The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
https://thecyberwire.com/podcasts/daily-podcast
Gesamtlänge aller Episoden: 44 days 1 hour 48 minutes
episode 1359: Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.
Malicious Google ads for Signal and Telegram are being used to lure the unwary into downloading an info-stealer. LV ransomware looks like repurposed REvil. A study of the US Defense Industrial Base finds that many smaller firms, particularly ones that specialize in research and development, are vulnerable to ransomware attacks. Rick Howard ponders how we categorize state sponsored cybercrime. Our guest is Sudheer Koneru from Zenoti on how data privacy impacts salons and spas...
episode 1360: Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.
ReverseRat looks like a state-run espionage tool active in South and Central Asia. The US Justice Department seizes thirty-three sites run by media aligned with the Iranian government. Poland offers more clarity on a cyberespionage campaign it attributes to Russia. An intercept and inspection company’s executives are indicted for complicity with torture. NSA opens a Cybersecurity Collaboration Center for industry. Joe Carrigan examines Apple’s push to replace passwords...
episode 1361: Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?
The ChaChi Trojan is out, about, and interested in educational institutions. Bogus free subscription cancellations figure in a social engineering campaign designed to get the victims to download BazarLoader. Ursnif is automating fraudulent bank transfers with Cerberus Android malware. The US Senate invites the Department of Defense to think of ransomware as analogous to piracy, and Defense says it’s thinking along those lines. And rest in peace, John McAfee...
episode 1362: REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.
REvil hits a Brazilian medical diagnostics company and a British fashion retailer. A misconfigured cloud database exposes millions of WordPress user records. A new cryptojacker is deploying XMrig to mine Monero. A judgment is issued against a hacker and one of the traders he worked with to trade securities on non-public information. Johannes Ullrich from SANS on server site request forgery and errors in validating IP addresses...
episode 1363: Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.
The SVR’s Nobelium appears to be back, this time with a less-than-fully successful cyberespionage campaign. The Netfilter driver is assessed as malware. Idle hands seem to make for more attacks against online gaming. Mercedes-Benz USA reports a data exposure incident. CISA starts to keep track of bad practices. The International Institute for Strategic Studies publishes a net assessment of national cyber power. Carole Theriault looks at the security implications of frictionless online commerce...
episode 1364: A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.
Legitimate tools are abused as commodity initial access payloads. Hades ransomware is circulating in some new sectors. Criminal markets are sharing more features with legitimate markets, including advertising, recruiting, and even funding rounds. Cybercrime uses cryptocurrency, but the key to success may be location more than technology. Ben Yelin describes insurance companies collaborating on cyber breach data collection...
episode 1365: A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.
A report on threats to industrial control systems is out, and it focuses on ransomware, coinjacking, and legacy malware. EternalBlue remains a problem. The US is preparing a formal attribution in the case of the Microsoft Exchange Server campaign. An international police operation has taken down DoubleVPN, and the authorities seem pretty pleased with their work. Joe Carrigan examines vulnerabilities in systems from Dell...
episode 1366: Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?
US and British authorities warn of a large-scale GRU campaign aimed at brute-forcing its way into European and American organizations. Reports of a major cyberattack on German critical infrastructure appear very much exaggerated. IndigoZebra uses Dropbox in ministry-to-ministry deception aimed at the Afghan government. Currently active ransomware groups are profiled, and REvil is now going after Linux systems in addition to Windows machines...
episode 1367: Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.
Mitigations for the PrintNightmare vulnerability are suggested. Wizard Spider has a new strain of ransomware in its toolkit. A new RagnarLocker strain is in circulation. NETGEAR patches router firmware. Russia reacts to US and US reports of a GRU brute-forcing campaign: Moscow says it didn’t do it. Kevin Magee from Microsoft shares some of the tools he uses to keep himself and his team up to date. Our guest is Andrew Patel from F-Secure on how to prepare security teams for AI-powered malware...
episode 1368: The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.
Updates on the Kaseya ransomware incident, as REvil strikes again. Concerns about other ransomware attacks against industrial targets rise. Google expels credential-stealing apps from the Play Store. Online gamers draw various threat actors. Carole Theriault examines the elements that could put you in the crosshairs for ransomware. Ben Yelin has an update on the Facebook antitrust case. And the Tokyo Olympic Games will be on alert for cyberattacks...