Gesamtlänge aller Episoden: 44 days 14 hours 29 minutes
SolarWinds’ 8-K suggests the possible scope of the Sunburst incident. CISA leads the US Federal post-attack mopping up as more agencies are known to have been affected. How FireEye found the SolarWinds backdoor. GCHQ is looking for possible signs of Sunburst in the UK. Operation Earth Kitsune is attributed to North Korea. Google explains yesterday’s outage. Ben Yelin looks at retail privacy issues. Our guest is Jasson Casey from Beyond Identity on going passwordless...
SolarWinds breach reportedly affected parts of the Pentagon. Microsoft and partners seize and sinkhole command-and-control domain used by Sunburst malware. The threat actor behind the breach used a novel technique to bypass multi factor authentication at a think tank. Facebook takes down competing inauthentic networks focused on Africa. Joe Carrigan has insights on Amnesia 33. Our guest, Greg Edwards from CryptoStopper, shares his experience getting back online after a Derecho...
The SolarWinds supply chain compromise may not have been an act of war, but it was certainly a very damaging espionage effort. The FBI, CISA, and ODNI are leading a whole-of-government response to the incident. Three companies have collaborated on a killswitch for the Sunburst backdoor’s initial command and control. HPE discloses a zero day in its SIM software. ODNI will delay its report on Chinese election influence ops. Thomas Etheridge from CrowdStrike on their Services Front Lines report...
Cozy Bear’s software supply chain compromise and its massive cyberespionage effort against the US Government and the associated private sector, is still being untangled. But it’s very extensive, very bad, and very tough to remediate. Both CISA and NSA have advice about the incident, and we check in with Robert M. Lee from Dragos for his thoughts. John Pescatore from SANS advocates renewing our focus on information security. Iran may be running a ransomware campaign for influence purposes...
Cozy Bear’s big sweep through US networks gets bigger, longer, more carefully prepared, and worse in every way. IBM uncovers a big, conventionally criminal “evil mobile emulator farm,” and that’s no good, either. Citizen Lab finds more to complain about with respect to alleged abuse of NSO Group’s Pegasus tools. Awais Rashid from Bristol University on taking a risk-based approach to security. Rick Howard speaks with Cyral CEO Manav Mital on infrastructure as code...
The US continues to count the cost of the SVR’s successful cyberespionage campaign. Attribution, and why it’s the TTPs and not the org chart that matters. Emotet makes an unhappy holiday return. It seems unlikely that NSA and US Cyber Command will be separated in the immediate future. Big Tech objects, in court, to NSO Group and its Pegasus spyware (or lawful intercept product, depending on whether you’re in the plaintiff’s or the respondent’s corner)...
Cozy Bear lived up to its reputation for quiet patience. Counting the cost of the SVR cyberespionage campaign. What do intelligence services do with all the data they collect? An Iranian influence campaign sought to foment US post-election violence. Joe Carrigan looks at social engineering aimed at domain registrars. Our guest is John Worrall from ZeroNorth on the importance of security champions. And a last look ahead at 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices