CyberWire Daily

By N2K Networks

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.

Image by N2K Networks

Category: Tech News

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 1642
Reviews: 5
Episodes: 2873

 Oct 28, 2020
An excellent resource for the cyber news of the day, without the extra "fluff". NOTE: this is NOT an educational podcast, it is strictly distilled news.

Matt Aguirre
 Mar 10, 2019

 Jan 16, 2019

Average Joe
 Dec 12, 2018
This is a great source for a daily overview of what happened in Cyber Security and IT!

 Nov 11, 2018
Although I enjoy listening, it's like a new language which I'm slowly learning. I wish some more time was given to background regarding malware.


The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Episode Date
Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.
Jun 03, 2024
Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition]
Jun 03, 2024
SolarWinds and the SEC.
Jun 03, 2024
Solution Spotlight on the 2024 NICE Conference: Business Roundtable.
Jun 02, 2024
1700 IPs and counting. [Research Saturday]
Jun 01, 2024
Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]
Jun 01, 2024
New cybersecurity bill aims to untangle federal regulations.
May 31, 2024
Operation Endgame: Hackers' hideouts exposed.
May 30, 2024
Alleged leaked files expose a dirty secret.
May 29, 2024
FBI untangles the web that is Scattered Spider.
May 28, 2024
Memorial Day special.
May 27, 2024
Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]
May 26, 2024
International effort dismantles LockBit. [Research Saturday]
May 25, 2024
Cybercriminals target London drugs.
May 24, 2024
Checkmate at check in.
May 23, 2024
Privacy nightmare or useful tool?
May 22, 2024
The secrets of a dark web drug lord.
May 21, 2024
Double key encryption debate.
May 20, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]
May 19, 2024
From secret images to encryption keys. [Research Saturday]
May 18, 2024
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
May 18, 2024
MediSecure data breach hits Aussie healthcare.
May 17, 2024
FBI strikes against a cybercrime syndicate.
May 16, 2024
A bipartisan blueprint for American leadership.
May 15, 2024
Google strikes back.
May 14, 2024
A battle for digital sovereignty.
May 13, 2024
Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]
May 12, 2024
The double-edged sword of cyber espionage. [Research Saturday]
May 11, 2024
Treasury's offensive in financial defense.
May 10, 2024
Healthcare in the crosshairs.
May 09, 2024
The takedown of a ransomware ringleader.
May 08, 2024
Hack-proofing the future to shape cyberspace.
May 07, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP]
May 07, 2024
Charting the course: Biden's blueprint for global cybersecurity.
May 06, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]
May 06, 2024
Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]
May 05, 2024
Geopolitical tensions rise with China. [Research Saturday]
May 04, 2024
Ransomware attack turns legal attack.
May 03, 2024
Dropbox sign breach exposes secrets.
May 02, 2024
Retirement plan breach shakes financial giant.
May 01, 2024
Ransomware is just a prescription for chaos.
Apr 30, 2024
An unprecedented surge in credential stuffing.
Apr 29, 2024
Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]
Apr 28, 2024
Cerber ransomware strikes Linux. [Research Saturday]
Apr 27, 2024
Kaiser Permanente's privacy predicament.
Apr 26, 2024
Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]
Apr 26, 2024
The shadowy adversary in Cisco's crosshairs.
Apr 25, 2024
Iran's covert cyber operations exposed.
Apr 24, 2024
Visa crackdown against spyware swindlers.
Apr 23, 2024
Renewed surveillance sparks controversy.
Apr 22, 2024
Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]
Apr 21, 2024
Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]
Apr 21, 2024
The art of information gathering. [Research Saturday]
Apr 20, 2024
Swift responses to cyberattacks.
Apr 19, 2024
Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]
Apr 19, 2024
From phishing to felony.
Apr 18, 2024
The rebirth of Russia's cyber warfare.
Apr 17, 2024
Weathering the phishing front.
Apr 16, 2024
Hunting vulnerabilities.
Apr 15, 2024
AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]
Apr 15, 2024
Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]
Apr 14, 2024
AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]
Apr 14, 2024
Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]
Apr 13, 2024
Privacy, power, and the path forward.
Apr 12, 2024
Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]
Apr 12, 2024
Apple's worldwide warning on mercenary attacks.
Apr 11, 2024
From deadlock to debate on a revised Section 702 bill.
Apr 10, 2024
Unraveling a healthcare ransomware web.
Apr 09, 2024
A possible breakthrough in data privacy legislation.
Apr 08, 2024
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]
Apr 07, 2024
Leaking your AWS API keys, on purpose? [Research Saturday]
Apr 06, 2024
Deciphering the Acuity cybersecurity incident.
Apr 05, 2024
Securing secrets: The State Department's cyber hunt.
Apr 04, 2024
Biden administration brings down the hammer.
Apr 03, 2024
From lawsuit to logoff: Google's incognito mode makeover.
Apr 02, 2024
Unmasking the xzploitation.
Apr 01, 2024
Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Mar 31, 2024
The supply chain in disarray. [Research Saturday]
Mar 30, 2024
Pentagon’s cybersecurity roadmap.
Mar 29, 2024
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
Mar 29, 2024
A battle against malware.
Mar 28, 2024
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Mar 28, 2024
If there's something strange in your neighborhood, don't call Facebook.
Mar 27, 2024
Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]
Mar 27, 2024
The great firewall breached: China's covert cyber assault on America exposed.
Mar 26, 2024
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Mar 26, 2024
Python developers under attack.
Mar 25, 2024
Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Mar 24, 2024
HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]
Mar 23, 2024
When it rains, it pours.
Mar 22, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
Mar 22, 2024
Safeguarding American data from foreign hands.
Mar 21, 2024
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Mar 21, 2024
Biden's cyber splash in protecting the nation's water systems.
Mar 20, 2024
The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]
Mar 20, 2024
SIM swap scammer pleads guilty.
Mar 19, 2024
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
Mar 19, 2024
The hot pursuit of Volt Typhoon.
Mar 18, 2024
Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]
Mar 17, 2024
Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Mar 17, 2024
Inside SendGrid's phishy business. [Research Saturday]
Mar 16, 2024
Flight fiasco: UK Defence Minister's jet faces GPS jamming.
Mar 15, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
Mar 15, 2024
TikTok showdown: U.S. lawmakers target privacy and security.
Mar 14, 2024
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Mar 14, 2024
The usual suspects are up to their usual tricks.
Mar 13, 2024
Biden's budget boost for cybersecurity.
Mar 12, 2024
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Mar 12, 2024
CISA’s news trifecta.
Mar 11, 2024
Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Mar 10, 2024
Setting better cyber job expectations to attract and retain talent. [Special Edition]
Mar 10, 2024
Understanding the multi-tiered impact of ransomware. [Research Saturday]
Mar 09, 2024
From breach to battle: The escalating threat of Midnight Blizzard.
Mar 08, 2024
Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]
Mar 08, 2024
A secret scheme resulting in stolen secrets.
Mar 07, 2024
Encore: Dinah Davis: Building your network. [R&D] [Career Notes]
Mar 07, 2024
No cyber blues on Super Tuesday.
Mar 06, 2024
From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
Mar 05, 2024
Change Healthcare hackers cash in $22 million ransom.
Mar 05, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]
Mar 05, 2024
Cyberattack causes a code red on US healthcare.
Mar 04, 2024
Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Mar 03, 2024
The return of a malware menace. [Research Saturday]
Mar 02, 2024
WhatsApp's legal triumph cracks the spyware vault.
Mar 01, 2024
Iran's cyber quest in Middle Eastern aerospace.
Feb 29, 2024
Protecting American data.
Feb 28, 2024
Out with the old, in with the new.
Feb 27, 2024
LockBit reloaded: Unveiling the next chapter in cybercrime.
Feb 26, 2024
Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]
Feb 25, 2024
Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]
Feb 24, 2024
Crackdown on privacy leads to a multi-million dollar fine.
Feb 23, 2024
AT&T outage leaves major cities offline.
Feb 22, 2024
Anchoring security for US ports.
Feb 21, 2024
The reign of digital terror ends.
Feb 20, 2024
AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]
Feb 19, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
Feb 19, 2024
Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]
Feb 18, 2024
Hackers come hopping back. [Research Saturday]
Feb 17, 2024
FBI initiates router revolution.
Feb 16, 2024
An AI arms race.
Feb 15, 2024
It’s always DNS, but that may just be FUD.
Feb 14, 2024
Phishing threats unleashed.
Feb 13, 2024
DOJ strikes justice.
Feb 12, 2024
Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]
Feb 11, 2024
Ransomware is coming. [Research Saturday]
Feb 10, 2024
Imitation game: LastPass vs LassPass.
Feb 09, 2024
Volt Typhoon’s stealthy threat to US critical infrastructure.
Feb 08, 2024
Taking a bite out of Apple.
Feb 07, 2024
Cracking down on spyware.
Feb 06, 2024
A serious breach showdown.
Feb 05, 2024
Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]
Feb 04, 2024
Weathering the internet storm. [Research Saturday]
Feb 03, 2024
A digital leaker gets 40 years behind bars.
Feb 02, 2024
Defending America against China's ominous onslaught.
Feb 01, 2024
VPN compromise causes concerns.
Jan 31, 2024
A Typhoon counter.
Jan 30, 2024
Seeking dismissal of SEC allegations.
Jan 29, 2024
Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]
Jan 28, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
Jan 28, 2024
Hooked on pirated macOS applications. [Research Saturday]
Jan 27, 2024
A new purchase is cause for a call out.
Jan 26, 2024
Another day, another Blizzard attack.
Jan 25, 2024
The fight against exploiting Americans.
Jan 24, 2024
The mother of all data breaches.
Jan 23, 2024
Midnight Blizzard brings the storm.
Jan 22, 2024
Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]
Jan 21, 2024
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Jan 21, 2024
A firewall wake up call. [Research Saturday]
Jan 20, 2024
New malware, new threats.
Jan 19, 2024
A credential dump hits the online underground.
Jan 18, 2024
Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]
Jan 18, 2024
Maximum severity vulnerability needs critical updates.
Jan 17, 2024
Vulnerabilities and security risks.
Jan 16, 2024
Putting a dent in the cybersecurity workforce gap. [Special Edition]
Jan 15, 2024
Encore: Examining the current state of security orchestration. [CyberWire-X]
Jan 15, 2024
Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]
Jan 14, 2024
Dual Russian cyber gangs hit 23 companies. [Research Saturday]
Jan 13, 2024
Casting a wider hiring net.
Jan 12, 2024
Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.
Jan 11, 2024
A pivotal global menace.
Jan 10, 2024
Swatting on the rise.
Jan 09, 2024
A conclusion on the xDedic Marketplace investigation.
Jan 08, 2024
Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]
Jan 07, 2024
Diving deep into Phobos ransomware. [Research Saturday]
Jan 06, 2024
Disruptions to the internet.
Jan 05, 2024
Russian hackers hide in Ukraine telecoms for months.
Jan 04, 2024
A digital disappearance in Utah.
Jan 03, 2024
Apple's clickless exploit.
Jan 02, 2024
Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]
Jan 01, 2024
Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]
Dec 31, 2023
Encore: What malicious campaign is lurking under the surface? [Research Saturday]
Dec 30, 2023
T-Minus Overview- Space Cybersecurity. [t-minus]
Dec 29, 2023
Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]
Dec 28, 2023
Encore: Active visibility into OT systems. [Control Loop]
Dec 27, 2023
NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]
Dec 27, 2023
Artificial Intelligence: Insights & Oddities [8th Layer Insights]
Dec 26, 2023
“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]
Dec 26, 2023
Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]
Dec 25, 2023
The CyberWire: The 12 Days of Malware. [Special Edition]
Dec 23, 2023
Sentenced to hospital detention.
Dec 22, 2023
Kingdom come, kingdom fall.
Dec 21, 2023
Leading the charge in cybercrime take downs.
Dec 20, 2023
A dark web take down.
Dec 19, 2023
14 million customers and stolen data.
Dec 18, 2023
Oren Koren: Crossing music and cybersecurity. [Career Notes]
Dec 17, 2023
Shedding light on fighting Ursa. [Research Saturday]
Dec 16, 2023
Remapping privacy.
Dec 15, 2023
Taking down the storm.
Dec 14, 2023
The United Kingdom's catastrophic ransomware attack.
Dec 13, 2023
An internet blackout.
Dec 12, 2023
China sets sights on US critical infrastructure.
Dec 11, 2023
Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]
Dec 10, 2023
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
Dec 09, 2023
On the hunt for popping up kernel drives. [Research Saturday]
Dec 09, 2023
Russia here, Russia there, Russia everywhere.
Dec 08, 2023
New vulnerability packs a punch.
Dec 07, 2023
Push notifications pushing surveillance.
Dec 06, 2023
Sleeper malware denied at Sellafield nuclear site.
Dec 05, 2023
Iran behind attacks on PLCs.
Dec 04, 2023
Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]
Dec 03, 2023
Exploits and vulnerabilities. [Research Saturday]
Dec 02, 2023
Wyden blocks the senate vote.
Dec 01, 2023
Widespread exploitation of severe vulnerability in ownCloud.
Nov 30, 2023
Major crackdown on international cybersecurity.
Nov 29, 2023
Hospitals on the hotplate after ransomware attacks.
Nov 28, 2023
Hacktivists assemble to attack Pennsylvania water utility.
Nov 27, 2023
Chris Hare: Find just three people. [Development] [Career Notes]
Nov 26, 2023
Encore: Another infection with new malware. [Research Saturday]
Nov 25, 2023
Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]
Nov 24, 2023
Cops in the catfish game. [Hacking Humans Goes to the Movies]
Nov 23, 2023
On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.
Nov 22, 2023
Threat actors with mixed motives: from the political to the financial.
Nov 21, 2023
Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.
Nov 20, 2023
Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]
Nov 19, 2023
Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
Nov 19, 2023
The malicious YoroTrooper in disguise. [Research Saturday]
Nov 18, 2023
AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
Nov 18, 2023
Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.
Nov 17, 2023
Shopping during wartime? Focus, people.
Nov 16, 2023
Examining the current state of security orchestration. [CyberWire-X]
Nov 16, 2023
A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.
Nov 15, 2023
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
Nov 14, 2023
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
Nov 13, 2023
Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]
Nov 12, 2023
CSO Perspectives Bonus: Veterans Day special.
Nov 10, 2023
Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.
Nov 09, 2023
No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.
Nov 08, 2023
Cybercriminals at the service of the state, and an array of new underworld tools.
Nov 07, 2023
Precautions, preparations, and resilience against cybercrime and hacktivism.
Nov 06, 2023
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]
Nov 05, 2023
Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
Nov 05, 2023
Sandman doesn't slow malware down. [Research Saturday]
Nov 04, 2023
In the offense-defense see-saw, the defense seems to be rising.
Nov 03, 2023
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Nov 02, 2023
Hacktivism in two hybrid wars (with an excursus on gastropods).
Nov 01, 2023
What would it take to get you kids into a nice, late-model malware mealkit?
Oct 31, 2023
Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)
Oct 30, 2023
The Malware Mash! [Bonus]
Oct 30, 2023
Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
Oct 29, 2023
No rest for the wicked HiatusRAT. [Research Saturday]
Oct 28, 2023
Social engineering as a blunt instrument–almost like swatting without the middleman.
Oct 27, 2023
Some intelligence services understand the value of being underestimated.
Oct 26, 2023
AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.
Oct 25, 2023
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
Oct 24, 2023
How people get over on the content moderators.
Oct 23, 2023
Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]
Oct 22, 2023
AMBERSQUID hides in the depths. [Research Saturday]
Oct 21, 2023
Disinformation and its often overlooked potential for denial-of-services.
Oct 20, 2023
Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.
Oct 19, 2023
Hacktivist discipline is inversely correlated with sincerity of commitment.
Oct 18, 2023
Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.
Oct 17, 2023
Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.
Oct 16, 2023
Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
Oct 15, 2023
Unwanted guests harvest your information. [Research Saturday]
Oct 14, 2023
Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.
Oct 13, 2023
Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.
Oct 12, 2023
Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.
Oct 11, 2023
The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.
Oct 10, 2023
Solution spotlight: Paths to cybersecurity. [Interview Select]
Oct 09, 2023
Susie Squier: You're never alone. [President] [Career Notes]
Oct 08, 2023
Targets from DuckTail. [Research Saturday]
Oct 07, 2023
Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.
Oct 06, 2023
Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Oct 05, 2023
A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.
Oct 04, 2023
Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
Oct 03, 2023
Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
Oct 02, 2023
Ted Wagner: Get that hands on experience. [CISO] [Career Notes]
Oct 01, 2023
Downloading cracked software. [Research Saturday]
Sep 30, 2023
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
Sep 29, 2023
Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
Sep 28, 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
Sep 27, 2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
Sep 26, 2023
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.
Sep 25, 2023
Threat intelligence discussion with Chris Krebs. [Special Edition]
Sep 25, 2023
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
Sep 24, 2023
Behind the Google shopping ad masks. [Research Saturday]
Sep 23, 2023
Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
Sep 22, 2023
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
Sep 21, 2023
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
Sep 20, 2023
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
Sep 19, 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Sep 18, 2023
Karl Mattson: Defer gratification. (CISO) [Career Notes]
Sep 17, 2023
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
Sep 16, 2023
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
Sep 15, 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
Sep 14, 2023
How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
Sep 13, 2023
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”
Sep 12, 2023
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
Sep 11, 2023
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
Sep 10, 2023
No honor in being a criminal. [Research Saturday]
Sep 09, 2023
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.
Sep 08, 2023
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
Sep 07, 2023
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
Sep 06, 2023
In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
Sep 05, 2023
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
Sep 04, 2023
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
Sep 03, 2023
Thwarting Muddled Libra. [Research Saturday]
Sep 02, 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
Sep 01, 2023
GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
Aug 31, 2023
An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
Aug 30, 2023
A joint advisory on post-quantum readiness. [Special Edition]
Aug 30, 2023
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.
Aug 29, 2023
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
Aug 28, 2023
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
Aug 27, 2023
Google's not being ghosted from vulnerabilities. [Research Saturday]
Aug 26, 2023
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.
Aug 25, 2023
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.
Aug 24, 2023
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
Aug 23, 2023
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
Aug 22, 2023
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
Aug 21, 2023
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
Aug 20, 2023
Politicians targeted by RomCom. [Research Saturday]
Aug 19, 2023
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
Aug 18, 2023
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
Aug 17, 2023
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
Aug 16, 2023
Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.
Aug 15, 2023
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
Aug 14, 2023
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
Aug 13, 2023
It's raining credentials. [Research Saturday]
Aug 12, 2023
Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.
Aug 11, 2023
A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
Aug 10, 2023
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
Aug 09, 2023
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.
Aug 08, 2023
Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.
Aug 07, 2023
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Aug 06, 2023
Who is that stealing my credentials? [Research Saturday]
Aug 05, 2023
2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.
Aug 04, 2023
Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
Aug 03, 2023
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
Aug 02, 2023
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
Aug 01, 2023
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.
Jul 31, 2023
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
Jul 30, 2023
Phishing for leeches. [Research Saturday]
Jul 29, 2023
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.
Jul 28, 2023
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
Jul 27, 2023
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
Jul 26, 2023
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
Jul 25, 2023
DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
Jul 24, 2023
Don Welch: Being a good leader. [CIO] [Career Notes]
Jul 23, 2023
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
Jul 23, 2023
Welcome to New York, it's been waitin' for you. [Research Saturday]
Jul 22, 2023
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
Jul 21, 2023
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
Jul 20, 2023
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
Jul 19, 2023
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
Jul 18, 2023
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
Jul 17, 2023
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
Jul 16, 2023
SCARLETEEL zaps back again. [Research Saturday]
Jul 15, 2023
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
Jul 14, 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
Jul 13, 2023
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
Jul 12, 2023
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
Jul 11, 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
Jul 10, 2023
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
Jul 09, 2023
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Jul 09, 2023
Creating PANDA-monium. [Research Saturday]
Jul 08, 2023
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
Jul 07, 2023
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
Jul 06, 2023
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
Jul 05, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Jul 04, 2023
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
Jul 03, 2023
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Jul 02, 2023
The power behind artificial intelligence. [Research Saturday]
Jul 01, 2023
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.
Jun 30, 2023
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.
Jun 29, 2023
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
Jun 28, 2023
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
Jun 27, 2023
Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.
Jun 26, 2023
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
Jun 25, 2023
Unleashing the crypto gold rush. [Research Saturday]
Jun 24, 2023
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
Jun 23, 2023
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
Jun 22, 2023
A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
Jun 21, 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
Jun 20, 2023
Lorna Mahlock: Build bridges. [Combat support] [Career Notes]
Jun 18, 2023
Managing machine learning risks. [Research Saturday]
Jun 17, 2023
The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
Jun 16, 2023
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
Jun 15, 2023
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
Jun 15, 2023
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.
Jun 14, 2023
CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.
Jun 13, 2023
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.
Jun 12, 2023
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
Jun 11, 2023
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
Jun 10, 2023
“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
Jun 09, 2023
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
Jun 09, 2023
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
Jun 08, 2023
PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
Jun 07, 2023
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
Jun 06, 2023
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
Jun 05, 2023
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
Jun 04, 2023
Lancefly screams bloody Merdoor.
Jun 03, 2023
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
Jun 02, 2023
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
Jun 01, 2023
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
May 31, 2023
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
May 30, 2023
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
May 28, 2023
8 GoAnywhere MFT breaches and counting. [Research Saturday]
May 27, 2023
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
May 26, 2023
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
May 25, 2023
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
May 25, 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
May 24, 2023
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
May 23, 2023
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
May 22, 2023
Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]
May 22, 2023
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
May 21, 2023
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
May 20, 2023
Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.
May 19, 2023
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
May 18, 2023
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]
May 18, 2023
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.
May 17, 2023
What is data centric security and why should anyone care? [CyberWire-X]
May 17, 2023
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
May 16, 2023
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
May 15, 2023
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
May 14, 2023
Running away from operation Tainted Love. [Research Saturday]
May 13, 2023
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
May 12, 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
May 12, 2023
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
May 11, 2023
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
May 11, 2023
Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.
May 10, 2023
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
May 09, 2023
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
May 08, 2023
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
May 07, 2023
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
May 06, 2023
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
May 05, 2023
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
May 04, 2023
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
May 03, 2023
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
May 02, 2023
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
May 01, 2023
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Apr 30, 2023
HinataBot focuses on DDoS attack. [Research Saturday]
Apr 29, 2023
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
Apr 28, 2023
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
Apr 27, 2023
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
Apr 26, 2023
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.
Apr 25, 2023
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
Apr 24, 2023
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
Apr 23, 2023
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
Apr 23, 2023
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Apr 22, 2023
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
Apr 21, 2023
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
Apr 20, 2023
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
Apr 20, 2023
Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”
Apr 19, 2023
A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]
Apr 19, 2023
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.
Apr 18, 2023
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
Apr 17, 2023
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Apr 16, 2023
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
Apr 15, 2023
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
Apr 14, 2023
Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
Apr 13, 2023
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.
Apr 12, 2023
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
Apr 11, 2023
A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
Apr 10, 2023
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
Apr 09, 2023
A dark side to LLMs. [Research Saturday]
Apr 08, 2023
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
Apr 07, 2023
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
Apr 06, 2023
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.
Apr 05, 2023
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
Apr 04, 2023
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
Apr 03, 2023
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
Apr 02, 2023
Blackfly flies back again. [Research Saturday]
Apr 01, 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
Mar 31, 2023
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.
Mar 30, 2023
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
Mar 29, 2023
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
Mar 28, 2023
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
Mar 27, 2023
An introduction to the National Cryptologic Museum. [Special Edition]
Mar 27, 2023
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Mar 26, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Mar 26, 2023
Popunders are not the good kind of ads. [Research Saturday]
Mar 25, 2023
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
Mar 24, 2023
Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
Mar 23, 2023
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
Mar 22, 2023
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
Mar 21, 2023
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
Mar 20, 2023
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
Mar 19, 2023
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
Mar 18, 2023
ChatGPT grants malicious wishes? [Research Saturday]
Mar 18, 2023
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
Mar 17, 2023
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
Mar 16, 2023
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
Mar 16, 2023
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
Mar 15, 2023
Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
Mar 14, 2023
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
Mar 13, 2023
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
Mar 12, 2023
Files stolen from a sneaky SymStealer. [Research Saturday]
Mar 11, 2023
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
Mar 10, 2023
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
Mar 09, 2023
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.
Mar 08, 2023
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
Mar 07, 2023
That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.
Mar 06, 2023
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
Mar 05, 2023
New exploits are tricking Chrome. [Research Saturday]
Mar 04, 2023
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
Mar 03, 2023
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
Mar 03, 2023
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
Mar 03, 2023
CyberWire commentary: Ukraine one year on. [Special Edition]
Mar 03, 2023
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
Mar 02, 2023
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
Mar 01, 2023
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
Feb 28, 2023
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
Feb 27, 2023
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
Feb 26, 2023
The next hot AI scam. [Research Saturday]
Feb 25, 2023
A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
Feb 24, 2023
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
Feb 23, 2023
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
Feb 22, 2023
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
Feb 21, 2023
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
Feb 20, 2023
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
Feb 19, 2023
Implementing and achieving security resilience. [Research Saturday]
Feb 18, 2023
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
Feb 17, 2023
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
Feb 16, 2023
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.
Feb 15, 2023
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.
Feb 14, 2023
Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
Feb 13, 2023
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
Feb 12, 2023
Knocking down the legs of the industrial security triad. [Research Saturday]
Feb 11, 2023
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)
Feb 10, 2023
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
Feb 10, 2023
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
Feb 09, 2023
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]
Feb 09, 2023
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
Feb 08, 2023
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
Feb 07, 2023
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
Feb 06, 2023
Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]
Feb 05, 2023
“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]
Feb 05, 2023
Can ransomware turn machines against us? [Research Saturday]
Feb 04, 2023
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
Feb 03, 2023
Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
Feb 02, 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Feb 01, 2023
The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.
Jan 31, 2023
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Jan 30, 2023
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
Jan 29, 2023
Interview with the AI, part one. [Special Editions]
Jan 29, 2023
Flagging firmware vulnerabilities. [Research Saturday]
Jan 28, 2023
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
Jan 27, 2023
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
Jan 26, 2023
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]
Jan 26, 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
Jan 25, 2023
Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]
Jan 25, 2023
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
Jan 24, 2023
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
Jan 23, 2023
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
Jan 22, 2023
The power of web data in cybersecurity. [CyberWire-X]
Jan 22, 2023
Billbug infests government agencies. [Research Saturday]
Jan 21, 2023
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Jan 20, 2023
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
Jan 19, 2023
ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
Jan 18, 2023
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”
Jan 17, 2023
Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]
Jan 16, 2023
Gene Fay: Lead from the front. [CEO] [Career Notes]
Jan 15, 2023
DUCKTAIL waddles back again. [Research Saturday]
Jan 14, 2023
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
Jan 13, 2023
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
Jan 12, 2023
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
Jan 11, 2023
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
Jan 10, 2023
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
Jan 09, 2023
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Jan 08, 2023
Stealer malware from Russia. [Research Saturday]
Jan 07, 2023
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
Jan 06, 2023
PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
Jan 05, 2023
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
Jan 04, 2023
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
Jan 03, 2023
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
Jan 03, 2023
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
Jan 02, 2023
Encore: LemonDucks evading detection.
Dec 31, 2022
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
Dec 30, 2022
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Dec 29, 2022
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
Dec 28, 2022
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
Dec 27, 2022
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Dec 26, 2022
The CyberWire: The 12 Days of Malware.[Special Editions]
Dec 25, 2022
Encore: Vulnerabilities in IoT devices.
Dec 24, 2022
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.
Dec 23, 2022
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.
Dec 22, 2022
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
Dec 21, 2022
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.
Dec 20, 2022
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
Dec 19, 2022
Strategies to get the most out of your toolsets. [CyberWire-X]
Dec 18, 2022
Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]
Dec 18, 2022
Hijacking holiday spirit with phishing scams. [Research Saturday]
Dec 17, 2022
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
Dec 16, 2022
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
Dec 15, 2022
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
Dec 14, 2022
Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
Dec 13, 2022
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
Dec 12, 2022
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Dec 11, 2022
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
Dec 11, 2022
Cybersecurity during the World Cup. [Research Saturday]
Dec 10, 2022
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
Dec 09, 2022
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
Dec 08, 2022
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Dec 07, 2022
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
Dec 07, 2022
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.
Dec 06, 2022
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
Dec 05, 2022
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
Dec 04, 2022
Old malware returns in a new way. [Research Saturday]
Dec 03, 2022
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
Dec 02, 2022
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
Dec 01, 2022
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.
Nov 30, 2022
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
Nov 29, 2022
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”
Nov 28, 2022
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
Nov 27, 2022
Encore: The secrets behind Docker.
Nov 26, 2022
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
Nov 25, 2022
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
Nov 24, 2022
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
Nov 23, 2022
Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.
Nov 22, 2022
Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.
Nov 21, 2022
Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]
Nov 20, 2022
Another infection with new malware. [Research Saturday]
Nov 19, 2022
Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
Nov 18, 2022
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]
Nov 18, 2022
Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.
Nov 17, 2022
Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022
Nov 16, 2022
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]
Nov 16, 2022
An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
Nov 15, 2022
Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
Nov 14, 2022
Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]
Nov 13, 2022
An in-depth look on the Crytox ransomware family. [Research Saturday]
Nov 12, 2022
CSO Perspectives Bonus: Veterans Day special.
Nov 11, 2022
US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.
Nov 10, 2022
A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
Nov 09, 2022
Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Nov 08, 2022
Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
Nov 07, 2022
Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
Nov 06, 2022
Over-the-air 0-day vulnerabilities. [Research Saturday]
Nov 05, 2022
Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
Nov 04, 2022
“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
Nov 03, 2022
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
Nov 02, 2022
OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.
Nov 01, 2022
Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.
Oct 31, 2022
Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]
Oct 30, 2022
Bugs and working from home. [Research Saturday]
Oct 29, 2022
Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.
Oct 28, 2022
The Malware Mash! [Bonus]
Oct 28, 2022
CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.
Oct 27, 2022
Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
Oct 26, 2022
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.
Oct 25, 2022
US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.
Oct 24, 2022
CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]
Oct 24, 2022
Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]
Oct 23, 2022
New tools target governments in Middle East? [Research Saturday]
Oct 22, 2022
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.
Oct 21, 2022
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.
Oct 20, 2022
Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.
Oct 19, 2022
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.
Oct 18, 2022
Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.
Oct 17, 2022
Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]
Oct 16, 2022
Cyber confidence: Knowing what you have and where it is. [CyberWire-X]
Oct 16, 2022
Noberus ransomware: evolving tactics. [Research Saturday]
Oct 15, 2022
Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.
Oct 14, 2022
What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.
Oct 13, 2022
Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.
Oct 12, 2022
An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.
Oct 11, 2022
CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]
Oct 10, 2022
Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]
Oct 10, 2022
Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]
Oct 09, 2022
Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]
Oct 09, 2022
Google Drive used for malware? [Research Saturday]
Oct 08, 2022
A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.
Oct 07, 2022
CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.
Oct 07, 2022
Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.
Oct 06, 2022
Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.
Oct 05, 2022
CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
Oct 04, 2022
CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.
Oct 04, 2022
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Oct 03, 2022
Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]
Oct 02, 2022
The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]
Oct 02, 2022
Targeting your browser bookmarks? [Research Saturday]
Oct 01, 2022
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
Sep 30, 2022
Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
Sep 29, 2022
DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.
Sep 28, 2022
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.
Sep 27, 2022
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
Sep 26, 2022
Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
Sep 25, 2022
Keeping an eye on RDS vulnerabilities. [Research Saturday]
Sep 24, 2022
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
Sep 23, 2022
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
Sep 22, 2022
CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
Sep 22, 2022
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
Sep 22, 2022
A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
Sep 21, 2022
An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.
Sep 20, 2022
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.
Sep 19, 2022
Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]
Sep 18, 2022
An increase in bypassing bot management? [Research Saturday]
Sep 17, 2022
Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.
Sep 16, 2022
CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
Sep 15, 2022
Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
Sep 15, 2022
Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).
Sep 14, 2022
A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]
Sep 13, 2022
Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.
Sep 13, 2022
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.
Sep 12, 2022
Mark Logan: March towards your goals. [CEO] [Career Notes]
Sep 11, 2022
A CSO's 9/11 Story: CSO Perspectives Bonus.
Sep 11, 2022
Evilnum APT returns with new targets. [Research Saturday]
Sep 10, 2022
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
Sep 09, 2022
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.
Sep 08, 2022
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
Sep 07, 2022
CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]
Sep 06, 2022
Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.
Sep 06, 2022
New CISO responsibilities: supply chain. [CSO Perspectives]
Sep 05, 2022
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
Sep 04, 2022
LockBit's contradiction on encryption speed. [Research Saturday]
Sep 03, 2022
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
Sep 02, 2022
News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.
Sep 01, 2022
Securing multi-cloud identity with orchestration. [CyberWire-X]
Sep 01, 2022
Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.
Aug 31, 2022
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.
Aug 30, 2022
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
Aug 29, 2022
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
Aug 28, 2022
How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]
Aug 27, 2022
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.
Aug 26, 2022
Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.
Aug 25, 2022
Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.
Aug 24, 2022
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
Aug 23, 2022
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.
Aug 22, 2022
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
Aug 21, 2022
Clipminer: Making millions off of malware. [Research Saturday]
Aug 20, 2022
Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.
Aug 19, 2022
BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.
Aug 18, 2022
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
Aug 17, 2022
CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}
Aug 17, 2022
Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.
Aug 16, 2022
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
Aug 15, 2022
Christian Lees: it's not always textbook. [CTO] [Career Notes]
Aug 14, 2022
Red teamer's perspective on demotivating attackers. [CyberWire-X]
Aug 14, 2022
Fake job ads and how to spot them. [Research Saturday]
Aug 13, 2022
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.
Aug 12, 2022
CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}
Aug 11, 2022
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.
Aug 11, 2022
Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.
Aug 10, 2022
Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.
Aug 09, 2022
Cybersecurity is a team sport. [CyberWire-X]
Aug 09, 2022
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.
Aug 08, 2022
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
Aug 07, 2022
Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]
Aug 06, 2022
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.
Aug 05, 2022
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.
Aug 04, 2022
CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]
Aug 04, 2022
Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.
Aug 03, 2022
Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?
Aug 02, 2022
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.
Aug 01, 2022
Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]
Jul 31, 2022
What malicious campaign is lurking under the surface? [Research Saturday]
Jul 30, 2022
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.
Jul 29, 2022
SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.
Jul 28, 2022
The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.
Jul 27, 2022
LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.
Jul 26, 2022
The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.
Jul 25, 2022
The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]
Jul 24, 2022
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
Jul 24, 2022
Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
Jul 23, 2022
Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”
Jul 22, 2022
Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.
Jul 21, 2022
Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.
Jul 20, 2022
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
Jul 19, 2022
Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.
Jul 18, 2022
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
Jul 17, 2022
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]
Jul 17, 2022
A record breaking DDoS attack. [Research Saturday]
Jul 16, 2022
Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.
Jul 15, 2022
A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]
Jul 15, 2022
Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.
Jul 14, 2022
AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.
Jul 13, 2022
High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.
Jul 12, 2022
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.
Jul 11, 2022
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
Jul 10, 2022
Information operations during a war. [Research Saturday]
Jul 09, 2022
An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
Jul 08, 2022
Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.
Jul 07, 2022
CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]
Jul 06, 2022
Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.
Jul 06, 2022
Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.
Jul 05, 2022
Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]
Jul 04, 2022
Could REvil have a copycat? [Research Saturday]
Jul 02, 2022
Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.
Jul 01, 2022
CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]
Jun 30, 2022
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.
Jun 30, 2022
Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.
Jun 29, 2022
DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?
Jun 28, 2022
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.
Jun 27, 2022
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
Jun 26, 2022
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
Jun 25, 2022
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
Jun 24, 2022
CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]
Jun 24, 2022
Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.
Jun 23, 2022
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.
Jun 22, 2022
Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.
Jun 21, 2022
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
Jun 20, 2022
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
Jun 19, 2022
Dissecting the Spring4Shell vulnerability. [Research Saturday]
Jun 18, 2022
Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.
Jun 17, 2022
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
Jun 16, 2022
Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.
Jun 15, 2022
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.
Jun 14, 2022
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
Jun 13, 2022
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Jun 12, 2022
New developments in the WSL attack. [Research Saturday]
Jun 11, 2022
The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.
Jun 10, 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Jun 09, 2022
Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.
Jun 08, 2022
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]
Jun 08, 2022
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus
Jun 07, 2022
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."
Jun 06, 2022
Defining the intruder’s dilemma. [CyberWire-X]
Jun 05, 2022
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
Jun 05, 2022
LemonDucks evading detection. [Research Saturday]
Jun 04, 2022
Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.
Jun 03, 2022
Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.
Jun 02, 2022
CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]
Jun 01, 2022
Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!
Jun 01, 2022
Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.
May 31, 2022
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
May 29, 2022
Compromised military tech? [Research Saturday]
May 28, 2022
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
May 27, 2022
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
May 26, 2022
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
May 25, 2022
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
May 24, 2022
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.
May 23, 2022
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
May 22, 2022
AutoWarp bug leads to Automation headaches. [Research Saturday]
May 21, 2022
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
May 20, 2022
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]
May 20, 2022
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
May 19, 2022
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
May 19, 2022
Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
May 18, 2022
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]
May 17, 2022
Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
May 17, 2022
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
May 16, 2022
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
May 15, 2022
The current state of zero trust. [CyberWire-X]
May 15, 2022
Vulnerabilities in IoT devices. [Research Saturday]
May 14, 2022
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
May 13, 2022
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
May 12, 2022
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
May 12, 2022
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
May 11, 2022
Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.
May 10, 2022
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.
May 09, 2022
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
May 08, 2022
Attacking where vulnerable. [Research Saturday]
May 07, 2022
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).
May 06, 2022
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
May 05, 2022
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.
May 04, 2022
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
May 03, 2022
The future of security validation – what next? [CyberWire-X]
May 03, 2022
Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.
May 02, 2022
DevSecOps and securing the container. [CyberWire-X]
May 01, 2022
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
May 01, 2022
Attackers coming in from the Backdoor? [Research Saturday]
Apr 30, 2022
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
Apr 29, 2022
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.
Apr 28, 2022
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
Apr 27, 2022
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
Apr 26, 2022
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.
Apr 25, 2022
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
Apr 24, 2022
BABYSHARK is swimming again! [Research Saturday]
Apr 23, 2022
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.
Apr 22, 2022
Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
Apr 21, 2022
Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
Apr 20, 2022
In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
Apr 19, 2022
Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
Apr 18, 2022
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Apr 17, 2022
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
Apr 17, 2022
A fight to defend Taiwan financial institutions. [Research Saturday]
Apr 16, 2022
Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
Apr 15, 2022
A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
Apr 14, 2022
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
Apr 13, 2022
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
Apr 12, 2022
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
Apr 11, 2022
SolarWinds through a first principle lens. [CSO Perspectives]
Apr 11, 2022
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
Apr 10, 2022
The secrets behind Docker. [Research Saturday]
Apr 09, 2022
Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
Apr 08, 2022
Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
Apr 07, 2022
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
Apr 06, 2022
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
Apr 05, 2022
Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
Apr 04, 2022
Living security: the current state of XDR. [CyberWire-X]
Apr 03, 2022
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
Apr 03, 2022
A popular malware scheme and pay-per-install services. [Research Saturday]
Apr 02, 2022
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.
Apr 01, 2022
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
Mar 31, 2022
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
Mar 30, 2022
Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
Mar 29, 2022
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
Mar 28, 2022
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
Mar 26, 2022
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
Mar 25, 2022
Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.
Mar 24, 2022
Insider Risk Excellence Awards. [CyberWire-X]
Mar 24, 2022
British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
Mar 23, 2022
White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
Mar 22, 2022
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
Mar 21, 2022
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
Mar 20, 2022
Implications of data leaks of sensitive OT information. [Research Saturday]
Mar 19, 2022
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
Mar 18, 2022
Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
Mar 17, 2022
Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
Mar 16, 2022
Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
Mar 15, 2022
Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
Mar 14, 2022
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
Mar 13, 2022
The story of REvil: From origin to beyond. [Research Saturday]
Mar 12, 2022
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
Mar 11, 2022
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
Mar 10, 2022
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.
Mar 09, 2022
Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
Mar 08, 2022
Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
Mar 07, 2022
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
Mar 06, 2022
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
Mar 06, 2022
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
Mar 05, 2022
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.
Mar 04, 2022
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
Mar 03, 2022
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
Mar 02, 2022
Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
Mar 01, 2022
An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
Feb 28, 2022
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Feb 27, 2022
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
Feb 26, 2022
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
Feb 25, 2022
Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
Feb 24, 2022
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
Feb 23, 2022
Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.
Feb 22, 2022
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
Feb 21, 2022
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures
Feb 21, 2022
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Feb 20, 2022
What Log4Shell has taught us. [CyberWire-X]
Feb 20, 2022
Instagram hijacks all start with a phish. [Research Saturday]
Feb 19, 2022
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.
Feb 18, 2022
Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
Feb 17, 2022
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.
Feb 16, 2022
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.
Feb 15, 2022
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
Feb 14, 2022
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
Feb 13, 2022
SysJoker backdoor masquerades as benign updates. [Research Saturday]
Feb 12, 2022
Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.
Feb 11, 2022
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.
Feb 10, 2022
A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
Feb 09, 2022
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
Feb 08, 2022
Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
Feb 07, 2022
The persistent and patient nature of advanced threat actors. [Research Saturday]
Feb 05, 2022
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
Feb 04, 2022
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
Feb 03, 2022
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
Feb 02, 2022
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
Feb 01, 2022
The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
Jan 31, 2022
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Jan 30, 2022
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
Jan 30, 2022
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
Jan 29, 2022
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
Jan 28, 2022
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
Jan 27, 2022
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
Jan 26, 2022
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
Jan 25, 2022
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
Jan 24, 2022
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
Jan 23, 2022
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
Jan 22, 2022
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
Jan 22, 2022
Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
Jan 20, 2022
Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
Jan 19, 2022
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.