CyberWire Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

https://thecyberwire.com/podcasts/daily-podcast

Eine durchschnittliche Folge dieses Podcasts dauert 21m. Bisher sind 2865 Folge(n) erschienen. Dieser Podcast erscheint täglich.

Gesamtlänge aller Episoden: 43 days 7 hours 27 minutes

subscribe
share






episode 1739: Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.


GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3...


share








 January 13, 2023  27m
 
 

episode 1740: Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”


A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO group’s attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsoft’s Chris Young about the importance of the security ecosystem...


share








 January 17, 2023  23m
 
 

episode 1741: ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.


CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud...


share








 January 18, 2023  31m
 
 

episode 1742: Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.


A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases...


share








 January 19, 2023  28m
 
 

episode 1743: Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.


Ransomware hits Costa Rican government systems, again. A Chinese threat actor deploys the BOLDMOVE backdoor against unpatched FortiOS. Credential stuffing afflicts PayPal users. T-Mobile discloses a data breach. A cyberattack hits a remote Canadian utility. The Wagner Group sponsors a hackathon. Malek Ben Salem from Accenture describes prompt injection for chatbots. Our guest is Paul Martini of iboss with insights on Zero Trust...


share








 January 20, 2023  28m
 
 

episode 1744: Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.


The FAA attributes its January NOTAM outage. Malicious OneNote attachments are appearing in phishing campaigns. The Vastflux ad campaign has been disrupted. Ukraine moves toward closer cybersecurity collaboration with NATO. Rick Howard considers the best of 2022. Deepen Desai from Zscaler looks at VPN Risk. And, finally, we’re betting you want alerts for sports book customers and online gamers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire...


share








 January 23, 2023  25m
 
 

episode 1745: Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.


DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors...


share








 January 24, 2023  28m
 
 

episode 1746: TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.


How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shouldn't get cocky. DevSecOps survey results show tension between innovation and security. Russian hacktivist auxiliaries hit German targets...


share








 January 25, 2023  29m
 
 

episode 1747: Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.


Joint advisory warns of remote monitoring and management software abuse. Iranian threat actors reported active against a range of targets. UK's NCSC warns of increased risk of Russian and Iranian social engineering attacks. A look at trends, as seen by CIOs. Carole Theriault ponders health versus privacy with former BBC guru Rory Cellan Jones. Kyle McNulty, host of the Secure Ventures podcast shares lessons from the cybersecurity startup community. And the DRAGONBRIDGE spam network is disrupted...


share








 January 26, 2023  27m
 
 

episode 1748: An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.


An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike’s Adam Meyers. If you say you’re going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog...


share








 January 27, 2023  25m