DiscoverCyberWire Daily
CyberWire Daily

CyberWire Daily

Author: N2K Networks

Subscribed: 27,206Played: 1,396,231
Share

Description

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

2794 Episodes
Reverse
Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.”
The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1) provides a set of building blocks for describing the Tasks, Knowledge, and Skills (TKS) that are needed to perform cybersecurity work by individuals or teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. On this Special Edition podcast, N2K CyberWire's Dave Bittner is joined by the team at NIST and FIU's Jack D. Gordon Institute for Public Policy to delve into the history of the NICE Framework through its latest update and looking into the future. Brian Fonseca, Director at the Jack D. Gordon Institute for Public Policy, shares an introduction to the NICE Framework. Karen Wetzel, NICE Framework Manager, discusses the updates to the framework. Rodney Petersen, Director of NICE, talks about what these updates mean to cybersecurity education's future. Resources: NICE Framework Resource Center Getting Started with the NICE Framework 2024 NICE Conference and Expo: Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap Take advantage of the early bird pricing until March 19, 2024. Don’t miss out on this opportunity! Jack D. Gordon Institute for Public Policy at Florida International University (FIU) Veterans and First Responders Training Initiative Intelligence Fellowship And be sure to check out our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page.
In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar. In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job descriptions to better reflect cyber role expectations to improve hiring, training, and retention. To view the original webinar on demand, visit here.
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles.
PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Don’t dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data brokers reveal alleged visitors to pedophile island.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42. They discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. Listen to the full episode with David and Sam's in-depth discussion. Read Sam Rubin's testimony. Selected Reading PyPi Is Under Attack: Project Creation and User Registration Suspended (Malware News) OMB Issues First Governmentwide AI Risk Mitigation Rules (GovInfo Security) German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs (The Record) Cisco Patches DoS Vulnerabilities in Networking Products (Security Week) US offers a $10 million bounty for information on UnitedHealth hackers (ITPro) IPhone Users Beware! Darcula Phishing Service Attacking Via IMessage (GB Hackers) Tycoon 2FA, the popular phishing kit built to bypass Microsoft and Gmail 2FA security protections, just got a major upgrade — and it’s now even harder to detect (ITPro) Update Chrome now! Google patches possible drive-by vulnerability (Malwarebytes) Jeffrey Epstein's Island Visitors Exposed by Data Broker (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc.
Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Operation FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And the UK’s watchers need watching. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Join us for part three as this Learning Layer special series continues. Learning Layer host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. In this segment, they continue to discuss the results of Joe's CISSP diagnostic and dive deep into one of the assessment questions. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Microsoft Security’s Ann Johnson, host of the Afternoon Cyber Tea podcast, goes inside the Smashing Security podcast with Graham Cluley and Carole Theriault.  Selected Reading Facebook snooped on users’ Snapchat traffic in secret project, documents reveal (TechCrunch) NTIA Pushes for Independent Audits of AI Systems (GovInfo Security) Thousands of companies using Ray framework exposed to cyberattacks, researchers say (The Record) Finland confirms APT31 hackers behind 2021 parliament breach (BleepingComputer) Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Chinese Hackers Target ASEAN Entities in Espionage Campaign (Infosecurity Magazine) Federal Court Enters $9.9M Penalty and Injunction Against Man Found to Have Caused Thousands of Unlawful Spoofed Robocalls (US Department of Justice) UK counter-eavesdropping agency gets slap on the wrist for eavesdropping (The Record)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
An alleged sinister hacking plot by China. CISA and the FBI issued a 'secure-by-design' alert. Ransomware hits municipalities in Florida and Texas. The EU sets regulations to safeguard the upcoming European Parliament elections. ReversingLabs describe a suspicious NuGet package. Senator Bill Cassidy questions a costly breach at HHS. A data center landlord sues over requests to reveal its customers. On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency while avoiding tool overload & complexity. And Google's AI Throws Users a Malicious Bone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency including automation & tool streamlining, IT automation/automated patching, and tool overload & complexity. You can learn more in Automox’s 2024 State of IT Operations Research Report. Selected Reading Millions of Americans caught up in Chinese hacking plot (BBC) US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities (SecurityWeek) CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) St. Cloud most recent in string of Florida cities hit with ransomware (The Record) Hackers demand $700K in ransomware attack on Tarrant Appraisal District (MSN) The impact of compromised backups on ransomware outcomes (Sophos News) EU sets rules for Big Tech to tackle interference in European Parliament elections (The Record) Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Senator demands answers from HHS about $7.5 million cyber theft in 2023 (The Record) Data center landlord refuses Fairfax County demand for tenant information (Washington Business Journal) Google's AI-powered search feature recommends malicious sites, including scams and malware (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, shares trends in cloud-native security. To learn more, you can check out Sysdig’s 2024 Cloud-Native Security and Usage Report.  Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window’ to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors Quits Sharing Driving Behavior With Data Brokers (The New York Times) AI's Hippocratic Oath by Chinmayi Sharma (SSRN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling. In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. Researchers state "this new approach has the potential to make defense evasion stealthier." Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: HijackLoader Expands Techniques to Improve Defense Evasion And be sure to join our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page.
Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Jacksonville Beach. Geoffrey Mattson, CEO of Xage Security  sits down to discuss CISA's 2024 JCDC priorities. And Hotel keycard locks can’t be that hard to crack. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Geoffrey Mattson, CEO of Xage Security, joins us to discuss CISA's 2024 JCDC priorities. You can connect with Geoff on LinkedIn and learn more about Xage Security on their website and read about the JCDC 2024 Priorities here.  Geoff’s interview first appeared on March 21st’s episode of T-Minus Space Daily. Check out T-Minus here.  Selected Reading Sandworm-linked group likely knocked down Ukrainian internet providers (The Record)  AcidPour wiper suspected to be used against Ukrainian telecom networks (SC Media) Never-before-seen data wiper may have been used by Russia against Ukraine (Ars Technica) AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine (SentinelOne) F5, ScreenConnect vulnerabilities leveraged in global Chinese cyberattacks (SC Media) Nemesis darknet marketplace raided in Germany-led operation (The Record) Unpatchable vulnerability in Apple chip leaks secret encryption keys (Ars Technica) Exploit Released For Critical Fortinet RCE Flaw: Patch Soon! (GBHackers on Security)  CISA & FBI Released Guide to Respond for DDoS Attacks (Cyber Security News)  CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques (CISA)  US airlines’ data security, privacy policies to be under federal review (SC Media)  Jacksonville Beach and other US municipalities report data breaches following cyberattacks (The Record)  Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (WIRED)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threats from foreign hacking groups. A logistics firm isolates its Canadian division after a cyber attack. Ivanti warns of another critical vulnerability. Researchers find hundreds of vulnerable Firebase instances. Microsoft phases out weaker encryption. Formula One fans fight phishing in the fast lane. Glassdoor is accused of adding real names to profiles without user consent. Our guest is Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface. And Pwn2Own winners take home their second Tesla.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface – especially as more companies implement AI. For more information, check out CrowdStrike’s 2024 Global Threat Report.  Selected Reading House unanimously passes bill to block data brokers from selling Americans’ info to foreign adversaries (The Record) Treasury Sanctions Actors Supporting Kremlin-Directed Malign Influence Efforts (US Treasury Department) China warns foreign hackers are infiltrating ‘hundreds’ of business and government networks (SCMP) International freight tech firm isolates Canada operations after cyberattack (The Record) Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution (Security Affairs) 19 million plaintext passwords exposed by incorrectly configured Firebase instances (Malwarebytes) Microsoft deprecates 1024-bit Windows RSA keys — now would be a good time to get machine identity management in order (ITPro) Users ditch Glassdoor, stunned by site adding real names without consent (Ars Technica) Famous Spa GP F1 race comms hijacked by phishing scammers (Cyber Daily) Security Researchers Win Second Tesla At Pwn2Own (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
The White House Mobilizes a National Effort to Shield Water Systems from Cyber Threats and Announces Major Investment in U.S. Chip Manufacturing. The U.S. and Allies Issue Fresh Warnings on China's Volt Typhoon Cyber Threats to Critical Infrastructure. Microsoft Streamlines 365 Services with a Unified Cloud Domain. Ukrainian authorities take down a credential theft operation. LockBit claims another pharmaceutical company. A popular Wordpress plugin puts tens of thousands of websites at risk. A breach at Mintlify compromises GitHub tokens. An Idaho man pleads guilty to online extortion. The SEC fines firms for AI washing. We’ve got part two of our continuing Learning Layer series with Joe Carrigan and Sam Meisenberg logging Joe’s journey toward his CISSP certification.  And password stuffing Pokemon.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Join us as part two of the Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. On this episode, they continue to discuss Joe's journey to becoming a CISSP as well as discussing step one of Joe's study journey: the diagnostic assessment. Selected Reading White House Calls on States to Boost Cybersecurity in Water Sector (SecurityWeek) Five Eyes issue another China Volt Typhoon warning (The Register) Biden to Tout Government Investing $8.5 Billion in Intel's Computer Chip Plants in Four States (VoaNews) Microsoft Notifies DevOps Teams That Major Domain Change Is Coming (Cybersecurity News) Ukraine Arrests Hackers for Selling 100 Million Email, Instagram Accounts (Hack Read) Pharmaceutical development company investigating cyberattack after LockBit posting (The Record) WordPress Plugin Flaw Exposes 40,000+ Websites to Cyber Attack (GBHackers) Mintlify Confirms Data Breach Through Compromised GitHub Tokens (Hack Read) ‘Lifelock’ hacker pleads guilty to extorting medical clinics (The Record) What does 'AI Washing' mean? Firms Fined $400K by SEC for Exaggerated Statements (Cybersecurity News) Pokémon resets some users’ passwords after hacking attempts (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
A SIM-swapper faces prison and fines. Here come the class action suits against UnitedHealth Group. Aviation and Aerospace find themselves in the cyber crosshairs. A major mortgage lender suffers a major data breach. A look at election misinformation. The UK shares guidance on migrating SCADA systems to the cloud. Collaborative efforts to contain Smoke Loader. Trend Micro uncovers Earth Krahang. Troy Hunt weighs in on the alleged AT&T data breach. Ben Yelin unpacks the case between OpenAI and the New York Times. And fool me once, shame on you… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, Program Director at University of Maryland’s Center for Health and Homeland Security and cohost of our Caveat podcast, discusses the article on how “OpenAI says New York Times ‘hacked’ ChatGPT to build copyright lawsuit.”   Selected Reading District of New Jersey | Former Telecommunications Company Manager Admits Role in SIM Swapping Scheme (United States Department of Justice) Cash-Strapped Women's Clinic Sues UnitedHealth Over Attack (Gov Info Security) Nations Direct Mortgage Data Breach Impacts 83,000 Individuals (SecurityWeek) Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle (SecurityWeek) NCSC Publishes Security Guidance for Cloud-Hosted SCADA (Infosecurity Magazine) Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor (Palo Alto Networks Unit 42) Prolific Chinese Threat Campaign Targets 100+ Victims (Infosecurity Magazine) Troy Hunt: Inside the Massive Alleged AT&T Data Breach (Troy Hunt) Kids’ Cartoons Get a Free Pass From YouTube’s Deepfake Disclosure Rules (WIRED) Ransomware Groups: Trust Us. Uh, Don't. (BankInfoSecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Volt Typhoon retains the attention of US investigators. The IMF reports a cyber breach. Fujitsu finds malware on internal systems. Securonix researchers describe DEEP#GOSU targeting South Korea. Subsea cable breaks leave West and Central Africa offline. Health care groups oppose enhanced cyber security regulations. A Pennsylvania school district grapples with a ransomware attack. AT&T denies a data leak. Our guest Kevin Magee of Microsoft Canada shared his experiments with board reporting. And Apex Legends eSports competitors get some unexpected upgrades.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Kevin Magee of Microsoft Canada sharing his experiments using N2K’s CSO Rick Howard's forecasting methodology from his Cybersecurity First Principles book regarding board reporting.  Selected Reading US is still chasing down pieces of Chinese hacking operation, NSA official says (The Record) IMF Investigates Serious Cybersecurity Breach (Infosecurity Magazine) Tech giant Fujitsu says it was hacked, warns of data breach (TechCrunch) Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware (securonix) Ghana says repairs on subsea cables could take five weeks  (Reuters) Health care groups resist cybersecurity rules in wake of landmark breach (CyberScoop) Pennsylvania’s Scranton School District dealing with ransomware attack (The Record) AT&T says leaked data of 70 million people is not from its systems (BleepingComputer) The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (Security Affairs) Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing services to launch a phishing campaign impersonating itself.  Hackers behind this novel phishing campaign used SendGrid’s Tracking Settings feature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid.  Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Phishception – SendGrid is abused to host phishing attacks impersonating itself
Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education’s future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register) StopCrypt: Most widely distributed ransomware now evades detection (Bleeping Computer) Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (The Record) Massive Data Breach Exposes Info of 43 Million French Workers (Hack Read) WARNING: THREE VULNERABILITIES IN ARCSERVE UDP SOFTWARE DEMAND URGENT ACTION, PATCH IMMEDIATELY! (certbe) FCC approves cybersecurity label for consumer devices  (CyberScoop) Hackers can read private AI-assistant chats even though they’re encrypted  (Ars Technica) MITRE-Harris poll reveals US public's concerns over critical infrastructure and perceived risks  (Industrial Cyber) Tech Support Firms Agree to $26M FTC Settlement Over Fake Services (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
The US House votes to enact restrictions on TikTok. HHS launches an investigation into Change Healthcare. An Irish Covid-19 portal puts over a million vaccination records at risk. Google distributes $10 million in bug bounty rewards. Nissan Oceana reports a data breach resulting from an Akira ransomware attack. Meta sues a former VP for alleged data theft.  eSentire sees Blind Eagle focusing on the manufacturing sector. Claroty outlines threats to health care devices. A major provider of yachts is rocked by a cyber incident. In our Threat Vector segment, David Moulton explores the new SEC cybersecurity regulations with legal expert and Unit 42 Consultant Jacqueline Wudyka. And ransomware victims want their overtime pay.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton explores the new SEC cybersecurity regulations that reshape how public companies handle cyber risks with legal expert and Unit 42 Consultant Jacqueline Wudyka. They discuss the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape.  Selected Reading Bill that could spur TikTok ban gains House OK  (SC Media) What would a TikTok ban look like for users? (NBC News) HHS to investigate UnitedHealth and ransomware attack on Change Healthcare (The Record) How a user access bug in Ireland’s vaccination website exposed more than a million records (ITPro) Google Paid $10m in Bug Bounties to Security Researchers in 2023 (Infosecurity Magazine) Nearly 100K impacted by Nissan Oceania cyberattack (SC Media) Meta Sues Former VP After Defection to AI Startup (Infosecurity Magazine) Malware Analysis: Blind Eagle's North American Journey (esentire) Only 13% of medical devices support endpoint protection agents (Help Net Security) Billion-dollar boat seller MarineMax reports cyberattack to SEC (The Record) City workers not getting paid overtime amid Hamilton's ransomware attack: unions (CBS News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
ODNI’s Annual Threat Assessment highlights the usual suspects. The White House meets with UnitedHealth Group’s CEO. A convicted LockBit operator gets four years in prison. The Clop ransomware group leaks data from major universities. Equilend discloses a data breach. Fortinet announces critical and high-severity vulnerabilities. GhostRace exploits speculative race conditions in popular CPUs. Incognito Market pulls the rug and extorts its users. Patch Tuesday notes. On the Learning Layer, Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. They explore Joe's journey on the road to taking his CISSP test. And, I do not authorize Facebook, Meta or any of its subsidiaries to use this podcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Join us as a Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. On this episode, they explore Joe's journey as he embarks on the road to taking his CISSP test after fourteen years in the cyber industry, and why he decided to get it now. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Selected Reading ODNI's 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability - Industrial Cyber (Industrial Cyber) White House meets with UnitedHealth CEO over hack  (Reuters) LockBit ransomware affiliate gets four years in jail, to pay $860k (bleepingcomputer) Stanford University ransomware attack impacts 27K  (SC Media) EquiLend Employee Data Breached After January Ransomware Attack (HACKread) Fortinet reports two critical and three high severity issues, plan to patch (beyondmachines) Major CPU, Software Vendors Impacted by New GhostRace Attack (SecurityWeek) Incognito Market: The not-so-secure dark web drug marketplace  (Graham Cluley) Microsoft Patch Tuesday – Major Flaws In Office, Exchange And SQL Server (cybersecuritynews) New Facebook photo rule hoax spreads (Malwarebytes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Biden’s budget earmarks thirteen billion bucks for cybersecurity. DOJ targets AI abuse. A US trade mission to the Philippines includes cyber training. CISA and OMB release a secure software attestation form. CyberArk explores AI worms. Russia arrests a South Korean on cyber espionage charges. French government agencies are hit with DDoS attacks. Jessica Brandt is named director of the Foreign Malign Influence Center. Afternoon Cyber Tea host Ann Johnson speaks with her guest Keren Elazari about the hacker mindset. Google builds itself the Bermuda Triangle of Broadband.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Afternoon Cyber Tea host Ann Johnson talks with her guest Keren Elazari about the hacker mindset. To hear the full conversation, please listen to the episode of Afternoon Cyber Tea. Selected Reading US Federal Budget Proposes $27.5B for Cybersecurity (GovInfo Security) Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences (SecurityWeek) Microsoft to train 100,000 Philippine women in AI, cybersecurity (South China Morning Post) US launches secure software development attestation form to enhance federal cybersecurity (Industrial Cyber) The Rise of AI Worms in Cybersecurity (Security Boulevard) South Korean detained earlier this year is accused of espionage in Russia, state news agency says (Associated Press)  Massive cyberattacks hit French government agencies (Security Affairs) ODNI appoints new election security leader ahead of presidential race (The Record) Google’s self-designed office swallows Wi-Fi “like the Bermuda Triangle” ( Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
A roundup of news out of CISA. California reveals data brokers selling the sensitive information of minors. Permiso Security shares an open-source cloud intrusion detection tool. Darktrace highlights a campaign exploiting DropBox.  EU's Cyber Solidarity Act forges ahead. A White House committee urges new economic incentives for securing OT systems. Paysign investigates claims of a data breach.  Our guest is Alex Cox, Director Threat Intelligence, Mitigation, and Escalation at LastPass, to discuss what to expect after LockBit. And Axios highlights the clowns and fools behind ransomware attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Alex Cox, Director, Threat Intelligence, Mitigation, Escalation (TIME) at LastPass, joins us to discuss what to expect after LockBit. Selected Reading Top US cybersecurity agency hacked and forced to take some systems offline (CNN Politics) CISA’s open source software security initiatives detailed (SC Media) GAO uncovers mixed feedback on CISA's OT cybersecurity services when it comes to addressing risks (Industrial Cyber) Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors (The Record) New Open Source Tool Hunts for APT Activity in the Cloud (SecurityWeek) Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins (HACKREAD) Everything you need to know about the EU's Cyber Solidarity Act (ITPro) White House advisory group says market forces ‘insufficient’ to drive cybersecurity in critical infrastructure (CyberScoop) Paysign investigating reports of consumer information data breach (The Record) The clowns and fools behind ransomware attacks (Axios)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
loading
Comments (33)

DemonDogs

career notes episodes are usually useless spam, never listen anymore

Dec 10th
Reply

DemonDogs

toxic podcast episode

Dec 9th
Reply

Gary Stokley

I'm grateful for you, it's a nice podcast. Writing such assignments is a true struggle for me. Furthermore, I believe that everyone will eventually run into difficulties finishing their homework. As a result, in this situation, having a trustworthy provider that can assist is necessary https://us.masterpapers.com/ I came into this source and continue to use it. It aids in timely and effective preparation, even for the most challenging assignments.

Oct 31st
Reply

Celina Bella

The integration of human-like features in ChatGPT is intriguing. The diverse topics discussed are relevant and informative, including cyber threats and communication strategies. Experience ChatGPT now at https://gptjp.net/

Oct 7th
Reply

Julia Jocelyn

That's right, ChatGPT is becoming more and more human-like. You can explore ChatGPT for free in Polish with ChatGPT po Polsku at https://chatgptpl.com/

Sep 11th
Reply

Mr.Alikhan

I really enjoy this useful conversation, but at the end of the day: i should loud say: fu**k Israel

Sep 5th
Reply

DemonDogs

these Career Notes episodes are absolutely awful and the people presented have little merit and aren't interesting. Other than these, great podcast.

Aug 13th
Reply

Mako .M0b

this guy is a Jedi

Jul 23rd
Reply

SHEwhoSHINES

I've been hard at it all night trying to trace how this happened but I fear I'm only gonna make the problem worse due to my inexperienced

Jul 16th
Reply

SHEwhoSHINES

any chance yell could help me

Jul 16th
Reply

Gabriel Plume

I sure hope he had a great time contributing to innocent Palestinian deaths!

Apr 18th
Reply

Vince Fitzpatrick

.k. ti. lm j . . . m.p nm w m .. p ..n n. k .u nm o

Sep 21st
Reply

Allison

Re: Ransom DDoS episode... not only did that dude mispronounce technology names (indicating lack of technical knowledge), he used the phrase “or their [law enforcement counterparts] in other civilized countries”. In saying this, he effectively implies that hackers who write in broken English are savages from uncivilized countries. The implicit racial connotations in making a statement like that are seriously offensive (equating being ‘civilized’ with speaking English well). Really surprising and disappointing.

Sep 5th
Reply

Debra Dukes

✌Deb.

Jun 13th
Reply

Debra Dukes

Great Podcast, Thank you for sharing Deb.✌

Jun 13th
Reply

Debra Dukes

Excellent Podcast and I'm shocked at this time and point we should have this covered by now.So enjoyed Deb.

Jun 13th
Reply

Debra Dukes

Awesome, Podcast Thanks so much for sharing Deb👍🏼✌

Jun 11th
Reply

Debra Dukes

Larry , Dave I really appreciate all the work and information it's about time that they finally get something done about this.Really enjoyed Deb👌✌

Jun 1st
Reply

Nathan Smith

Bollocks means balls as in testicles. It is a slang term for as you say someone talking nonsense / hogwash Just came across the podcast good stuff 👍👍

Feb 14th
Reply

elrey741

12:07: make sure you are updated to chrome 77

Nov 14th
Reply
Download from Google Play
Download from App Store