DiscoverThe CyberWire Daily
The CyberWire Daily

The CyberWire Daily

Author: The CyberWire

Subscribed: 19,492Played: 536,338


The daily cyber security news and insights leaders depend on.
1375 Episodes
Director of Security Engineering at Marketa and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work. Our thanks to Chris for sharing his story with us.
NortonLifeLock Research Group (NRG) released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time. The tool is intended to help users understand the prevalence of bots and disinformation campaigns within their Twitter feeds, particularly with the increase in disinformation of COVID-19. Joining us on this week's Research Saturday to discuss this tool is Daniel Kats from NortonLifeLock Research Group. You can find the research here: Introducing BotSight Our thanks to Reservoir Labs for sponsoring this week's show.
An update on social engineering at Twitter. A quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns. North Korea’s North Star campaign is back and dangling bogus job offers in front of its marks. Deceptikons snoop into European law firms. Zully Ramzan from RSA on Digital Contact Tracing. Our guest is Tom Kellermann from Vmware Carbon Black on top financial CISOs analyzing the 2020 attack landscape. And both NSA and NIST have some advice on shoring up your security. For links to all of today's stories check out our CyberWire daily news brief:
Yesterday’s antitrust hearings in the US House of Representatives focus on Big Tech’s big data as something open to use in restraint of trade. And there are questions about community standards as well. The BootHole vulnerability may not represent an emergency, but it will be tough to fix. Android malware masquerades as COVID-19 contact-tracers. The FBI warns against Netwalker ransomware. China says it didn’t hack the Vatican. Justin Harvey from Accenture demystifies red teaming. Our guest is Christopher Ahlberg from Recorded Future on trends in threat intelligence. And somebody’s spoofing a British MP: he’s looking at you, Peoples Liberation Army. For links to all of today's stories check out our CyberWire daily news brief:
Alleged Russian influence operations described by US intelligence services. “Ghostwriter” targets the Baltic region with anti-NATO false narratives. Chinese intelligence is said to have compromised Vatican networks. Loss of customer PII seems the costliest kind of data breach. VPN bugs represent a risk to OT networks. Big Tech comes to Capitol Hill, virtually. Michigan’s online bar exam knocked offline, briefly, by a cyber attack. Joe Carrigan on password stealers targeting gaming. Our guests are Troy Smith and Mike Koontz from Raytheon on defending communications operations across cloud platforms. And a superseding indictment for two ex-Twitterati charged with snooping for Saudi Arabia. For links to all of today's stories check out our CyberWire daily news brief:
Cloudflare says that reported Ukrainian breaches aren’t its issue. Trend Micro describes a new and unusually capable strain of malware. Garmin is reported to have obtained a decryptor for WastedLocker ransomware. Third-party risk continues in the news, as do misconfigured databases that expose personal information. Huawei’s CFO alleges misconduct by Canadian police and intelligence agencies. Ben Yelin examines the EFF's online Atlas of Surveillance. Dave DeWalt with SafeGuard Cyber on the evolving threat landscape as folks return to the workplace. And the Twitter incident seems to have been a problem waiting to appear. For links to all of today's stories check out our CyberWire daily news brief:
A vigilante appears to be interfering with Emotet’s payloads. A fintech breach is blamed on a third-party service provider. A list of Cloudflare users is dumped online. There’s a going-out-of-business sale over at the Cerberus cybergang. Malek ben Salem from Accenture Labs on DeepFake detection. Our own Rick Howard gathers the Hash Table to sort some SOCs. And Garmin, restoring its services after last week’s attack, may have been the victim of Evil Corp’s WastedLocker ransomware. For links to all of today's stories check out our CyberWire daily news brief:
Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us. 
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability. On April 30, 2020, researchers at F-Secure disclosed their vulnerability findings to the public, with an urgent warning for Salt users - patch now. Before the weekend was out, criminals were deploying malware and targeting vulnerable Salt installations, successfully affecting operations at Ghost, DigiCert, and LineageOS. The malware is a cryptominer, but there is an additional component, a Remote Access Tool written in Go called nspps. Researchers at Akamai have also observed in-the-wild attacks on Salt vulnerabilities.  Joining us on this week's Research Saturday is Larry Cashdollar, Senior Security Response Engineer at Akamai, to discuss this issue.  The research can be found here:  SaltStack Vulnerabilities Actively Exploited in the Wild The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.
CISA and NSA warn of a foreign threat to US critical infrastructure. A look at what the Bears have been up to lately. The Blackbaud extortion incident shows its ripple effects. An awful lot of Twitter employees had access to powerful admin tools. China orders a US consulate closed in a tit-for-tat response to the closure of China’s consulate in Houston. Andrea Little Limbago on cyber in a re-globalized world system. Our guest is Dominique Shelton Leipzig from Perkins Coie LLP on the CA Consumer Privacy Act. And DJI drones may be a bit nosey. For links to all of today's stories check out our CyberWire daily news brief:
Twitter updates the news of last week’s incident: the attackers seem to have accessed some direct messages. France’s partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline. A quiet cryptominer. The cyber threat to British sport. Awais Rashid from the University of Bristol on cyber security and remote working. John Ford from IronNet Cybersecurity with updated 2020 predictions and cyber priorities. And bosses and employees see things differently, cyberwise. For links to all of today's stories check out our CyberWire daily news brief:
“Meowing” is now a thing: the automated discovery and wiping of exposed and unprotected databases. The US indicts two Chinese nationals on eleven counts of hacking and reports evidence that Chinese intelligence services are now using cybercriminals as contractors. Mike Schaub from CloudCheckr on why COVID-19 has ignited modernization projects for government agencies. Joe Carrigan on counterfeit Cisco routers. The US State Department tells China to close its consulate in Houston. For links to all of today's stories check out our CyberWire daily news brief:
The Intelligence and Security Committee of Parliament has rendered its report on the Russian cyber threat. Trend Micro reports on the workings of the cyber criminal underground economy. Ben Yelin on U.S. Customs and Border Protection collecting license plate data. Our guest is Kevin O'Brien from GreatHorn on the role of business policies in security to keep users safe during high-risk events. And it turns out that Russia has no hackers whatsoever: Moscow’s Finance Minister says so, so you can take that to the bank. For links to all of today's stories check out our CyberWire daily news brief:
Notes on last week’s Twitter hack, and on the allure of original gangster and other celebrity usernames. Using marketing databases for intelligence collection. The US Government mulls a ban on TikTok. Johannes Ullrich from SANS on Google Cloud storage becoming a more popular phishing platform. Our own Rick Howard on security operations centers, and a preview of the latest episode of his CSO Perspectives podcast. And more reaction to alleged Russian and Chinese attempts to hack COVID-19 biomedical research. For links to all of today's stories check out our CyberWire daily news brief:
Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us. 
Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this software for encryption or because they want to scrape this information as a way to make even more money from this attack. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec.  The research can be found here:  Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Thanks to our sponsor, Reservoir Labs. 
The Twitter hack is looking more like high-grade, low-end crime. It also worries people over the disinformation potential it suggests. People care, they really do, that someone hacked COVID-19 biomedical research (we’ll explain). Australia joins the UK, Canada, and the US in blaming Russia for Cozy Bear’s capers. Russia says it didn’t do nothin’. Rob Lee from Dragos with thoughts on the Ripple 20 vulnerabilities on industrial control systems. Our guest is Sal Aurigemma from University of Tulsa on fake ANTIFA twitter accounts. And CISA’s serious about getting the Feds to apply Tuesday’s Windows patch. For links to all of today's stories check out our CyberWire daily news brief:
Twitter sustained a major incident in which celebrity accounts were hijacked yesterday. It seems to have been a social engineering caper, but it’s motivation, nominally financial, remains unclear. British authorities call out Russia for an influence campaign mounted during last year’s elections. Cozy Bear is back, and sniffing for COVID-19 biomedical intelligence. Craig Williams from Cisco Talos on Dynamic Data Resolver, a plugin that makes reverse-engineering malware easier. Our guest is Ashlee Benge, formerly from ZeroFox, on emerging and persistent digital attack tactics facing the financial services industry. And Chinese intelligence services are spearphishing Hong Kong Catholics. For links to all of today's stories check out our CyberWire daily news brief:
A 2018 Presidential finding authorized extensive CIA cyber operations against Russia, China, Iran, and North Korea. Wattpad may have been breached. The SEC asks its registrants to take steps to protect themselves against ransomware. Free VPNs’ databases found exposed. Joe Carrigan on privacy vs. security on Android devices. Our guest is Chris Deluzio from Pitt Cyber on election security. And Beijing woofs in the direction of London over the UK’s Huawei ban. For links to all of today's stories check out our CyberWire daily news brief:
The British Government decides to ban Huawei. More on the malware associated with Golden Tax software package. The Molerats appear to be behind some spyware misrepresenting itself as a secure chat app. The Porphiex botnet is back distributing a new ransomware strain. The odd case of the Data Viper breach. Ben Yelin tracks a ruling from the DC circuit court on the release of electronic surveillance records. Our guest is Ann Johnson from Microsoft discussing her keynote at RSA APJ, The Rise of Digital Empathy. And SAP has a patch out--if you’re a user, CISA advises you to take this one seriously. For links to all of today's stories check out our CyberWire daily news brief:
Comments (20)

Debra Dukes


Jun 13th

Debra Dukes

Great Podcast, Thank you for sharing Deb.✌

Jun 13th

Debra Dukes

Excellent Podcast and I'm shocked at this time and point we should have this covered by now.So enjoyed Deb.

Jun 13th

Debra Dukes

Awesome, Podcast Thanks so much for sharing Deb👍🏼✌

Jun 11th

Debra Dukes

Larry , Dave I really appreciate all the work and information it's about time that they finally get something done about this.Really enjoyed Deb👌✌

Jun 1st

Nathan Smith

Bollocks means balls as in testicles. It is a slang term for as you say someone talking nonsense / hogwash Just came across the podcast good stuff 👍👍

Feb 14th


12:07: make sure you are updated to chrome 77

Nov 14th

Jef Cesar

Ahahaa! Verry well tought off!

Nov 4th

Міла Тарнопольська

it made my morning! 😊

Nov 4th
Reply (1)

Michael Ford

I have been bingeing this podcast and recommending this to everyone. especially the non tech folks since they are more target prone.

Oct 25th

s smith

I couldn't help notice how pro-israel the host is over the last few shows

May 16th

Raju Ghorai


Dec 17th

Tim Debisz

;D <3

Oct 31st

Argha Bhattacharya

Awesome episode. Ryan Olson spoke so well. Made things simple to understand even for someone who is new to "cryptojacking"

Oct 6th

Glen Nile

Awesome book list! I'm set for the summer.

Jun 15th
Reply (1)

Jim Maahs

Svc Now survey and discussion about patching, super interesting and informative. Thanks.

May 3rd

Nathan Katzenstein

excellent podcast. thorough in it's presentation, wide in covered topics and humorous to top it off. A must for Cyber security junkies.

Mar 27th
Reply (1)
Download from Google Play
Download from App Store