The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
https://thecyberwire.com/podcasts/daily-podcast
Gesamtlänge aller Episoden: 43 days 19 hours 5 minutes
episode 1329: Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.
Colonial Pipeline shuts down some systems after a ransomware attack, disrupting refined petroleum product delivery in the Eastern US. We’ll check in with Sergio Caltagirone from Dragos for his analysis. Other ransomware attacks hit city and Tribal governments. Joint UK-US alert on SVR tactics issued, and the SVR may have changed its methods accordingly. SolarWinds revised downward its estimate of the number of customers affected by its compromise...
episode 1330: Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.
Updates on the DarkSide ransomware attack on Colonial Pipeline. Other ransomware strains, including Avaddon and Babuk are out, and dangerous. Guidelines on 5G threat vectors. Lemon Duck cryptojackers are looking for vulnerable Exchange Server instances. A bogus, malicious Chrome app is circulating by smishing. Ben Yelin examines an online facial recognition platform. Our guest is Mathieu Gorge of VigiTrust on the privacy risks of video and audio recordings. And an update on an espionage trial...
episode 1331: The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.
FireEye provides an overview of the DarkSide ransomware-as-a-service operation. Forcepoint suggests a connection between DarkSide and other ransomware gangs, notably REvil. Colonial Pipeline continues its recovery efforts from the cyber attack it sustained. As ransomware grows more common, CISA offers advice on how to prepare defenses. A new Android banking Trojan is in circulation. Cecelia Marinier from RSA on the RSAC Innovation Sandbox...
episode 1332: The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.
The US Executive Order on Improving the Nation’s Cybersecurity is out. Colonial Pipeline partially resumed delivery of fuel yesterday evening, as its preparation for and response to the cyberattack it sustained receive scrutiny. The DarkSide’s extortion of the US pipeline company seems likely to prompt regulatory revision. DarkSide operators say they’ve gotten busy against other targets...
episode 1333: Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
DarkSide says it’s feeling the heat and is going out of business, but some of its affiliates are still out and active, for now at least. A popular hackers’ forum says it will no longer accept ransomware ads. The Bash Loader supply chain compromise afflicts another known victim. Colonial Pipeline resumes delivery of fuel. Irresponsible disclosure of vulnerabilities hands attackers a big advantage. Carole Theriault looks at NFTs...
episode 1334: Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.
Japan calls out China for cyberespionage. Colonial Pipeline restores service, as organizations look to their own vulnerability to ransomware. The DarkSide gang may have said it’s going out of business, but it’s at least as likely, probably likelier, that they’re either rebranding or absconding. Two other gangs are in business: Conti is hitting Irish health organizations, and Avaddon says it compromised insurer AXA. (AXE-uh) Rick Howard looks at new responsibilities for CISOs...
episode 1335: WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.
A new RIG campaign is distributing WastedLocker. The US Congress considers two bills informed by the Colonial Pipeline incident, and Congressional committees are looking at the company’s response to the attack. More ransomware gangs go offline, but Conti is still trying to collect from the Irish government. Double encryption appears to be an emerging trend in ransomware. Ben Yelin looks at insurance companies clamping down on ransomware payments...
episode 1336: Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.
Colonial Pipeline corrected yesterday’s IT glitch, and its CEO explains the decision to pay the ransom. A rundown of recent ransomware activity. A watering hole for water utilities? Credential harvesting and cryptojacking in the cloud. A banking Trojan spreads from Brazil to Europe. Joe Carrigan looks at keyboard biometrics. Our guest Dotan Nahum from Spectral on shifting left in security development. And the metaphysics of attribution...
episode 1337: DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.
Did DarkSide really see the light and shut down, with a sincere promise of reform and restitution, or is the gang just rebranding? Researchers look at DarkSide ransomware and find complexity and sophistication. Israel says airstrikes in Gaza were intended to take out Hamas cyber ops facilities. Poor practices seem to have exposed data of millions of Android app users. Phishing from call centers and cloud services. David Dufour from Webroot looks at hacker psychology...
episode 1338: DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.
The US remains officially mum on whether it took down DarkSide, but it still looks as if the ransomware gang absconded on its own. Colonial Pipeline now faces legal fallout from its ransomware incident. Speculation about how states might handle cyber privateering. Conti’s attack on HSE is described as “catastrophic.” Russia says it was hit by foreign cyber mercenaries last year. Craig Williams from Cisco Talos explains Discord abuses...