The CyberWire
Subscribed: 7,650Played: 318,614
Subscribe
© 2019 The CyberWire, Inc.
Description
More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.
1140 Episodes
Reverse
2Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings. The research is here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.
Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html Support our show
PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT. Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html Support our show
National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not. Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.
The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.
In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book "Sandworm - A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers." It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow. Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.
Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings. The original research is here: https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.
Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html Support our show
The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html Support our show
Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Poulos from Tripwire on protecting the IoT. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html Support our show
Download from Google Play
Download from App Store
United States
elrey741
12:07: make sure you are updated to chrome 77
Jef Cesar
Ahahaa! Verry well tought off!
Міла Тарнопольська
it made my morning! 😊
Michael Ford
I have been bingeing this podcast and recommending this to everyone. especially the non tech folks since they are more target prone.
s smith
I couldn't help notice how pro-israel the host is over the last few shows
Raju Ghorai
good
Tim Debisz
;D <3
Argha Bhattacharya
Awesome episode. Ryan Olson spoke so well. Made things simple to understand even for someone who is new to "cryptojacking"
Glen Nile
Awesome book list! I'm set for the summer.
Jim Maahs
Svc Now survey and discussion about patching, super interesting and informative. Thanks.
Nathan Katzenstein
excellent podcast. thorough in it's presentation, wide in covered topics and humorous to top it off. A must for Cyber security junkies.