CyberWire Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Eine durchschnittliche Folge dieses Podcasts dauert 21m. Bisher sind 2930 Folge(n) erschienen. Dies ist ein täglich erscheinender Podcast.

Gesamtlänge aller Episoden: 44 days 16 hours 26 minutes


episode 1479: Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.

A second vulnerability is found and fixed in Log4j as both criminals and nation-state intelligence services increase their exploitation of Log4shell. Iranian intelligence services have been actively conducting cyberespionage against a range of targets in the Middle East and Asia. Andrea Little Limbago from Interos checks in on supply chain issues. Our guest is Suzy Greenberg from Intel with a look ahead toward the coming year...


 December 15, 2021  28m

episode 1480: Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.

Log4Shell is exploited by criminals and intelligence services. Private sector offensive cyber capabilities are on par with nation-states. Noberus ransomware is used in double-extortion attacks. Malek Ben Salem from Accenture looks at cyber twins. Our guest is Tom Kellermann from VMware with reaction to CISA’s Binding Operational Directive. And Squid Game phishbait. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire...


 December 16, 2021  26m

episode 1481: Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.

It seems that Fancy Bear may be interested in Log4shell after all. CISA issues Emergency Directive 22-02, which addressed Log4j. Huawei’s reputation as a security risk may be traceable to a 2012 incident in an Australian telco’s networks. Tropic Trooper is back, and interested in transportation. Meta kicks out seven “cyber mercenary” surveillance outfits. PseudoManusrypt looks curiously indiscriminate...


 December 17, 2021  25m

episode 1482: Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.

Updates on Log4j vulnerabilities: new exploitation, new mitigations, new risk assessments, some good advice from the NCSC, and from Betsy Carmelite and Mike Saxton, analysts at Booz Allen Hamilton. Kronos interruptions continue into the holiday season. NCA shares compromised passwords with Have I Been Pwned. A power grid security exercise in Ukraine, AWS outage last week put down to congestion. Hack-A-Sat promises more transparency. Tis the season for charity scams, as Carole Theriault reports...


 December 20, 2021  25m

episode 1483: Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.

Belgium’s Ministry of Defense comes under attack via Log4j vulnerabilities. A cellular handover, man-in-the-middle exploit is described by researchers. The FBI says an APT group is exploiting unpatched Zoho ManageEngine Desktop Central servers. The US charges five Russian nationals with a range of cybercrimes. Coin-miners in China feel some heat. Ben Yelin describes a Meta lawsuit targeting anonymous phishers. Our guest Todd Carroll of CybelAngel explains the shifting tactics of “troll farms”...


 December 21, 2021  27m

episode 1484: The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.

More criminals exploit vulnerabilities in Log4j. The Five Eyes issue a joint advisory on Log4j-related vulnerabilities, as other government organizations look into defending themselves against Log4shell. Ransomware updates. Russo-Ukrainian tensions rise, as does the likelihood of Russian cyberattacks against its neighbor. Uganda and NSO Group’s troubles. CISA issues six ICS advisories. Malek Ben Salem explains synthetic voices. Our guest is Dr...


 December 22, 2021  27m

episode 1485: Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.

An update of where things stand with respect to the Log4j vulnerabilities, and a reminder that there are other matters to attend to as well. RSAC postpones its annual security shindig to June, hoping to avoid the COVID. A German court awards pain-and-suffering damages for a data breach. Carole Theriault looks at hiring challenges in cyber. Robert M. Lee from Dragos with insights from his own entrepreneurial journey. And a new start-up seeks to take lemons and make them into lemonade...


 December 23, 2021  27m

episode 1711: Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”

Nighthawk’s at the diner (but maybe not on the crooks’ menu). Internet service in Ukraine and Moldova is interrupted by strikes against Ukraine's power grid. Sandworm renews ransomware activity against Ukrainian targets. Russian cyber-reconnaissance seen at a Netherlands LNG terminal. European Parliament votes to declare Russia a terrorist state (and Russia responds with cyberattacks and terroristic threats). Carole Theriault reports on where these kids today are getting their news...


 November 28, 2022  28m