CyberWire Daily

By N2K Networks

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.

Image by N2K Networks

Category: Technology

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 1563
Reviews: 5
Episodes: 2586

 Oct 28, 2020
An excellent resource for the cyber news of the day, without the extra "fluff". NOTE: this is NOT an educational podcast, it is strictly distilled news.

Matt Aguirre
 Mar 10, 2019

 Jan 16, 2019

Average Joe
 Dec 12, 2018
This is a great source for a daily overview of what happened in Cyber Security and IT!

 Nov 11, 2018
Although I enjoy listening, it's like a new language which I'm slowly learning. I wish some more time was given to background regarding malware.


The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Episode Date
Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
Sep 28, 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
Sep 27, 2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
Sep 26, 2023
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.
Sep 25, 2023
Threat intelligence discussion with Chris Krebs. [Special Edition]
Sep 25, 2023
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
Sep 24, 2023
Behind the Google shopping ad masks. [Research Saturday]
Sep 23, 2023
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
Sep 22, 2023
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
Sep 21, 2023
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
Sep 20, 2023
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
Sep 19, 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Sep 18, 2023
Karl Mattson: Defer gratification. (CISO) [Career Notes]
Sep 17, 2023
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
Sep 16, 2023
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
Sep 15, 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
Sep 14, 2023
How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
Sep 13, 2023
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”
Sep 12, 2023
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
Sep 11, 2023
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
Sep 10, 2023
No honor in being a criminal. [Research Saturday]
Sep 09, 2023
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.
Sep 08, 2023
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
Sep 07, 2023
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
Sep 06, 2023
In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
Sep 05, 2023
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
Sep 04, 2023
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
Sep 03, 2023
Thwarting Muddled Libra. [Research Saturday]
Sep 02, 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
Sep 01, 2023
GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
Aug 31, 2023
An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
Aug 30, 2023
A joint advisory on post-quantum readiness. [Special Edition]
Aug 30, 2023
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.
Aug 29, 2023
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
Aug 28, 2023
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
Aug 27, 2023
Google's not being ghosted from vulnerabilities. [Research Saturday]
Aug 26, 2023
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.
Aug 25, 2023
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.
Aug 24, 2023
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
Aug 23, 2023
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
Aug 22, 2023
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
Aug 21, 2023
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
Aug 20, 2023
Politicians targeted by RomCom. [Research Saturday]
Aug 19, 2023
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
Aug 18, 2023
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
Aug 17, 2023
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
Aug 16, 2023
Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.
Aug 15, 2023
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
Aug 14, 2023
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
Aug 13, 2023
It's raining credentials. [Research Saturday]
Aug 12, 2023
Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.
Aug 11, 2023
A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
Aug 10, 2023
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
Aug 09, 2023
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.
Aug 08, 2023
Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.
Aug 07, 2023
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Aug 06, 2023
Who is that stealing my credentials? [Research Saturday]
Aug 05, 2023
2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.
Aug 04, 2023
Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
Aug 03, 2023
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
Aug 02, 2023
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
Aug 01, 2023
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.
Jul 31, 2023
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
Jul 30, 2023
Phishing for leeches. [Research Saturday]
Jul 29, 2023
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.
Jul 28, 2023
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
Jul 27, 2023
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
Jul 26, 2023
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
Jul 25, 2023
DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
Jul 24, 2023
Don Welch: Being a good leader. [CIO] [Career Notes]
Jul 23, 2023
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
Jul 23, 2023
Welcome to New York, it's been waitin' for you. [Research Saturday]
Jul 22, 2023
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
Jul 21, 2023
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
Jul 20, 2023
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
Jul 19, 2023
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
Jul 18, 2023
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
Jul 17, 2023
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
Jul 16, 2023
SCARLETEEL zaps back again. [Research Saturday]
Jul 15, 2023
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
Jul 14, 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
Jul 13, 2023
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
Jul 12, 2023
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
Jul 11, 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
Jul 10, 2023
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
Jul 09, 2023
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Jul 09, 2023
Creating PANDA-monium. [Research Saturday]
Jul 08, 2023
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
Jul 07, 2023
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
Jul 06, 2023
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
Jul 05, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Jul 04, 2023
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
Jul 03, 2023
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Jul 02, 2023
The power behind artificial intelligence. [Research Saturday]
Jul 01, 2023
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.
Jun 30, 2023
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.
Jun 29, 2023
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
Jun 28, 2023
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
Jun 27, 2023
Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.
Jun 26, 2023
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
Jun 25, 2023
Unleashing the crypto gold rush. [Research Saturday]
Jun 24, 2023
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
Jun 23, 2023
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
Jun 22, 2023
A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
Jun 21, 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
Jun 20, 2023
Lorna Mahlock: Build bridges. [Combat support] [Career Notes]
Jun 18, 2023
Managing machine learning risks. [Research Saturday]
Jun 17, 2023
The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
Jun 16, 2023
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
Jun 15, 2023
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
Jun 15, 2023
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.
Jun 14, 2023
CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.
Jun 13, 2023
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.
Jun 12, 2023
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
Jun 11, 2023
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
Jun 10, 2023
“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
Jun 09, 2023
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
Jun 09, 2023
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
Jun 08, 2023
PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
Jun 07, 2023
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
Jun 06, 2023
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
Jun 05, 2023
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
Jun 04, 2023
Lancefly screams bloody Merdoor.
Jun 03, 2023
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
Jun 02, 2023
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
Jun 01, 2023
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
May 31, 2023
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
May 30, 2023
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
May 28, 2023
8 GoAnywhere MFT breaches and counting. [Research Saturday]
May 27, 2023
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
May 26, 2023
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
May 25, 2023
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
May 25, 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
May 24, 2023
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
May 23, 2023
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
May 22, 2023
Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]
May 22, 2023
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
May 21, 2023
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
May 20, 2023
Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.
May 19, 2023
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
May 18, 2023
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]
May 18, 2023
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.
May 17, 2023
What is data centric security and why should anyone care? [CyberWire-X]
May 17, 2023
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
May 16, 2023
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
May 15, 2023
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
May 14, 2023
Running away from operation Tainted Love. [Research Saturday]
May 13, 2023
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
May 12, 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
May 12, 2023
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
May 11, 2023
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
May 11, 2023
Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.
May 10, 2023
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
May 09, 2023
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
May 08, 2023
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
May 07, 2023
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
May 06, 2023
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
May 05, 2023
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
May 04, 2023
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
May 03, 2023
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
May 02, 2023
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
May 01, 2023
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Apr 30, 2023
HinataBot focuses on DDoS attack. [Research Saturday]
Apr 29, 2023
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
Apr 28, 2023
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
Apr 27, 2023
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
Apr 26, 2023
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.
Apr 25, 2023
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
Apr 24, 2023
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
Apr 23, 2023
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
Apr 23, 2023
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Apr 22, 2023
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
Apr 21, 2023
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
Apr 20, 2023
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
Apr 20, 2023
Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”
Apr 19, 2023
A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]
Apr 19, 2023
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.
Apr 18, 2023
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
Apr 17, 2023
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Apr 16, 2023
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
Apr 15, 2023
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
Apr 14, 2023
Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
Apr 13, 2023
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.
Apr 12, 2023
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
Apr 11, 2023
A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
Apr 10, 2023
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
Apr 09, 2023
A dark side to LLMs. [Research Saturday]
Apr 08, 2023
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
Apr 07, 2023
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
Apr 06, 2023
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.
Apr 05, 2023
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
Apr 04, 2023
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
Apr 03, 2023
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
Apr 02, 2023
Blackfly flies back again. [Research Saturday]
Apr 01, 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
Mar 31, 2023
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.
Mar 30, 2023
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
Mar 29, 2023
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
Mar 28, 2023
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
Mar 27, 2023
An introduction to the National Cryptologic Museum. [Special Edition]
Mar 27, 2023
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Mar 26, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Mar 26, 2023
Popunders are not the good kind of ads. [Research Saturday]
Mar 25, 2023
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
Mar 24, 2023
Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
Mar 23, 2023
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
Mar 22, 2023
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
Mar 21, 2023
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
Mar 20, 2023
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
Mar 19, 2023
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
Mar 18, 2023
ChatGPT grants malicious wishes? [Research Saturday]
Mar 18, 2023
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
Mar 17, 2023
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
Mar 16, 2023
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
Mar 16, 2023
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
Mar 15, 2023
Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
Mar 14, 2023
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
Mar 13, 2023
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
Mar 12, 2023
Files stolen from a sneaky SymStealer. [Research Saturday]
Mar 11, 2023
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
Mar 10, 2023
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
Mar 09, 2023
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.
Mar 08, 2023
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
Mar 07, 2023
That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.
Mar 06, 2023
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
Mar 05, 2023
New exploits are tricking Chrome. [Research Saturday]
Mar 04, 2023
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
Mar 03, 2023
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
Mar 03, 2023
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
Mar 03, 2023
CyberWire commentary: Ukraine one year on. [Special Edition]
Mar 03, 2023
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
Mar 02, 2023
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
Mar 01, 2023
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
Feb 28, 2023
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
Feb 27, 2023
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
Feb 26, 2023
The next hot AI scam. [Research Saturday]
Feb 25, 2023
A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
Feb 24, 2023
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
Feb 23, 2023
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
Feb 22, 2023
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
Feb 21, 2023
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
Feb 20, 2023
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
Feb 19, 2023
Implementing and achieving security resilience. [Research Saturday]
Feb 18, 2023
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
Feb 17, 2023
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
Feb 16, 2023
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.
Feb 15, 2023
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.
Feb 14, 2023
Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
Feb 13, 2023
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
Feb 12, 2023
Knocking down the legs of the industrial security triad. [Research Saturday]
Feb 11, 2023
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)
Feb 10, 2023
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
Feb 10, 2023
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
Feb 09, 2023
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]
Feb 09, 2023
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
Feb 08, 2023
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
Feb 07, 2023
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
Feb 06, 2023
Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]
Feb 05, 2023
“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]
Feb 05, 2023
Can ransomware turn machines against us? [Research Saturday]
Feb 04, 2023
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
Feb 03, 2023
Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
Feb 02, 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Feb 01, 2023
The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.
Jan 31, 2023
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Jan 30, 2023
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
Jan 29, 2023
Interview with the AI, part one. [Special Editions]
Jan 29, 2023
Flagging firmware vulnerabilities. [Research Saturday]
Jan 28, 2023
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
Jan 27, 2023
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
Jan 26, 2023
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]
Jan 26, 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
Jan 25, 2023
Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]
Jan 25, 2023
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
Jan 24, 2023
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
Jan 23, 2023
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
Jan 22, 2023
The power of web data in cybersecurity. [CyberWire-X]
Jan 22, 2023
Billbug infests government agencies. [Research Saturday]
Jan 21, 2023
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Jan 20, 2023
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
Jan 19, 2023
ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
Jan 18, 2023
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”
Jan 17, 2023
Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]
Jan 16, 2023
Gene Fay: Lead from the front. [CEO] [Career Notes]
Jan 15, 2023
DUCKTAIL waddles back again. [Research Saturday]
Jan 14, 2023
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
Jan 13, 2023
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
Jan 12, 2023
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
Jan 11, 2023
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
Jan 10, 2023
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
Jan 09, 2023
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Jan 08, 2023
Stealer malware from Russia. [Research Saturday]
Jan 07, 2023
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
Jan 06, 2023
PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
Jan 05, 2023
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
Jan 04, 2023
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
Jan 03, 2023
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
Jan 03, 2023
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
Jan 02, 2023
Encore: LemonDucks evading detection.
Dec 31, 2022
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
Dec 30, 2022
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Dec 29, 2022
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
Dec 28, 2022
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
Dec 27, 2022
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Dec 26, 2022
The CyberWire: The 12 Days of Malware.[Special Editions]
Dec 25, 2022
Encore: Vulnerabilities in IoT devices.
Dec 24, 2022
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.
Dec 23, 2022
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.
Dec 22, 2022
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
Dec 21, 2022
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.
Dec 20, 2022
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
Dec 19, 2022
Strategies to get the most out of your toolsets. [CyberWire-X]
Dec 18, 2022
Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]
Dec 18, 2022
Hijacking holiday spirit with phishing scams. [Research Saturday]
Dec 17, 2022
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
Dec 16, 2022
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
Dec 15, 2022
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
Dec 14, 2022
Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
Dec 13, 2022
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
Dec 12, 2022
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Dec 11, 2022
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
Dec 11, 2022
Cybersecurity during the World Cup. [Research Saturday]
Dec 10, 2022
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
Dec 09, 2022
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
Dec 08, 2022
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Dec 07, 2022
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
Dec 07, 2022
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.
Dec 06, 2022
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
Dec 05, 2022
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
Dec 04, 2022
Old malware returns in a new way. [Research Saturday]
Dec 03, 2022
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
Dec 02, 2022
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
Dec 01, 2022
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.
Nov 30, 2022
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
Nov 29, 2022
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”
Nov 28, 2022
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
Nov 27, 2022
Encore: The secrets behind Docker.
Nov 26, 2022
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
Nov 25, 2022
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
Nov 24, 2022
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
Nov 23, 2022
Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.
Nov 22, 2022
Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.
Nov 21, 2022
Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]
Nov 20, 2022
Another infection with new malware. [Research Saturday]
Nov 19, 2022
Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
Nov 18, 2022
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]
Nov 18, 2022
Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.
Nov 17, 2022
Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022
Nov 16, 2022
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]
Nov 16, 2022
An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
Nov 15, 2022
Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
Nov 14, 2022
Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]
Nov 13, 2022
An in-depth look on the Crytox ransomware family. [Research Saturday]
Nov 12, 2022
CSO Perspectives Bonus: Veterans Day special.
Nov 11, 2022
US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.
Nov 10, 2022
A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
Nov 09, 2022
Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Nov 08, 2022
Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
Nov 07, 2022
Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
Nov 06, 2022
Over-the-air 0-day vulnerabilities. [Research Saturday]
Nov 05, 2022
Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
Nov 04, 2022
“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
Nov 03, 2022
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
Nov 02, 2022
OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.
Nov 01, 2022
Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.
Oct 31, 2022
Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]
Oct 30, 2022
Bugs and working from home. [Research Saturday]
Oct 29, 2022
Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.
Oct 28, 2022
The Malware Mash! [Bonus]
Oct 28, 2022
CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.
Oct 27, 2022
Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
Oct 26, 2022
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.
Oct 25, 2022
US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.
Oct 24, 2022
CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]
Oct 24, 2022
Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]
Oct 23, 2022
New tools target governments in Middle East? [Research Saturday]
Oct 22, 2022
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.
Oct 21, 2022
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.
Oct 20, 2022
Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.
Oct 19, 2022
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.
Oct 18, 2022
Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.
Oct 17, 2022
Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]
Oct 16, 2022
Cyber confidence: Knowing what you have and where it is. [CyberWire-X]
Oct 16, 2022
Noberus ransomware: evolving tactics. [Research Saturday]
Oct 15, 2022
Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.
Oct 14, 2022
What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.
Oct 13, 2022
Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.
Oct 12, 2022
An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.
Oct 11, 2022
CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]
Oct 10, 2022
Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]
Oct 10, 2022
Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]
Oct 09, 2022
Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]
Oct 09, 2022
Google Drive used for malware? [Research Saturday]
Oct 08, 2022
A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.
Oct 07, 2022
CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.
Oct 07, 2022
Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.
Oct 06, 2022
Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.
Oct 05, 2022
CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
Oct 04, 2022
CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.
Oct 04, 2022
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Oct 03, 2022
Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]
Oct 02, 2022
The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]
Oct 02, 2022
Targeting your browser bookmarks? [Research Saturday]
Oct 01, 2022
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
Sep 30, 2022
Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
Sep 29, 2022
DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.
Sep 28, 2022
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.
Sep 27, 2022
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
Sep 26, 2022
Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
Sep 25, 2022
Keeping an eye on RDS vulnerabilities. [Research Saturday]
Sep 24, 2022
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
Sep 23, 2022
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
Sep 22, 2022
CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
Sep 22, 2022
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
Sep 22, 2022
A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
Sep 21, 2022
An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.
Sep 20, 2022
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.
Sep 19, 2022
Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]
Sep 18, 2022
An increase in bypassing bot management? [Research Saturday]
Sep 17, 2022
Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.
Sep 16, 2022
CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
Sep 15, 2022
Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
Sep 15, 2022
Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).
Sep 14, 2022
A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]
Sep 13, 2022
Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.
Sep 13, 2022
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.
Sep 12, 2022
Mark Logan: March towards your goals. [CEO] [Career Notes]
Sep 11, 2022
A CSO's 9/11 Story: CSO Perspectives Bonus.
Sep 11, 2022
Evilnum APT returns with new targets. [Research Saturday]
Sep 10, 2022
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
Sep 09, 2022
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.
Sep 08, 2022
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
Sep 07, 2022
CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]
Sep 06, 2022
Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.
Sep 06, 2022
New CISO responsibilities: supply chain. [CSO Perspectives]
Sep 05, 2022
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
Sep 04, 2022
LockBit's contradiction on encryption speed. [Research Saturday]
Sep 03, 2022
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
Sep 02, 2022
News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.
Sep 01, 2022
Securing multi-cloud identity with orchestration. [CyberWire-X]
Sep 01, 2022
Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.
Aug 31, 2022
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.
Aug 30, 2022
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
Aug 29, 2022
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
Aug 28, 2022
How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]
Aug 27, 2022
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.
Aug 26, 2022
Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.
Aug 25, 2022
Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.
Aug 24, 2022
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
Aug 23, 2022
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.
Aug 22, 2022
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
Aug 21, 2022
Clipminer: Making millions off of malware. [Research Saturday]
Aug 20, 2022
Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.
Aug 19, 2022
BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.
Aug 18, 2022
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
Aug 17, 2022
CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}
Aug 17, 2022
Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.
Aug 16, 2022
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
Aug 15, 2022
Christian Lees: it's not always textbook. [CTO] [Career Notes]
Aug 14, 2022
Red teamer's perspective on demotivating attackers. [CyberWire-X]
Aug 14, 2022
Fake job ads and how to spot them. [Research Saturday]
Aug 13, 2022
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.
Aug 12, 2022
CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}
Aug 11, 2022
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.
Aug 11, 2022
Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.
Aug 10, 2022
Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.
Aug 09, 2022
Cybersecurity is a team sport. [CyberWire-X]
Aug 09, 2022
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.
Aug 08, 2022
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
Aug 07, 2022
Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]
Aug 06, 2022
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.
Aug 05, 2022
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.
Aug 04, 2022
CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]
Aug 04, 2022
Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.
Aug 03, 2022
Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?
Aug 02, 2022
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.
Aug 01, 2022
Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]
Jul 31, 2022
What malicious campaign is lurking under the surface? [Research Saturday]
Jul 30, 2022
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.
Jul 29, 2022
SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.
Jul 28, 2022
The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.
Jul 27, 2022
LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.
Jul 26, 2022
The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.
Jul 25, 2022
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
Jul 24, 2022
The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]
Jul 24, 2022
Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
Jul 23, 2022
Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”
Jul 22, 2022
Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.
Jul 21, 2022
Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.
Jul 20, 2022
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
Jul 19, 2022
Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.
Jul 18, 2022
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
Jul 17, 2022
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]
Jul 17, 2022
A record breaking DDoS attack. [Research Saturday]
Jul 16, 2022
A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]
Jul 15, 2022
Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.
Jul 15, 2022
Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.
Jul 14, 2022
AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.
Jul 13, 2022
High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.
Jul 12, 2022
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.
Jul 11, 2022
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
Jul 10, 2022
Information operations during a war. [Research Saturday]
Jul 09, 2022
An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
Jul 08, 2022
Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.
Jul 07, 2022
CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]
Jul 06, 2022
Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.
Jul 06, 2022
Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.
Jul 05, 2022
Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]
Jul 04, 2022
Could REvil have a copycat? [Research Saturday]
Jul 02, 2022
Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.
Jul 01, 2022
CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]
Jun 30, 2022
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.
Jun 30, 2022
Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.
Jun 29, 2022
DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?
Jun 28, 2022
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.
Jun 27, 2022
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
Jun 26, 2022
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
Jun 25, 2022
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
Jun 24, 2022
CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]
Jun 24, 2022
Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.
Jun 23, 2022
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.
Jun 22, 2022
Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.
Jun 21, 2022
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
Jun 20, 2022
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
Jun 19, 2022
Dissecting the Spring4Shell vulnerability. [Research Saturday]
Jun 18, 2022
Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.
Jun 17, 2022
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
Jun 16, 2022
Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.
Jun 15, 2022
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.
Jun 14, 2022
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
Jun 13, 2022
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Jun 12, 2022
New developments in the WSL attack. [Research Saturday]
Jun 11, 2022
The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.
Jun 10, 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Jun 09, 2022
Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.
Jun 08, 2022
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]
Jun 08, 2022
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus
Jun 07, 2022
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."
Jun 06, 2022
Defining the intruder’s dilemma. [CyberWire-X]
Jun 05, 2022
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
Jun 05, 2022
LemonDucks evading detection. [Research Saturday]
Jun 04, 2022
Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.
Jun 03, 2022
Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.
Jun 02, 2022
CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]
Jun 01, 2022
Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!
Jun 01, 2022
Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.
May 31, 2022
Introducing Control Loop, the industrial cybersecurity podcast. [Trailer]
May 30, 2022
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
May 29, 2022
Compromised military tech? [Research Saturday]
May 28, 2022
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
May 27, 2022
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
May 26, 2022
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
May 25, 2022
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
May 24, 2022
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.
May 23, 2022
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
May 22, 2022
AutoWarp bug leads to Automation headaches. [Research Saturday]
May 21, 2022
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
May 20, 2022
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]
May 20, 2022
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
May 19, 2022
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
May 19, 2022
Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
May 18, 2022
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]
May 17, 2022
Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
May 17, 2022
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
May 16, 2022
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
May 15, 2022
The current state of zero trust. [CyberWire-X]
May 15, 2022
Vulnerabilities in IoT devices. [Research Saturday]
May 14, 2022
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
May 13, 2022
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
May 12, 2022
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
May 12, 2022
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
May 11, 2022
Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.
May 10, 2022
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.
May 09, 2022
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
May 08, 2022
Attacking where vulnerable. [Research Saturday]
May 07, 2022
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).
May 06, 2022
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
May 05, 2022
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.
May 04, 2022
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
May 03, 2022
The future of security validation – what next? [CyberWire-X]
May 03, 2022
Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.
May 02, 2022
DevSecOps and securing the container. [CyberWire-X]
May 01, 2022
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
May 01, 2022
Attackers coming in from the Backdoor? [Research Saturday]
Apr 30, 2022
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
Apr 29, 2022
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.
Apr 28, 2022
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
Apr 27, 2022
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
Apr 26, 2022
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.
Apr 25, 2022
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
Apr 24, 2022
BABYSHARK is swimming again! [Research Saturday]
Apr 23, 2022
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.
Apr 22, 2022
Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
Apr 21, 2022
Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
Apr 20, 2022
In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
Apr 19, 2022
Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
Apr 18, 2022
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Apr 17, 2022
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
Apr 17, 2022
A fight to defend Taiwan financial institutions. [Research Saturday]
Apr 16, 2022
Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
Apr 15, 2022
A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
Apr 14, 2022
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
Apr 13, 2022
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
Apr 12, 2022
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
Apr 11, 2022
SolarWinds through a first principle lens. [CSO Perspectives]
Apr 11, 2022
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
Apr 10, 2022
The secrets behind Docker. [Research Saturday]
Apr 09, 2022
Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
Apr 08, 2022
Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
Apr 07, 2022
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
Apr 06, 2022
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
Apr 05, 2022
Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
Apr 04, 2022
Living security: the current state of XDR. [CyberWire-X]
Apr 03, 2022
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
Apr 03, 2022
A popular malware scheme and pay-per-install services. [Research Saturday]
Apr 02, 2022
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.
Apr 01, 2022
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
Mar 31, 2022
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
Mar 30, 2022
Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
Mar 29, 2022
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
Mar 28, 2022
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
Mar 26, 2022
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
Mar 25, 2022
Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.
Mar 24, 2022
Insider Risk Excellence Awards. [CyberWire-X]
Mar 24, 2022
British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
Mar 23, 2022
White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
Mar 22, 2022
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
Mar 21, 2022
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
Mar 20, 2022
Implications of data leaks of sensitive OT information. [Research Saturday]
Mar 19, 2022
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
Mar 18, 2022
Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
Mar 17, 2022
Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
Mar 16, 2022
Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
Mar 15, 2022
Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
Mar 14, 2022
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
Mar 13, 2022
The story of REvil: From origin to beyond. [Research Saturday]
Mar 12, 2022
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
Mar 11, 2022
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
Mar 10, 2022
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.
Mar 09, 2022
Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
Mar 08, 2022
Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
Mar 07, 2022
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
Mar 06, 2022
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
Mar 06, 2022
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
Mar 05, 2022
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.
Mar 04, 2022
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
Mar 03, 2022
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
Mar 02, 2022
Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
Mar 01, 2022
An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
Feb 28, 2022
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Feb 27, 2022
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
Feb 26, 2022
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
Feb 25, 2022
Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
Feb 24, 2022
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
Feb 23, 2022
Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.
Feb 22, 2022
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
Feb 21, 2022
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures
Feb 21, 2022
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Feb 20, 2022
What Log4Shell has taught us. [CyberWire-X]
Feb 20, 2022
Instagram hijacks all start with a phish. [Research Saturday]
Feb 19, 2022
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.
Feb 18, 2022
Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
Feb 17, 2022
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.
Feb 16, 2022
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.
Feb 15, 2022
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
Feb 14, 2022
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
Feb 13, 2022
SysJoker backdoor masquerades as benign updates. [Research Saturday]
Feb 12, 2022
Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.
Feb 11, 2022
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.
Feb 10, 2022
A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
Feb 09, 2022
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
Feb 08, 2022
Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
Feb 07, 2022
The persistent and patient nature of advanced threat actors. [Research Saturday]
Feb 05, 2022
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
Feb 04, 2022
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
Feb 03, 2022
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
Feb 02, 2022
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
Feb 01, 2022
The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
Jan 31, 2022
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Jan 30, 2022
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
Jan 30, 2022
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
Jan 29, 2022
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
Jan 28, 2022
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
Jan 27, 2022
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
Jan 26, 2022
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
Jan 25, 2022
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
Jan 24, 2022
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
Jan 23, 2022
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
Jan 22, 2022
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
Jan 22, 2022
Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
Jan 20, 2022
Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
Jan 19, 2022
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.
Jan 18, 2022
SOAR - a first principle idea. [CSO Perspectives}
Jan 17, 2022
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
Jan 16, 2022
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
Jan 15, 2022
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
Jan 14, 2022
A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.
Jan 13, 2022
The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.
Jan 12, 2022
Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.
Jan 11, 2022
CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.
Jan 10, 2022
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Jan 09, 2022
The rise of Karakurt Hacking Team.
Jan 08, 2022
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.
Jan 07, 2022
Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.
Jan 06, 2022
CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.
Jan 05, 2022
Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.
Jan 04, 2022
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.
Jan 03, 2022
Cybersecurity predictions for 2022. [CyberWire-X]
Jan 02, 2022
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Jan 02, 2022
Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]
Jan 01, 2022
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
Dec 31, 2021
CyberWire Pro Interview Selects: Sir David Omand.
Dec 30, 2021
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
Dec 29, 2021
CyberWire Pro Interview Selects: Bill Wright of Splunk.
Dec 28, 2021
CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.
Dec 27, 2021
Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Dec 26, 2021
The CyberWire: The 12 Days of Malware.
Dec 25, 2021
CyberWire Pro Research Briefing from 12/21/2021.
Dec 25, 2021
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
Dec 24, 2021
Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.
Dec 23, 2021
The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.
Dec 22, 2021
Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.
Dec 21, 2021
Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.
Dec 20, 2021
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
Dec 19, 2021
Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]
Dec 18, 2021
Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.
Dec 17, 2021
Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.
Dec 16, 2021
Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.
Dec 15, 2021
Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.
Dec 14, 2021
Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.
Dec 13, 2021
Hannah Kenney: Focused on people. [Risk] [Career Notes]
Dec 12, 2021
FIN7 repositioning focus into ransomware. [Research Saturday]
Dec 11, 2021
Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.
Dec 10, 2021
Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.
Dec 09, 2021
AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.
Dec 08, 2021
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?
Dec 07, 2021
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
Dec 06, 2021
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Dec 05, 2021
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
Dec 05, 2021
Getting in and getting out with SnapMC. [Research Saturday]
Dec 04, 2021
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
Dec 03, 2021
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
Dec 02, 2021
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.
Dec 01, 2021
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
Nov 30, 2021
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
Nov 29, 2021
Anisha Patel: Right along with them. [Program management] [Career Notes]
Nov 28, 2021
CyberWire Pro Research Briefing from 11/23/2021
Nov 27, 2021
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Nov 26, 2021
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Nov 25, 2021
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.  
Nov 24, 2021
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.
Nov 23, 2021
Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.
Nov 22, 2021
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
Nov 21, 2021
How ransomware impacts organizations. [CyberWire-X]
Nov 21, 2021
Using bidirectionality override characters to obscure code. [Research Saturday]
Nov 20, 2021
Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?
Nov 19, 2021
Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.
Nov 18, 2021
CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.
Nov 17, 2021
Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.
Nov 16, 2021
Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.
Nov 15, 2021
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Nov 14, 2021
The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]
Nov 14, 2021
A glimpse into TeamTNT. [Research Saturday]
Nov 13, 2021
Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.
Nov 12, 2021
Let's go to the movies. [Hacking Humans Goes to the Movies]
Nov 11, 2021
Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.
Nov 10, 2021
Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.
Nov 09, 2021
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.
Nov 08, 2021
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
Nov 07, 2021
An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]
Nov 06, 2021
$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.
Nov 05, 2021
Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.
Nov 04, 2021
Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.
Nov 03, 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Nov 02, 2021
Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).
Nov 01, 2021
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
Oct 31, 2021
Malware sometimes changes its behavior. [Research Saturday]
Oct 30, 2021
Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”
Oct 29, 2021
The Malware Mash!
Oct 29, 2021
Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.
Oct 28, 2021
Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.
Oct 27, 2021
Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.
Oct 26, 2021
SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.
Oct 25, 2021
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
Oct 24, 2021
When big ransomware goes away, where should affiliates go? [Research Saturday]
Oct 23, 2021
Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.
Oct 22, 2021
Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.
Oct 21, 2021
Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.
Oct 20, 2021
TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.
Oct 19, 2021
A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?
Oct 18, 2021
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
Oct 17, 2021
Groove Gang making a name for themselves. [Research Saturday]
Oct 16, 2021
CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.
Oct 15, 2021
Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.
Oct 14, 2021
Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.
Oct 13, 2021
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize
Oct 12, 2021
Extra: Let's talk about Facebook's research. [Caveat]
Oct 11, 2021
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
Oct 10, 2021
Taking a closer look at UNC1151. [Research Saturday]
Oct 09, 2021
Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.
Oct 08, 2021
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.
Oct 07, 2021
Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.
Oct 06, 2021
Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.
Oct 05, 2021
Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.
Oct 04, 2021
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Oct 03, 2021
Cloud configuration security: Breaking the endless cycle. [CyberWire-X]
Oct 03, 2021
IoT security and the need for randomness. [Research Saturday]
Oct 02, 2021
Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.
Oct 01, 2021
GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.
Sep 30, 2021
DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.
Sep 29, 2021
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.
Sep 28, 2021
The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.
Sep 27, 2021
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
Sep 26, 2021
Why it’s time for cybersecurity to go mainstream. [CyberWire-X]
Sep 26, 2021
Vulnerabilities in the public cloud. [Research Saturday]
Sep 25, 2021
Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?
Sep 24, 2021
Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.
Sep 23, 2021
Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.
Sep 22, 2021
BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.
Sep 21, 2021
Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.
Sep 20, 2021
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Sep 19, 2021
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
Sep 18, 2021
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.
Sep 17, 2021
A CSO's 9/11 Story: CSO Perspectives Bonus.
Sep 17, 2021
Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.
Sep 16, 2021
No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.
Sep 15, 2021
NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.
Sep 14, 2021
The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.
Sep 13, 2021
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
Sep 12, 2021
A Google Chrome update that just didn't feel right. [Research Saturday]
Sep 11, 2021
Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.
Sep 10, 2021
Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.
Sep 09, 2021
BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.
Sep 08, 2021
A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.
Sep 07, 2021
Security operations centers: a first principle idea. [CSO Perspectives]
Sep 06, 2021
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
Sep 05, 2021
Like a computer network but for physical objects. [Research Saturday]
Sep 04, 2021
Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.
Sep 03, 2021
LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.
Sep 02, 2021
A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.
Sep 01, 2021
Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airline’s data. CISA opens registration for the President’s Cup. Too much gaming, kids.
Aug 31, 2021
Data breaches and ransomware. Another gang says it’s retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?
Aug 30, 2021
Rich Hale: Understanding the data. [CTO] [Career Notes]
Aug 29, 2021
Joker malware family: not a joke for Google Play. [Research Saturday]
Aug 28, 2021
The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrite’s availability. Ragnarok ransomware says it’s going out of business.
Aug 27, 2021
A quick look back at yesterday’s White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.
Aug 26, 2021
Hacktivism in Belarus. The Taliban’s data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.
Aug 25, 2021
Apple CSAM: well-intentioned, slippery slope. [Caveat]
Aug 25, 2021
Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man
Aug 24, 2021
Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.
Aug 23, 2021
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Aug 22, 2021
From board advisor to board member: evolution of the modern CISO. [CyberWire-X]
Aug 22, 2021
Exploring vulnerabilities of off-the-shelf software. [Research Saturday]
Aug 21, 2021
Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?
Aug 20, 2021
T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.
Aug 19, 2021
Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.
Aug 18, 2021
Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.
Aug 17, 2021
Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?
Aug 16, 2021
Rick Howard: Give people resources. [CSO] [Career Notes]
Aug 15, 2021
You can add new features, just secure the old stuff first. [Research Saturday]
Aug 14, 2021
Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.
Aug 13, 2021
More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.
Aug 12, 2021
A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.
Aug 11, 2021
A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.
Aug 10, 2021
Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.
Aug 09, 2021
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Aug 08, 2021
SideCopy malware campaigns expand and evolve. [Research Saturday]
Aug 07, 2021
FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.
Aug 06, 2021
CISA’s new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naiveté about a gang’s reform, or optimism over signs the gang is worried?
Aug 05, 2021
Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDuck’s rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhou’s extradition.
Aug 04, 2021
Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.
Aug 03, 2021
SVR was reading the US Attorneys’ emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.
Aug 02, 2021
Behavioral transparency – the patterns within. [CyberWire-X]
Aug 01, 2021
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Aug 01, 2021
China's influence grows through Digital Silk Road Initiative. [Research Saturday]
Jul 31, 2021
Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.
Jul 30, 2021
Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.
Jul 29, 2021
US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.
Jul 28, 2021
South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?
Jul 27, 2021
The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.
Jul 26, 2021
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
Jul 25, 2021
Is enhanced hardware security the answer to ransomware? [CyberWire-X]
Jul 25, 2021
Free malware with cracked software. [Research Saturday]
Jul 24, 2021
Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.
Jul 23, 2021
Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.
Jul 22, 2021
Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.
Jul 21, 2021
APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.
Jul 20, 2021
Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Group’s Pegasus tool reported.
Jul 19, 2021
Peter Baumann: Adding value to data. [CEO] [Career Notes]
Jul 18, 2021
Enabling connectivity enables exposures. [Research Saturday]
Jul 17, 2021
DDoS at Russia’s MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendor’s activities are exposed. No signs of the US softening on Huawei bans.
Jul 16, 2021
Luminous Moth or Mustang Panda, it’s the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.
Jul 15, 2021
Patch notes. What’s happening with REvil remains unclear, but it would be rash to count the gang out.
Jul 14, 2021
SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.
Jul 13, 2021
Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.
Jul 12, 2021
APTs transitioning to the cloud. [CyberWire-X]
Jul 11, 2021
Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]
Jul 11, 2021
Dealing illicit goods on encrypted chat apps. [Research Saturday]
Jul 10, 2021
Kaseya continues to work through its REvil days, as does the US Administration. In other news, there’s cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.
Jul 09, 2021
Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvil’s victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.
Jul 08, 2021
Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.
Jul 07, 2021
The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.
Jul 06, 2021
Dwayne Price: Sharing information. [Project Management] [Career Notes]
Jul 04, 2021
Malware in pirated Windows installation files. [Research Saturday]
Jul 03, 2021
Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.
Jul 02, 2021
Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?
Jul 01, 2021
A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.
Jun 30, 2021
A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.
Jun 29, 2021
Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.
Jun 28, 2021
Introducing Security Unlocked: CISO Series with Bret Arsenault–Leading an Inclusive Workforce: Emma Smith, Vodafone
Jun 27, 2021
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Jun 27, 2021
Exhibiting advanced APT-like behavior. [Research Saturday]
Jun 26, 2021
REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.
Jun 25, 2021
Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?
Jun 24, 2021
Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.
Jun 23, 2021
Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.
Jun 22, 2021
South Korea’s nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.
Jun 21, 2021
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
Jun 20, 2021
Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]
Jun 19, 2021
Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.
Jun 18, 2021
The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.
Jun 17, 2021
Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.
Jun 16, 2021
Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.
Jun 15, 2021
Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?
Jun 14, 2021
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
Jun 13, 2021
Taking a look behind the Science of Security. [Research Saturday]
Jun 12, 2021
Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.
Jun 11, 2021
Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBI’s partial recovery of DarkSide’s ransom take.
Jun 10, 2021
Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATO’s Article 5 in cyberspace. Patch Tuesday notes.
Jun 09, 2021
FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.
Jun 08, 2021
Dark Side’s way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.
Jun 07, 2021
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
Jun 06, 2021
Bad building blocks: a new and unusual phishing campaign. [Research Saturday]
Jun 05, 2021
Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.
Jun 04, 2021
FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.
Jun 03, 2021
The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobelium’s USAID impersonation campaign. Siemens addresses PLC vulnerabilities.
Jun 02, 2021
Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.
Jun 01, 2021
Zero trust: a change in mindset. [Special Editions]
May 31, 2021
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
May 30, 2021
Big data, big payoff for China's cybercrime underground. [Research Saturday]
May 29, 2021
A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.
May 28, 2021
Impersonation campaign targets China’s Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.
May 27, 2021
Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.
May 26, 2021
CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.
May 25, 2021
Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.
May 24, 2021
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
May 23, 2021
Leveraging COVID-19 themes for malicious purposes. [Research Saturday]
May 22, 2021
DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.
May 21, 2021
DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.
May 20, 2021
Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.
May 19, 2021
WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.
May 18, 2021
Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.
May 17, 2021
Dominique West: Security found me. [Strategy] [Career Notes]
May 16, 2021
Zeroing in on zero trust. [CyberWire-X]
May 16, 2021
Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]
May 15, 2021
Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
May 14, 2021
The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.
May 13, 2021
The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.
May 12, 2021
Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.
May 11, 2021
Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.
May 10, 2021
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
May 09, 2021
Street cred: increasing trust in passwordless authentication. [CyberWire-X]
May 09, 2021
SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]
May 08, 2021
CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.
May 07, 2021
Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.
May 06, 2021
DDoS interrupts Belgium’s parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).
May 05, 2021
VPN vulnerability exploited for cyberespionage closed. “IT security incident” at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.
May 04, 2021
Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.
May 03, 2021
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
May 02, 2021
A snapshot of the ransomware threat landscape. [Research Saturday}
May 01, 2021
Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.
Apr 30, 2021
Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSA’s advice on OT security.
Apr 29, 2021
More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.
Apr 28, 2021
The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.
Apr 27, 2021
Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.
Apr 26, 2021
Channeling the data avalanche. [CyberWire-X]
Apr 25, 2021
Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Apr 25, 2021
Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]
Apr 24, 2021
Three ransomware gangs up their game. The US Postal Inspection Service’s “Internet Covert Operations Program.” GCHQ warns of dependence on Chinese tech. Undersea cable security.