CyberWire public
[search 0]
Plus

Téléchargez l'application!

show episodes
 
Loading …
show series
 
Tensions remain high as Russia assembles troops near Ukraine and NATO moves to higher states of readiness. The Belarusian Cyber Partisans claim responsibility for a ransomware attack against Belarusian railroads. The BRATA banking Trojan spreads, as does DTPacker malware. REvil alumni may be getting the band back together. Ransomware operators work…
 
Updates on the continuing hybrid war in Ukraine. The UK charges Russia with trying to install a puppet in Kyiv. Nominal hacktivists claim an attack against Belarusian railroads. Compromise of Greek parliamentary email accounts reported. Netherlands authorities warn against relaxing your guard against Log4j exploitation. Julian Assange will get anot…
 
COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today. Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got hi…
 
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss joint research done by Accenture’s Cyber Threat Intelligence (ACTI) group and Prevailion’s Adversarial Counterintelligence Team (PACT). The teams dug into recently publicized campaigns of the cyber espionage threat group Lyceum (a…
 
US and Russian talks over Ukraine conclude with an agreement to further exchanges next week. Western governments continue to recommend vigilance against the threat of Russian cyberattacks against critical infrastructure. The US Treasury Department sanctions four Ukrainian nationals for their work on behalf of Russia’s FSB and its influence operatio…
 
As Russian forces remain in assembly areas near the Ukrainian border, the US and Russia prepare for tomorrow’s high-level talks in Geneva. NATO members look to their cyber defenses. US President Biden issues a Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. Notes on C2C mark…
 
Ukraine confirms that it was hit by wiper malware last week, as tension between Moscow and Kyiv remains high. It remains high as well between Russia and NATO, as Russia continues marshaling conventional forces around Ukraine. CISA advises organizations to prepare to withstand Russian cyberattacks. Other cyberespionage campaigns are reported, as is …
 
A new Chinese cyberespionage group is described. Cobalt Strike implants are observed hitting unpatched VMware Horizon servers. Ukraine attributes last week’s cyberattacks to Russia (with some possibility of Belarusian involvement as well). Microsoft doesn’t offer attribution, but it suggests that the incidents were more destructive than ransomware …
 
Rick explains the network defender evolution from defense-in-depth in the 1990s, to intrusion kill chains in 2010, to too many security tools and SOAR in 2015, and finally to devsecops somewhere in our future. Resources: “Cybersecurity First Principles: DevSecOps.” by Rick Howard, CSO Perspectives, The CyberWire, 8 June 2020. “FAQ,” RSA Conference,…
 
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content produ…
 
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a numbe…
 
A large-scale cyberattack against Ukrainian websites looks like an influence operation, and Russian intelligence services are the prime suspects. The FSB raids REvil. The White House Open Source Software Security Summit looks toward software bills of materials. MuddyWater exploits Log4shell. The DPRK is working to steal cryptocurrency. Caleb Barlow…
 
A White House government-industry summit today addresses open-source software security. The US officially makes its second attribution of the week to a nation-state: it calls out Iran as the operator of the MuddyWater threat group. Israel arrests five on charges related to spying for Iran (they’re thought to have been recruited through catphishing)…
 
The US issues an alert over the prospect of Russian cyberattacks, and the EU begins a series of stress tests, both in apparent response to concerns over the prospect of a Russian attack on Ukraine. NIST updates its guidance on Engineering Trustworthy Secure Systems. NIght Sky ransomware exploits Log4shell. Phishing afflicts a hotel chain. Carole Th…
 
Log4shell as an instance of a more general software supply chain issue. An APT apparently mistakenly infects itself with its own RAT. A new backdoor, SysJoker, is in use in the wild. A warning on commercial surveillance software. A leak investigation continues in Denmark. Joe Carrigan explains bogus QR codes. Our guest is Casey Allen of Concentric …
 
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7’s BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on…
 
Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a…
 
Loading …

Guide de référence rapide

Google login Twitter login Classic login