Gesamtlänge aller Episoden: 36 days 4 hours 36 minutes
Mohammad Kazem Hassan Nejad from WithSecure joins Dave to discuss the team’s research, “DUCKTAIL returns - Underneath the ruffled feathers.” DUCKTAIL is a financially motivated malware operation that targets individuals and businesses operating on the Facebook Ads and Business platform. The research states “The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account...
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3...
Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market...
Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post’s Cyber 202 on cyber rising to the level of war crime...
A look back at ransomware in 2022. Lessons from Russia's war: crooks, hacktivists, and auxiliaries. Cyberattacks as war crimes. The state of SSE adoption. RSA Conference 2023 opens applications for the Launch Pad and the Innovation Sandbox. Joe Carrigan looks at online scams targeting military members. Our guest is Richard Caralli from Axio on the State of Ransomware Preparedness. And the most common known exploited vulnerabilities affecting the financial sector...
Telegram impersonation affects a cryptocurrency firm. Phishing with Facebook termination notices. Russian phishing continues to target Moldova. The IEEE on the impact of technology in 2023. Glass ceilings in tech leadership. Seattle Schools sue social media platforms. Malek Ben Salem from Accenture explains coding models. Our guest is Julie Smith, identity security leader and executive director at IDSA, with insights on identity and security strategies...
Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career...
Marisa Atkinson, an analyst from Flashpoint, joins Dave to discuss a new blog post from Flashpoint’s research team about “RisePro” Stealer, malware from Russia, and Pay-Per-Install Malware “PrivateLoader.” “RisePro” is written in C++ and appears to possess similar functionality to the stealer malware “Vidar.” It's also a newly identified stealer, that began appearing as a stealer source for log credentials on the illicit log shop Russian Market on December 13, 2022...
Security vulnerabilities in automobiles. CircleCI customers should "rotate their secrets." CISA Director Easterly notes Russian failures, but warns that shields should stay up. Attempted cyberespionage against US National Laboratories. Turla effectively recycles some commodity malware infrastructure. Robert M. Lee from Dragos shares his outlook on ICS for the new year. Our CyberWire Space correspondent Maria Varmazis interviews Diane Janosek from NSA about her research on space-cyber...
The PurpleUrchin freejacking campaign. Bluebottle activity against banks in Francophone Africa. The PyTorch framework sustains a supply-chain attack. 2022's ransomware leaderboard. Cellphone traffic as a source of combat information. FBI Cyber Division AD Bryan Vorndran on the interaction and collaboration of federal agencies in the cyber realm. Our guest Jerry Caponera from ThreatConnect wonders if we need more "Carrots" Than "Sticks" In Cybersecurity Regulation...