aug 11, 2021
A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.
Aug 10, 2021
Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.
Aug 09, 2021
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Aug 08, 2021
SideCopy malware campaigns expand and evolve. [Research Saturday]
Aug 07, 2021
FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.
Aug 06, 2021
CISA’s new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naiveté about a gang’s reform, or optimism over signs the gang is worried?
Aug 05, 2021
Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDuck’s rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhou’s extradition.
Aug 04, 2021
Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.
Aug 03, 2021
SVR was reading the US Attorneys’ emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.
Aug 02, 2021
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Aug 01, 2021
Behavioral transparency – the patterns within. [CyberWire-X]
Aug 01, 2021
China's influence grows through Digital Silk Road Initiative. [Research Saturday]
Jul 31, 2021
Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.
Jul 30, 2021
Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.
Jul 29, 2021
US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.
Jul 28, 2021
South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?
Jul 27, 2021
The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.
Jul 26, 2021
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
Jul 25, 2021
Is enhanced hardware security the answer to ransomware? [CyberWire-X]
Jul 25, 2021
Free malware with cracked software. [Research Saturday]
Jul 24, 2021
Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.
Jul 23, 2021
Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.
Jul 22, 2021
Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.
Jul 21, 2021
APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.
Jul 20, 2021
Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Group’s Pegasus tool reported.
Jul 19, 2021
Peter Baumann: Adding value to data. [CEO] [Career Notes]
Jul 18, 2021
Enabling connectivity enables exposures. [Research Saturday]
Jul 17, 2021
DDoS at Russia’s MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendor’s activities are exposed. No signs of the US softening on Huawei bans.
Jul 16, 2021
Luminous Moth or Mustang Panda, it’s the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.
Jul 15, 2021
Patch notes. What’s happening with REvil remains unclear, but it would be rash to count the gang out.
Jul 14, 2021
SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.
Jul 13, 2021
Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.
Jul 12, 2021
Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]
Jul 11, 2021
APTs transitioning to the cloud. [CyberWire-X]
Jul 11, 2021
Dealing illicit goods on encrypted chat apps. [Research Saturday]
Jul 10, 2021
Kaseya continues to work through its REvil days, as does the US Administration. In other news, there’s cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.
Jul 09, 2021
Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvil’s victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.
Jul 08, 2021
Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.
Jul 07, 2021
The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.
Jul 06, 2021
Dwayne Price: Sharing information. [Project Management] [Career Notes]
Jul 04, 2021
Malware in pirated Windows installation files. [Research Saturday]
Jul 03, 2021
Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.
Jul 02, 2021
Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?
Jul 01, 2021
A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.
Jun 30, 2021
A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.
Jun 29, 2021
Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.
Jun 28, 2021
Introducing Security Unlocked: CISO Series with Bret Arsenault–Leading an Inclusive Workforce: Emma Smith, Vodafone
Jun 27, 2021
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Jun 27, 2021
Exhibiting advanced APT-like behavior. [Research Saturday]
Jun 26, 2021
REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.
Jun 25, 2021
Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?
Jun 24, 2021
Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.
Jun 23, 2021
Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.
Jun 22, 2021
South Korea’s nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.
Jun 21, 2021
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
Jun 20, 2021
Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]
Jun 19, 2021
Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.
Jun 18, 2021
The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.
Jun 17, 2021
Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.
Jun 16, 2021
Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.
Jun 15, 2021
Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?
Jun 14, 2021
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
Jun 13, 2021
Taking a look behind the Science of Security. [Research Saturday]
Jun 12, 2021
Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.
Jun 11, 2021
Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBI’s partial recovery of DarkSide’s ransom take.
Jun 10, 2021
Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATO’s Article 5 in cyberspace. Patch Tuesday notes.
Jun 09, 2021
FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.
Jun 08, 2021
Dark Side’s way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.
Jun 07, 2021
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
Jun 06, 2021
Bad building blocks: a new and unusual phishing campaign. [Research Saturday]
Jun 05, 2021
Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.
Jun 04, 2021
FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.
Jun 03, 2021
The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobelium’s USAID impersonation campaign. Siemens addresses PLC vulnerabilities.
Jun 02, 2021
Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.
Jun 01, 2021
Zero trust: a change in mindset. [Special Editions]
May 31, 2021
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
May 30, 2021
Big data, big payoff for China's cybercrime underground. [Research Saturday]
May 29, 2021
A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.
May 28, 2021
Impersonation campaign targets China’s Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.
May 27, 2021
Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.
May 26, 2021
CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.
May 25, 2021
Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.
May 24, 2021
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
May 23, 2021
Leveraging COVID-19 themes for malicious purposes. [Research Saturday]
May 22, 2021
DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.
May 21, 2021
DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.
May 20, 2021
Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.
May 19, 2021
WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.
May 18, 2021
Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.
May 17, 2021
Zeroing in on zero trust. [CyberWire-X]
May 16, 2021
Dominique West: Security found me. [Strategy] [Career Notes]
May 16, 2021
Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]
May 15, 2021
Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
May 14, 2021
The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.
May 13, 2021
The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.
May 12, 2021
Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.
May 11, 2021
Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.
May 10, 2021
Street cred: increasing trust in passwordless authentication. [CyberWire-X]
May 09, 2021
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
May 09, 2021
SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]
May 08, 2021
CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.
May 07, 2021
Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.
May 06, 2021
DDoS interrupts Belgium’s parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).
May 05, 2021
VPN vulnerability exploited for cyberespionage closed. “IT security incident” at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.
May 04, 2021
Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.
May 03, 2021
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
May 02, 2021
A snapshot of the ransomware threat landscape. [Research Saturday}
May 01, 2021
Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.
Apr 30, 2021
Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSA’s advice on OT security.
Apr 29, 2021
More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.
Apr 28, 2021
The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.
Apr 27, 2021
Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.
Apr 26, 2021
Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Apr 25, 2021
Channeling the data avalanche. [CyberWire-X]
Apr 25, 2021
Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]
Apr 24, 2021
Three ransomware gangs up their game. The US Postal Inspection Service’s “Internet Covert Operations Program.” GCHQ warns of dependence on Chinese tech. Undersea cable security.
Apr 23, 2021
VPN users remediate systems. New Supernova infection. Cryptojacking botnet afflicts vulnerable Exchange Servers. Facebook takes down spyware groups. Ransomware. Cellebrite bug found.
Apr 22, 2021
SonicWall, Pulse Secure products under exploitation (mitigations are available). Power grid security. Cyber conflict in the Near Abroad. ISIS worries about Bitcoin. Bad passwords.
Apr 21, 2021
Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.
Apr 20, 2021
Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.
Apr 19, 2021
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
Apr 18, 2021
Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]
Apr 17, 2021
International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
Apr 16, 2021
Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
Apr 15, 2021
The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.
Apr 14, 2021
Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.
Apr 13, 2021
Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.
Apr 12, 2021
Debra Danielson: Be fearless. [CTO] [Career Notes]
Apr 11, 2021
Strategic titles point to something more than a commodity campaign. [Research Saturday]
Apr 10, 2021
A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.
Apr 09, 2021
Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.
Apr 08, 2021
A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.
Apr 07, 2021
Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.
Apr 06, 2021
An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.
Apr 05, 2021
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
Apr 04, 2021
Ezuri: Regenerating a different kind of target. [Research Saturday]
Apr 03, 2021
Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.
Apr 02, 2021
Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.
Apr 01, 2021
Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.
Mar 31, 2021
US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.
Mar 30, 2021
Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.
Mar 29, 2021
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
Mar 28, 2021
How are we doing in the industrial sector? [Research Saturday]
Mar 27, 2021
Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.
Mar 26, 2021
Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.
Mar 25, 2021
Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?
Mar 24, 2021
Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail
Mar 24, 2021
Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.
Mar 23, 2021
Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.
Mar 22, 2021
Kevin Magee: Focus on the archer. (CSO) [Career Notes]
Mar 21, 2021
BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]
Mar 20, 2021
Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.
Mar 19, 2021
Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.
Mar 18, 2021
US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.
Mar 17, 2021
Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).
Mar 16, 2021
Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.
Mar 15, 2021
SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]
Mar 14, 2021
Dinah Davis: Building your network. [R&D] [Career Notes]
Mar 14, 2021
Keeping data confidential with fully homomorphic encryption. [Research Saturday]
Mar 13, 2021
Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.
Mar 12, 2021
More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.
Mar 11, 2021
Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.
Mar 10, 2021
Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.
Mar 09, 2021
Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).
Mar 08, 2021
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
Mar 07, 2021
Diving deep into North Korea's APT37 tool kit. [Research Saturday]
Mar 06, 2021
SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.
Mar 05, 2021
Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.
Mar 04, 2021
RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
Mar 03, 2021
India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
Mar 02, 2021
“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.
Mar 01, 2021
Aarti Borkar: Make your own choices. [Product} [Career Notes]
Feb 28, 2021
Shining a light on China's cyber underground. [Research Saturday]
Feb 27, 2021
Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.
Feb 26, 2021
PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.
Feb 25, 2021
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
Feb 24, 2021
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
Feb 23, 2021
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
Feb 22, 2021
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
Feb 21, 2021
Attackers (ab)using Google Chrome. [Research Saturday]
Feb 20, 2021
Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.
Feb 19, 2021
The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.
Feb 18, 2021
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.
Feb 17, 2021
France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE
Feb 16, 2021
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
Feb 16, 2021
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Feb 14, 2021
Using the human body as a wire-like communication channel. [Research Saturday]
Feb 13, 2021
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.
Feb 12, 2021
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
Feb 11, 2021
Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
Feb 10, 2021
Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.
Feb 09, 2021
A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?
Feb 08, 2021
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Feb 07, 2021
In the clear: what it's like working as a woman in the cleared community. [Special Edition]
Feb 07, 2021
"Follow the money" the cybersecurity way. [Research Saturday]
Feb 06, 2021
Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.
Feb 05, 2021
Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.
Feb 04, 2021
China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.
Feb 03, 2021
Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.
Feb 02, 2021
Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.
Feb 01, 2021
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Jan 31, 2021
Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]
Jan 31, 2021
The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]
Jan 30, 2021
Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.
Jan 29, 2021
Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.
Jan 28, 2021
Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.
Jan 27, 2021
Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?
Jan 26, 2021
The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.
Jan 25, 2021
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Jan 24, 2021
Trickbot may be down, but can we count it out? [Research Saturday]
Jan 23, 2021
Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
Jan 22, 2021
Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
Jan 21, 2021
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.
Jan 20, 2021
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
Jan 19, 2021
Encore: You will pay for that one way or another. [Caveat]
Jan 18, 2021
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Jan 17, 2021
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
Jan 16, 2021
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
Jan 15, 2021
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
Jan 14, 2021
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Jan 13, 2021
Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
Jan 12, 2021
More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.
Jan 11, 2021
Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
Jan 10, 2021
Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]
Jan 09, 2021
The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.
Jan 08, 2021
CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.
Jan 07, 2021
Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.
Jan 06, 2021
It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.
Jan 05, 2021
Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.
Jan 04, 2021
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Jan 03, 2021
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
Jan 02, 2021
Andy Greenberg on the Sandworm Indictments. [Interview Selects]
Jan 01, 2021
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]
Dec 27, 2020
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
Dec 26, 2020
Encore: Separating fools from money. [Hacking Humans]
Dec 25, 2020
Encore: Technology that allows cops to track your phone. [Caveat]
Dec 24, 2020
Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.
Dec 23, 2020
Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.
Dec 22, 2020
Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.
Dec 21, 2020
Robert Lee: Keeping the lights on. [ICS] [Word Notes]
Dec 20, 2020
Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]
Dec 19, 2020
Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.
Dec 18, 2020
The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.
Dec 17, 2020
SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
Dec 16, 2020
SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.
Dec 15, 2020
A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.
Dec 14, 2020
Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]
Dec 14, 2020
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]
Dec 13, 2020
Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]
Dec 12, 2020
OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.
Dec 11, 2020
Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.
Dec 10, 2020
Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.
Dec 09, 2020
IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.
Dec 08, 2020
NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.
Dec 07, 2020
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Dec 06, 2020
SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]
Dec 05, 2020
2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.
Dec 04, 2020
Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?
Dec 03, 2020
The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.
Dec 02, 2020
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.
Dec 01, 2020
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.
Nov 30, 2020
Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Nov 29, 2020
Encore: Using global events as lures for malicious activity.
Nov 28, 2020
Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.
Nov 25, 2020
Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.
Nov 24, 2020
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”
Nov 23, 2020
James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Nov 22, 2020
Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]
Nov 21, 2020
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.
Nov 20, 2020
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).
Nov 19, 2020
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.
Nov 18, 2020
Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.
Nov 17, 2020
Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.
Nov 16, 2020
Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Nov 15, 2020
That first CVE was a fun find, for sure. [Research Saturday]
Nov 14, 2020
CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
Nov 13, 2020
An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.
Nov 12, 2020
shadow IT (noun) [Word Notes]
Nov 11, 2020
remote access Trojan or RAT (noun) [Word Notes]
Nov 11, 2020
A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.
Nov 10, 2020
Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.
Nov 09, 2020
Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
Nov 08, 2020
PoetRAT: a complete lack of operational security. [Research Saturday]
Nov 07, 2020
IRGC domains taken down. A look at 2021’s threatscape. Russia says its didn’t do anything (others see Bears.) Forfeiture of Silk Road’s hitherto unaccounted for billion-plus dollars.
Nov 06, 2020
CISA’s happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.
Nov 05, 2020
US elections: CISA calls security success, but reminds all that it’s not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.
Nov 04, 2020
Election security updates from CISA. Maze says it’s out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.
Nov 03, 2020
Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.
Nov 02, 2020
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
Nov 01, 2020
Carole Theriault: Constantly learning new things. [Media] [Career Notes]
Nov 01, 2020
Leveraging for a bigger objective. [Research Saturday]
Oct 31, 2020
Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Don’t exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.
Oct 30, 2020
The Malware Mash!
Oct 30, 2020
Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.
Oct 29, 2020
Warnings about the DPRK’s Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.
Oct 28, 2020
Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.
Oct 27, 2020
Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.
Oct 26, 2020
Sal Aurigemma: How things work. [Education] [Career Notes]
Oct 25, 2020
Just saying there are attacks is not enough. [Research Saturday]
Oct 24, 2020
Energetic Bear’s battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.
Oct 23, 2020
Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the “blatant Russophobia,” TASS?
Oct 22, 2020
TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.
Oct 21, 2020
International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.
Oct 20, 2020
Influence operations and cyber probes of presidential campaigns. TrickBot’s recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.
Oct 19, 2020
Rosa Smothers: Secure the planet. [Career Notes]
Oct 18, 2020
Intentionally not drawing attention. [Research Saturday]
Oct 17, 2020
Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.
Oct 16, 2020
Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.
Oct 15, 2020
Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.
Oct 14, 2020
Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.
Oct 13, 2020
Rigging the game. [Caveat]
Oct 12, 2020
Geoff White: Suddenly all of the pieces start to line up. [Career Notes]
Oct 11, 2020
It's still possible to find ways to break out. [Research Saturday]
Oct 10, 2020
A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.
Oct 09, 2020
Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.
Oct 08, 2020
Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.
Oct 07, 2020
New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.
Oct 06, 2020
Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.
Oct 05, 2020
Diane M. Janosek: It's only together that we are going to rise. [Career Notes]
Oct 04, 2020
Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]
Oct 03, 2020
CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.
Oct 02, 2020
Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.
Oct 01, 2020
Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.
Sep 30, 2020
Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.
Sep 29, 2020
Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.
Sep 28, 2020
Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
Sep 27, 2020
What came first, the Golden Chickens or more_eggs? [Research Saturday]
Sep 26, 2020
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
Sep 25, 2020
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
Sep 24, 2020
Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.
Sep 23, 2020
Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.
Sep 22, 2020
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.
Sep 21, 2020
The cybersecurity paradox. [CyberWire-X]
Sep 20, 2020
Monica Ruiz: Moving ahead when not many look like you. [Career Notes]
Sep 20, 2020
Election 2020: What to expect when we are electing. [Research Saturday]
Sep 19, 2020
Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.
Sep 18, 2020
Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.
Sep 17, 2020
VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.
Sep 16, 2020
Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.
Sep 15, 2020
Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.
Sep 14, 2020
Ode to Wealthy Elite. [Shadowspeak]
Sep 14, 2020
Brandon Robinson: Built from the ground up. [Career Notes]
Sep 13, 2020
Leveraging legitimate tools. [Research Saturday]
Sep 12, 2020
Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.
Sep 11, 2020
Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.
Sep 10, 2020
Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.
Sep 09, 2020
Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?
Sep 08, 2020
Exploring the cultural values of personal privacy. [Caveat]
Sep 07, 2020
Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]
Sep 06, 2020
Going after the most valuable data. [Research Saturday]
Sep 05, 2020
Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.
Sep 04, 2020
Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.
Sep 03, 2020
Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.
Sep 02, 2020
The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.
Sep 01, 2020
DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.
Aug 31, 2020
Jack Rhysider: Get your experience points in everything. [Career Notes]
Aug 30, 2020
They fooled a lot of people. [Research Saturday]
Aug 29, 2020
Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.
Aug 28, 2020
Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.
Aug 27, 2020
New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?
Aug 26, 2020
The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.
Aug 25, 2020
Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.
Aug 24, 2020
Kiersten Todt: Problem solving and building solutions. [Career Notes]
Aug 23, 2020
Using global events as lures. [Research Saturday]
Aug 22, 2020
Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.
Aug 21, 2020
Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.
Aug 20, 2020
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.
Aug 19, 2020
Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.
Aug 18, 2020
North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.
Aug 17, 2020
Trying for a win, win, win game. [Career Notes]
Aug 16, 2020
The ABCs of cybersecurity for the education sector. [CyberWire-X]
Aug 16, 2020
Waiting for their victims. [Research Saturday]
Aug 15, 2020
Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).
Aug 14, 2020
This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.
Aug 13, 2020
Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?
Aug 12, 2020
Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
Aug 11, 2020
NMAP (noun) [Word Notes]
Aug 11, 2020
What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
Aug 10, 2020
The Green Goldfish and cyber threat intelligence. [Career Notes]
Aug 09, 2020
Like anything these days, you have to disinfect it first. [Research Saturday]
Aug 08, 2020
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
Aug 07, 2020
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
Aug 06, 2020
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
Aug 05, 2020
US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
Aug 04, 2020
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
Aug 03, 2020
Rely on your strengths in the areas of the unknown. [Career Notes]
Aug 02, 2020
Detecting Twitter bots in real time. [Research Saturday]
Aug 01, 2020
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
Jul 31, 2020
A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
Jul 30, 2020
Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.
Jul 29, 2020
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
Jul 28, 2020
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
Jul 27, 2020
No matter the statistic, even if against the odds, focus on what you want. [Career Notes]
Jul 26, 2020
It was only a matter of time. [Research Saturday]
Jul 25, 2020
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.
Jul 24, 2020
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
Jul 23, 2020
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
Jul 22, 2020
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
Jul 21, 2020
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
Jul 20, 2020
Have to be able to communicate to everybody. [Career Notes]
Jul 19, 2020
Every time we get smarter, the bad guy changes something. [Research Saturday]
Jul 18, 2020
High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.
Jul 17, 2020
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.
Jul 16, 2020
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
Jul 15, 2020
Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
Jul 14, 2020
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
Jul 13, 2020
Turn challenges into opportunities. [Career Notes]
Jul 12, 2020
Are you running what you think you're running? [Research Saturday]
Jul 11, 2020
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.
Jul 10, 2020
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
Jul 09, 2020
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
Jul 08, 2020
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
Jul 07, 2020
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
Jul 06, 2020
Solving hard problems and pursuing your passions. [Career Notes]
Jul 05, 2020
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
Jul 02, 2020
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
Jul 01, 2020
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
Jun 30, 2020
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
Jun 29, 2020
Get your foot in the door and prove your worth. [Career Notes]
Jun 28, 2020
Enter the RAT. [Research Saturday]
Jun 27, 2020
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
Jun 26, 2020
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
Jun 25, 2020
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
Jun 24, 2020
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
Jun 23, 2020
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
Jun 22, 2020
Superhero origin stories and lessons that last. [Career Notes]
Jun 21, 2020
Click here to update your webhook. [Research Saturday]
Jun 20, 2020
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
Jun 19, 2020
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
Jun 18, 2020
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
Jun 17, 2020
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
Jun 16, 2020
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
Jun 15, 2020
The mark of making a difference. [Career Notes]
Jun 14, 2020
The value of the why and the who. [Research Saturday]
Jun 13, 2020
Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
Jun 12, 2020
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
Jun 11, 2020
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
Jun 10, 2020
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
Jun 09, 2020
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
Jun 08, 2020
Ask more people to dance. [Career Notes]
Jun 07, 2020
Due diligence cannot be done as a one-off. [Research Saturday]
Jun 06, 2020
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.
Jun 05, 2020
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.
Jun 04, 2020
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
Jun 03, 2020
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
Jun 02, 2020
Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
Jun 01, 2020
Extending security tools to the at home workforce during the pandemic. [Research Saturday]
May 31, 2020
Twofold snooping venture. [Research Saturday]
May 30, 2020
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
May 29, 2020
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
May 28, 2020
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.
May 27, 2020
The evolution of malware, both criminal and state-run.
May 26, 2020
Naming and shaming is the worst thing we can do. [Research Saturday]
May 23, 2020
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...
May 22, 2020
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
May 21, 2020
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
May 20, 2020
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
May 19, 2020
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
May 18, 2020
Gangnam Industrial Style APT campaign targets South Korea. [Research Saturday]
May 16, 2020
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
May 15, 2020
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
May 14, 2020
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
May 13, 2020
Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
May 12, 2020
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
May 11, 2020
The U.S. campaign trail is actually quite secure. [Research Saturday]
May 09, 2020
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
May 08, 2020
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
May 07, 2020
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
May 06, 2020
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
May 05, 2020
A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
May 04, 2020
Fingerprint authentication is not completely secure. [Research Saturday]
May 02, 2020
China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
May 01, 2020
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
Apr 30, 2020
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
Apr 29, 2020
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
Apr 28, 2020
Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
Apr 27, 2020
Contact tracing as COVID-19 aid. [Research Saturday]
Apr 25, 2020
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
Apr 24, 2020
APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
Apr 23, 2020
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.
Apr 22, 2020
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
Apr 21, 2020
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
Apr 20, 2020
Complementary colors: teaming tactics in cybersecurity. [Research Saturday]
Apr 19, 2020
How low can they go? A spike in Coronavirus phishing. [Research Saturday]
Apr 18, 2020
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
Apr 17, 2020
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
Apr 16, 2020
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
Apr 15, 2020
The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.
Apr 14, 2020
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
Apr 13, 2020
Profiling an audacious Nigerian cybercriminal. [Research Saturday]
Apr 11, 2020
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
Apr 10, 2020
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.
Apr 09, 2020
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
Apr 08, 2020
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
Apr 07, 2020
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
Apr 06, 2020
A rough year ahead for ransomware attacks - and how to stop them. [Research Saturday]
Apr 04, 2020
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
Apr 03, 2020
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
Apr 02, 2020
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
Apr 01, 2020
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
Mar 31, 2020
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Mar 30, 2020
Hidden dangers inside Windows and LINUX computers. [Research Saturday]
Mar 28, 2020
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Mar 27, 2020
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
Mar 26, 2020
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
Mar 25, 2020
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
Mar 24, 2020
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.
Mar 23, 2020
The security implications of cloud infrastructure in IoT. [Research Saturday]
Mar 21, 2020
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.
Mar 20, 2020
EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
Mar 19, 2020
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.
Mar 18, 2020
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
Mar 17, 2020
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
Mar 16, 2020
TLS is here to stay. [Research Saturday]
Mar 14, 2020
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.
Mar 13, 2020
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
Mar 12, 2020
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.
Mar 11, 2020
Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
Mar 10, 2020
Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.
Mar 09, 2020
Overworked developers write vulnerable software. [Research Saturday]
Mar 07, 2020
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
Mar 06, 2020
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
Mar 05, 2020
Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
Mar 04, 2020
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.
Mar 03, 2020
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
Mar 02, 2020
Application tracking in Wacom tablets. [Research Saturday]
Feb 29, 2020
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
Feb 28, 2020
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
Feb 27, 2020
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.
Feb 26, 2020
Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.
Feb 25, 2020
Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.
Feb 24, 2020
New vulnerabilities in PC sound cards. [Research Saturday]
Feb 22, 2020
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
Feb 21, 2020
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.
Feb 20, 2020
Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
Feb 19, 2020
Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
Feb 18, 2020
If you can't detect it, you can't steal it. [Research Saturday]
Feb 15, 2020
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
Feb 14, 2020
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
Feb 13, 2020
Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
Feb 12, 2020
Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
Feb 11, 2020
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
Feb 10, 2020
The Chameleon attacks Online Social Networks. [Research Saturday]
Feb 08, 2020
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
Feb 07, 2020
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.
Feb 06, 2020
Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
Feb 05, 2020
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
Feb 04, 2020
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
Feb 03, 2020
Eric Haseltine on his book, "The Spy in Moscow Station." [Special Editions]
Feb 02, 2020
Tracking one of China's hidden hacking groups. [Research Saturday]
Feb 01, 2020
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T
Jan 31, 2020
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
Jan 30, 2020
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.
Jan 29, 2020
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
Jan 28, 2020
A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
Jan 27, 2020
Know Thine Enemy - Identifying North American Cyber Threats. [Research Saturday]
Jan 25, 2020
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
Jan 24, 2020
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
Jan 23, 2020
The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
Jan 22, 2020
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
Jan 21, 2020
Clever breaches demonstrate IoT security gaps. [Research Saturday]
Jan 18, 2020
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
Jan 17, 2020
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Jan 16, 2020
Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
Jan 15, 2020
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
Jan 14, 2020
Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
Jan 13, 2020
Profiling the Linken Sphere anti-detection browser. [Research Saturday]
Jan 11, 2020
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
Jan 10, 2020
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
Jan 09, 2020
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
Jan 08, 2020
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
Jan 07, 2020
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
Jan 06, 2020
Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.
Jan 03, 2020
A Jira vulnerability that’s leaking data in the public cloud. [Research Saturday]
Jan 02, 2020
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
Jan 02, 2020
Ron Gula and Mike Janke - VC pitfalls and how to avoid them. [Special Editions]
Dec 30, 2019
Inside Magecart and Genesis. [Research Saturday]
Dec 21, 2019
Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
Dec 20, 2019
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.
Dec 19, 2019
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
Dec 18, 2019
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
Dec 17, 2019
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Dec 16, 2019
Capturing the flag at NXTWORK 2019 [Special Editions]
Dec 15, 2019
WAV files carry malicious data payloads. [Research Saturday]
Dec 14, 2019
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
Dec 13, 2019
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
Dec 12, 2019
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
Dec 11, 2019
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
Dec 10, 2019
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
Dec 09, 2019
Targeting routers to hit gaming servers. [Research Saturday]
Dec 07, 2019
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
Dec 06, 2019
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
Dec 05, 2019
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
Dec 04, 2019
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
Dec 03, 2019
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
Dec 02, 2019
Peter W. Singer author of LikeWar [Special Editions]
Nov 30, 2019
John Maeda author of How to Speak Machine [Special Editions]
Nov 29, 2019
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
Nov 27, 2019
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
Nov 26, 2019
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
Nov 25, 2019
Mustang Panda leverages Windows shortcut files. [Research Saturday]
Nov 23, 2019
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
Nov 22, 2019
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
Nov 21, 2019
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
Nov 20, 2019
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
Nov 19, 2019
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Nov 18, 2019
Sodinokibi aka REvil connections to GandCrab. [Research Saturday]
Nov 16, 2019
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
Nov 15, 2019
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
Nov 14, 2019
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
Nov 13, 2019
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
Nov 12, 2019
Andy Greenberg from WIRED on his book "Sandworm." [Special Editions]
Nov 11, 2019
Monitoring the growing sophistication of PKPLUG. [Research Saturday]
Nov 09, 2019
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
Nov 08, 2019
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
Nov 07, 2019
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
Nov 06, 2019
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
Nov 05, 2019
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
Nov 04, 2019
Insider Threats [Special Editions]
Nov 03, 2019
Usable security is a delicate balance. [Research Saturday]
Nov 02, 2019
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
Nov 01, 2019
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
Oct 31, 2019
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
Oct 30, 2019
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
Oct 29, 2019
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
Oct 28, 2019
Masad Steals via Social Media. [Research Saturday]
Oct 26, 2019
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
Oct 25, 2019
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
Oct 24, 2019
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
Oct 23, 2019
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
Oct 22, 2019
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
Oct 21, 2019
Hoping for SOHO security. [Research Saturday]
Oct 19, 2019
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Oct 18, 2019
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
Oct 17, 2019
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
Oct 16, 2019
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
Oct 15, 2019
Decrypting ransomware for good. [Research Saturday]
Oct 12, 2019
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
Oct 11, 2019
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
Oct 10, 2019
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
Oct 09, 2019
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
Oct 08, 2019
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
Oct 07, 2019
The fuzzy boundaries of APT41. [Research Saturday]
Oct 05, 2019
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
Oct 04, 2019
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
Oct 03, 2019
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
Oct 02, 2019
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
Oct 01, 2019
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
Sep 30, 2019
Focusing on Autumn Aperture. [Research Saturday]
Sep 28, 2019
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
Sep 27, 2019
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
Sep 26, 2019
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
Sep 25, 2019
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
Sep 24, 2019
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
Sep 23, 2019
Leaky guest networks and covert channels. [Research Saturday]
Sep 21, 2019
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
Sep 20, 2019
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
Sep 19, 2019
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
Sep 18, 2019
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
Sep 17, 2019
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
Sep 16, 2019
Bluetooth blues: KNOB attack explained. [Research Saturday]
Sep 14, 2019
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
Sep 13, 2019
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
Sep 12, 2019
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
Sep 11, 2019
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
Sep 10, 2019
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
Sep 09, 2019
VOIP phone system harbors decade-old vulnerability. [Research Saturday]
Sep 07, 2019
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
Sep 06, 2019
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
Sep 05, 2019
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
Sep 04, 2019
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
Sep 03, 2019
Emotet's updated business model. [Research Saturday]
Aug 31, 2019
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
Aug 30, 2019
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
Aug 29, 2019
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
Aug 28, 2019
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
Aug 27, 2019
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
Aug 26, 2019
Gift card bots evolve and adapt. [Research Saturday]
Aug 24, 2019
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
Aug 23, 2019
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
Aug 22, 2019
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
Aug 21, 2019
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
Aug 20, 2019
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
Aug 19, 2019
Detecting dating profile fraud. [Research Saturday]
Aug 17, 2019
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
Aug 16, 2019
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
Aug 15, 2019
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
Aug 14, 2019
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
Aug 13, 2019
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
Aug 12, 2019
Unpacking the Malvertising Ecosystem. [Research Saturday]
Aug 10, 2019
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
Aug 09, 2019
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Aug 08, 2019
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
Aug 07, 2019
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Aug 06, 2019
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
Aug 05, 2019
Package manager repository malware detection. [Research Saturday]
Aug 03, 2019
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
Aug 02, 2019
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
Aug 01, 2019
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
Jul 31, 2019
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
Jul 30, 2019
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
Jul 29, 2019
Cult of the Dead Cow author Joseph Menn extended interview. [Special Editions]
Jul 28, 2019
Day to day app fraud in the Google Play store. [Research Saturday]
Jul 27, 2019
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
Jul 26, 2019
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
Jul 25, 2019
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
Jul 24, 2019
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
Jul 23, 2019
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
Jul 22, 2019
The Fifth Domain coauthor Richard A. Clarke. [Special Editions]
Jul 21, 2019
Nansh0u not your normal cryptominer. [Research Saturday]
Jul 20, 2019
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
Jul 19, 2019
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
Jul 18, 2019
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
Jul 17, 2019
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
Jul 16, 2019
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
Jul 15, 2019
Opportunistic botnets round up vulnerable routers. [Research Saturday]
Jul 13, 2019
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
Jul 12, 2019
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
Jul 11, 2019
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
Jul 10, 2019
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
Jul 09, 2019
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
Jul 08, 2019
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.
Jul 03, 2019
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
Jul 02, 2019
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
Jul 01, 2019
Giving everyone a stake in the success of Open Source implementation. [Research Saturday]
Jun 29, 2019
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”
Jun 28, 2019
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
Jun 27, 2019
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
Jun 26, 2019
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.
Jun 25, 2019
Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.
Jun 24, 2019
Middleboxes may be meddling with TLS connections. [Research Saturday]
Jun 22, 2019
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
Jun 21, 2019
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
Jun 20, 2019
BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
Jun 19, 2019
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
Jun 18, 2019
Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
Jun 17, 2019
Apps on third-party Android store carry unwelcome code. [Research Saturday]
Jun 15, 2019
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
Jun 14, 2019
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.
Jun 13, 2019
Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
Jun 12, 2019
Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
Jun 11, 2019
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
Jun 10, 2019
Xwo scans for default credentials and exposed web services. [Research Saturday]
Jun 08, 2019
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.
Jun 07, 2019
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?
Jun 06, 2019
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.
Jun 05, 2019
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
Jun 04, 2019
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.
Jun 03, 2019
Blockchain bandits plunder weak wallets. [Research Saturday]
Jun 01, 2019
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
May 31, 2019
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
May 30, 2019
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
May 29, 2019
Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.
May 28, 2019
A fresh look at GOSSIPGIRL and the Supra Threat Actors. [Research Saturday]
May 25, 2019
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
May 24, 2019
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
May 23, 2019
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
May 22, 2019
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
May 21, 2019
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
May 20, 2019
Elfin APT group targets Middle East energy sector. [Research Saturday]
May 18, 2019
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
May 17, 2019
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
May 16, 2019
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
May 15, 2019
Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.
May 14, 2019
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
May 13, 2019
Steganography enables sophisticated OceanLotus payloads. [Research Saturday]
May 11, 2019
Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
May 10, 2019
Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
May 09, 2019
Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.
May 08, 2019
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
May 07, 2019
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
May 06, 2019
Sea Turtle state-sponsored DNS hijacking. [Research Saturday]
May 04, 2019
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
May 03, 2019
Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
May 02, 2019
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
May 01, 2019
Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
Apr 30, 2019
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.
Apr 29, 2019
Deep Learning threatens 3D medical imaging integrity. [Research Saturday]
Apr 27, 2019
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
Apr 26, 2019
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
Apr 25, 2019
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.
Apr 24, 2019
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
Apr 23, 2019
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
Apr 22, 2019
Undetectable vote manipulation in SwissPost e-voting system. [Research Saturday]
Apr 20, 2019
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Apr 19, 2019
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
Apr 18, 2019
Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
Apr 17, 2019
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.
Apr 16, 2019
ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
Apr 15, 2019
The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]
Apr 14, 2019
Establishing software root of trust unconditionally. [Research Saturday]
Apr 13, 2019
Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
Apr 12, 2019
Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Apr 11, 2019
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.
Apr 10, 2019
GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
Apr 09, 2019
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
Apr 08, 2019
Lessons learned from Ukraine elections. [Research Saturday]
Apr 06, 2019
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
Apr 05, 2019
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
Apr 04, 2019
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
Apr 03, 2019
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
Apr 02, 2019
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
Apr 01, 2019
Alarming vulnerabilities in automotive security systems. [Research Saturday]
Mar 30, 2019
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
Mar 29, 2019
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.
Mar 28, 2019
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.
Mar 27, 2019
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
Mar 26, 2019
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
Mar 25, 2019
Ryuk ransomware relationship revelations. [Research Saturday]
Mar 23, 2019
Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
Mar 22, 2019
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
Mar 21, 2019
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
Mar 20, 2019
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
Mar 19, 2019
Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.
Mar 18, 2019
ThinkPHP exploit from Asia-Pacific region goes global. [Research Saturday]
Mar 16, 2019
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.
Mar 15, 2019
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.
Mar 14, 2019
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).
Mar 13, 2019
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
Mar 12, 2019
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
Mar 11, 2019
Job-seeker exposes banking network to Lazurus Group. [Research Saturday]
Mar 09, 2019
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
Mar 08, 2019
Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.
Mar 07, 2019
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
Mar 06, 2019
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
Mar 05, 2019
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.
Mar 04, 2019
Fake Fortnite app scams infect gamers. [Research Saturday]
Mar 02, 2019
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.
Mar 01, 2019
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
Feb 28, 2019
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
Feb 27, 2019
Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.
Feb 26, 2019
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
Feb 25, 2019
Rosneft suspicions shift from espionage to business email compromise. [Research Saturday]
Feb 23, 2019
Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
Feb 22, 2019
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
Feb 21, 2019
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
Feb 20, 2019
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
Feb 19, 2019
Seedworm digs Middle East intelligence. [Research Saturday]
Feb 16, 2019
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
Feb 15, 2019
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
Feb 14, 2019
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.
Feb 13, 2019
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
Feb 12, 2019
Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
Feb 11, 2019
Trends and tips for cloud security. [Research Saturday]
Feb 09, 2019
Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
Feb 08, 2019
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
Feb 07, 2019
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
Feb 06, 2019
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
Feb 05, 2019
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.
Feb 04, 2019