Claim OwnershipSubscribed: 0Played: 0
Subscribe
Description
Episodes
Reverse
![CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]](https://megaphone.imgix.net/podcasts/58ab7ae0-def8-11ea-b34c-b35b208b0539/image/dp.jpg?ixlib=rails-2.1.2&max-w=3000&max-h=3000&fit=crop&auto=format,compress "CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]")
At the Hack the Port 2022 event, the CyberWire held a CyberWire Live event. CyberWire Daily Podcast host Dave Bittner was joined by Roya Gordon, OT/IoT Security Research Evangelist at Nozomi Networks, and Christian Lees, CTO at Resecurity. During this fireside chat format session, Dave and our guests discussed ICS, OT cybersecurity, the role of security research and demos, supply chain compromise, and IT/OT security trends among other things. Thanks to the team at MISI/DreamPort for this opportunity.
In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework.
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.
Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare –Truth, Tactics and Strategies”. Robo-calling the Kremlin.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/96
Selected reading.
Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant)
CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA)
Emergency Directive 22-03 (CISA)
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA)
Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA)
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire)
Additional facts: TDI data security event (Texas Department of Insurance)
This Hacktivist Site Lets You Prank Call Russian Officials (Wired)
Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "international" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her book “Security Metrics, a Beginner's Guide”. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a “reset.”
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/96
Selected reading.
Chaos Ransomware Variant Sides with Russia (Fortinet Blog)
Did hackers commandeer surveillance robots at a Russian airport? (The Daily Dot)
Russian Hacking Cartel Attacks Costa Rican Government Agencies (New York Times)
Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts (CyberScoop)
"We will overthrow the government" - Does Conti have help inside Costa Rica? (Tech Monitor)
Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system (Yahoo)
Ethiopia faces new cyberattacks on its Nile dam (Al-Monitor)
Cyber Insurers Raise Rates Amid a Surge in Costly Hacks (Wall Street Journal)
An assessment of the Russian cyber threat. NATO's Article 5 in cyberspace. Conti's ransomware attack against Costa Rica spreads, in scope and effect. Bluetooth vulnerabilities demonstrated in proof-of-concept. CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Joe Carrigan looks at updates to the FIDO alliance. Rick Howard and Ben Rothke discuss author Andrew Stewart's book "A Vulnerable System: The History of Information Security in the Computer Age". And,the doctor was in, but wow, was he also way out of line.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/95
Selected reading.
Russia Planned a Major Military Overhaul. Ukraine Shows the Result. (New York Times)
The Cyberwar Against Pro-Ukrainian Countries is Real. Here’s What to Do (CSO Online)
Collective cyber defence and attack: NATO’s Article 5 after the Ukraine conflict (European Leadership Network)
Cyber attack on Costa Rica grows as more agencies hit, president says (Reuters)
Ransomware gang threatens to ‘overthrow’ new Costa Rica government, raises demand to $20 million (The Record by Recorded Future)
Hacker Shows Off a Way to Unlock Tesla Models, Start Cars (Bloomberg)
NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk (NCC Group)
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks (NCC Group Research)
Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks (NCC Group Research)
Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks (NCC Group Research)
Alert (AA22-137A) Weak Security Controls and Practices Routinely Exploited for Initial Access (CISA)
Hacker and Ransomware Designer Charged for Use and Sale of Ransomware, and Profit Sharing Arrangements with Cybercriminals (U.S. Attorney’s Office for the Eastern District of New York)
US prosecutors allege Venezuelan doctor is ransomware mastermind (ZDNet)
'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says (The Record by Recorded Future)
U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (The Hacker News)
Users are advised to patch Zyxel firewalls. Battlefield failure and popular morale in Russia’s hybrid war. Nuisance-level hacktivism in the hybrid war. Sweden and Finland move closer to NATO membership; concern over possible Russian cyberattacks rises. Intelligence, disinformation, or wishful thinking? Conti calls for rebellion in Costa Rica. PayOrGrief is just rebranded DoppelPaymer. Anonymous action in Sri Lanka seems indiscriminate and counterproductive. Dinah Davis from Arctic Wolf examines cyber security for startups. Rick Howard looks at two factor authentication. And a judge says cryptocurrency can’t be used to evade sanctions.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/94
Selected reading.
Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (SecurityWeek)
Zyxel security advisory for OS command injection vulnerability of firewalls (Zyxel)
Growing evidence of a military disaster on the Donets pierces a pro-Russian bubble. (New York Times)
OpRussia update: Anonymous breached other organizations (Security Affairs)
Italy prevents pro-Russian hacker attacks during Eurovision contest (Reuters)
Finland, Sweden’s NATO moves prompt fears of Russian cyberattacks (The Hill)
Coup to remove cancer-stricken Putin underway in Russia, Ukrainian intelligence chief says (Fortune)
Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn't pay (SC Magazine)
Anonymous wanted to help Sri Lankans. Their hacks put many in grave danger (Rest of World)
U.S. issues charges in first criminal cryptocurrency sanctions case (Washington Post)
Ukraine holds its first war crimes trial. Are there war crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). Roblox seems to have been used to introduce a backdoor. CISA issues ICS advisories. Darkweb C2C trader sentenced. The last conspirator in the strange case of the eBay newsletter takes a guilty plea. Carole Theriault looks at Google’s new approach to cookies in Europe. Our guest is Mary Writz of ForgeRock on the growing importance of mobile device authentication security. And CIA gets a CISO.
For links to all of today's stories check out our CyberWire daily news briefing:
httpshttps://thecyberwire.com/newsletters/daily-briefing/11/93
Selected reading.
Ukraine to put first Russian soldier on trial for war crimes | DW | 12.05.2022 (Deutsche Welle)
Russian soldier on trial in first Ukraine war-crimes case (AP NEWS)
First Russian soldier goes on trial in Ukraine for war crimes (the Guardian)
The Case for War Crimes Charges Against Russia’s Sandworm Hackers (Wired)
Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer)
Iranian APT Cobalt Mirage launching ransomware attacks (SearchSecurity)
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (The Hacker News)
Iranian Cyberspy Group Launching Ransomware Attacks Against US (SecurityWeek)
Please Confirm You Received Our APT | FortiGuard Labs (Fortinet Blog)
Roblox Exploited with Trojans from Scripting Engine (Avanan)
Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme (CyberScoop)
Ukrainian sentenced to 4 years for selling hacked passwords (The Record by Recorded Future)
Ex-eBay exec charged with harassing newsletter publishers pleads guilty (Reuters)
CIA selects new CISO with deep private sector experience (The Record by Recorded Future)
Killnet hits Italian targets. Access to RuTube is restored. Hacktivism in the hybrid war. Emotet surges. Clearing up the confusion of NPM dependency confusion attacks. Tim Eades from Cyber Mentor Fund on finding the right investors. Our guest is Michael DeBolt of Intel 471 on the growing interest in Biometrics in the criminal underground. And cybercrime and punishment, Florida-man edition.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/92
Selected reading.
Ukraine maps reveal how much territory Russia has lost in just a few days (Newsweek)
Pro-Russian hackers target Italy institutional websites -ANSA news agency (Reuters)
Russian cyber experts restore RuTube access after three-day outage (Reuters)
They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They’re Hacking Back. (Wall Street Journal)
Ukraine hacktivism 'problematic' for security teams says NSA cyber chief (Tech Monitor)
HP Wolf Security Threat Insights Report Q1 2022 | HP Wolf Security (HP Wolf Security)
npm supply chain attack targets Germany-based companies with dangerous backdoor malware (JFrog)
SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineerin (SecurityWeek)
Trio Of Cybercriminals Sentenced For Conspiracy To Commit Fraud And Aggravated Identity Theft (US Attorney for the Middle District of Florida)
There’s international consensus on the cyberattack against Viasat. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies are exploited, but to what end? Caleb Barlow examines Russia’s future on the internet. Our guest is Deepen Desai from Zscaler with the latest phishing research. And new advisories from CISA and its partners.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/91
Selected reading.
Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (Proofpoint)
NPM dependency confusion hacks target German firms (ReversingLabs)
npm Supply Chain Attack Targeting Germany-Based Companies (JFrog)
Adminer in Industrial Products (CISA)
Eaton Intelligent Power Protector (CISA)
Eaton Intelligent Power Manager Infrastructure (CISA)
Eaton Intelligent Power Manager (CISA)
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (CISA)
Mitsubishi Electric MELSOFT GT OPC UA (CISA)
CISA Adds One Known Exploited Vulnerability to Catalog (CISA)
Alert (AA22-131A) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA)
Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA)
Russia downed satellite internet in Ukraine -Western officials (Reuters)
US and its allies say Russia waged cyberattack that took out satellite network (Ars Technica)
Western powers blame Russia for Ukraine satellite hack (The Record by Recorded Future)
Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)
Attribution of Russia’s Malicious Cyber Activity Against Ukraine - United States Department of State (United States Department of State)
U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors (CISA)
Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion (GOV.UK)
Estonia joins the statement of attribution on cyberattacks against Ukraine (Ministry of Foreign Affairs, Republic of Estonia)
Statement on Russia’s malicious cyber activity affecting Europe and Ukraine (Canada.ca)
Attribution to Russia for malicious cyber activity against European networks (Australian Government Department of Foreign Affairs and Trade)
Russia hacked an American satellite company one hour before the Ukraine invasion (MIT Technology Review)
NSA Probing Reach of Software From Russia’s Kaspersky in US Systems (Bloomberg)
A quick introductory note on Russia’s hybrid war against Ukraine. Russian television schedules hacked to display anti-war message. Phishing campaign distributes Jester Stealer in Ukraine. European Council formally attributes cyberattack on Viasat to Russia. Costa Rica declares a state of emergency as Conti ransomware cripples government sites. DCRat and the C2C markets. The gang behind REvil does indeed seem to be back. More Joker-infested apps found in Google Play. Guest Nick Adams from Differential Ventures discusses what will drive continued growth of cybersecurity beyond attack surfaces and governance from a VC's perspective. Partner Ben Yelin from UMD CHHS on digital privacy concerns in the aftermath of the potential overturn of Roe vs Wade. And Spain’s spyware scandal takes down an intelligence chief.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/90
Selected reading.
Ukraine morning briefing: Five developments as Joe Biden warns Vladimir Putin has 'no way out' (The Telegraph)
Viewpoint: Putin now faces only different kinds of defeat (BBC News)
Putin's Victory Day speech gives no clue on Ukraine escalation (Reuters)
On Victory Day, Putin defends war on Ukraine as fight against ‘Nazis’ (Washington Post)
In Speech, Putin Shows Reluctance in Demanding Too Much of Russians (New York Times)
Putin's parade shows he "is going to continue at whatever cost" in Ukraine (Newsweek)
Russia’s display of military might sent the West a strong message – just not the one Putin intended (The Telegraph)
Russian TV Schedules Hacked on Victory Day to Show Anti-War Messages (HackRead)
Russian TV hacked to say ‘blood of Ukrainians is on your hands’ (The Telegraph)
Mass Distribution of Self-Destructing Malware in Ukraine (BankInfoSecurity)
Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)
The US Treasury Department sanctions a cryptocurrency mixer. Rewards for Justice is interested in Conti. US tractor manufacturer AGCO was hit by a ransomware attack. Russian hacktivism hits German targets and threatens the UK. A Russian diplomatic account was apparently hijacked. Tracking Cobalt Strike servers used against Ukraine. Dinah Davis from Arctic Wolf defends against DDOS attacks. Rick Howard looks at Single Sign On. And no apology for you, Mr. Bennett.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/89
Selected reading.
U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats (U.S. Department of the Treasury)
Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice (United States Department of State)
AGCO ransomware attack disrupts tractor sales during U.S. planting season (Reuters)
Agricultural equipment maker AGCO reports ransomware attack (The Record by Recorded Future)
Russia’s chief diplomat in Scotland condemns Ukraine invasion in social media post (The Telegraph)
Pro-Russian Hackers Hit German Government Sites, Spiegel Says (Bloomberg)
Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine (IronNet)
Russia tensions with Israel may intensify as Kremlin denies Putin's apology (Newsweek)
An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mother’s Day (and stay safe online).
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/88
Selected reading.
Mariupol steel mill battle rages as Ukraine repels attacks (Military Times)
Why the battle for Mariupol is important for Vladimir Putin. (New York Times)
A race against time in Ukraine as Russia advances, West sends weapons (Washington Post)
The AP Interview: Belarus admits Russia's war 'drags on' (AP NEWS)
Russia’s ally Belarus criticises war effort for ‘dragging on’ (The Telegraph)
NSA cyber boss seeks to discourage vigilante hacking against Russia (Defense News)
Shields Up: Russian Cyberattacks Headed Our Way (JD Supra)
Raspberry Robin gets the worm early (Red Canary)
VIP3R: New actor. Old story. Great success. (Menlo Security)
Johnson Controls Metasys (CISA)
Top 3 Mother’s Day Scam Sites – Be Smart When Buying Gifts (Trend Micro News)
Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. And Anonymous leaks emails allegedly belonging to the Nauru Police Force.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/87
Selected reading.
Russian ally Belarus launches military quick-response drills (Washington Post)
Putin’s Ukraine War: Desperate Belarus dictator strikes back (Atlantic Council)
Russian ransomware group claims attack on Bulgarian refugee agency (CyberScoop)
Russia and Ukraine Conflict Q&A | Cybersixgill (Cybersixgill) Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain (Cequence)
Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention (HackRead)
An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle….
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/86
Selected reading.
Update on cyber activity in Eastern Europe (Google)
Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say (CyberScoop)
Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs (The Record by Recorded Future)
SolarWinds hackers set up phony media outlets to trick targets (CyberScoop)
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse (Recorded Future)
Experts discover a Chinese-APT cyber espionage operation targeting US organizations (VentureBeat)
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason Nocturnus)
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques (Cybereason)
Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say (CNN)
Researchers tie ransomware families to North Korean cyber-army (The Record by Recorded Future)
The Hermit Kingdom’s Ransomware Play (Trellix)
New espionage group is targeting corporate M&A (TechCrunch)
Cyberespionage Group Targeting M&A, Corporate Transactions Personnel (SecurityWeek)
UNC3524: Eye Spy on Your Email (Mandiant)
Yokogawa CENTUM and ProSafe-RS (CISA)
Cops ignored call to nearby robbery, preferring to hunt Pokémon (Graham Cluley)
Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/85
Selected reading.
Microsoft sees Russian cyberattacks on Ukraine 'getting more and more disruptive' (Inside Defense)
Sergey Lavrov claims Hitler had 'Jewish blood' (The Telegraph)
Lavrov’s anti-Semitic outburst exposes absurdity of Russia’s “Nazi Ukraine” claims (Atlantic Council)
Russia likens Zelensky to Hitler as Mariupol says Russia worse than Nazis (Newsweek)
Russia reroutes internet in occupied Ukrainian territory through Russian telcos (The Record by Recorded Future)
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine (Trustwave)
Zhadnost ‘stamps’ out Ukrainian National Postal Service’s website. (SecurityScorecard)
Industrial cybersecurity researchers, looking for help, go public with unpatched IoT bug (The Record by Recorded Future)
Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk (Nozomi Networks)
Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (The Hacker News)
Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (The Hacker News)
New Black Basta Ransomware Possibly Linked to Conti Group (SecurityWeek)
Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims (The Hacker News)
Conti and Hive ransomware operations: What we learned from these groups' victim chats (Cisco Talos)
Conti and Hive ransomware operations: (Cisco Talos)
Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week’s DDoS incident was retaliation for Bucharest’s support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/84
Selected reading.
How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop)
Russian hackers compromise embassy emails to target governments (BleepingComputer)
Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR)
Feared Russian cyberattacks against US have yet to materialize (C4ISRNet)
Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post)
A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer)
Ukraine’s Digital Fight Goes Global (Foreign Affairs)
Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future)
REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)
Russian and Ukrainian operators exchange cyberattacks. Wiper malware: contained, but a potentially resurgent threat. #OpRussia update. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous breach claims. CISA issues two new ICS advisories. Caleb Barlow on cleaning up the digital exhaust of your home. Our guests are Freddy Dezeure and George Webster on reporting cyber risk to boards. A Declaration for the Future of the Internet.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/83
Selected reading.
Russian missiles bombard Kyiv during UN chief’s visit (The Telegraph)
Zelenskiy urges ‘strong response’ after Russia strikes Kyiv during UN Ukraine visit (the Guardian)
Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector (Security Affairs)
Ongoing DDoS attacks from compromised sites hit Ukraine (Security Affairs)
Ukraine’s Digital Battle With Russia Isn’t Going as Expected (Wired)
CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine (CISA)
Government and researchers keep US attention on Russia's cyber activity in Ukraine (The Record by Recorded Future)
CISA Adds New Russian Malware to Cyber Advisory (Nextgov)
An Overview of the Increasing Wiper Malware Threat (Fortinet Blog)
Cyber Attacks Hit Romanian Government Websites (Balkan Insight)
More than $13 million stolen from DeFi platform Deus Finance (The Record by Recorded Future)
Coca-Cola Investigates Hacking Claim (Wall Street Journal)
Coca-Cola investigating data breach claims by Stormous group (Computing)
Has 'clown show' hacking gang Stormous really breached Coca-Cola? (Tech Monitor)
Delta Electronics DIAEnergie (CISA)
Johnson Controls Metasys (CISA) 1
A Declaration for the Future of the Internet (The White House)
FACT SHEET: United States and 60 Global Partners Launch Declaration for the Future of the Internet (The White House)
US joins 55 nations to set rules for internet, with eye on China and Russia (South China Morning Post)
China, India, Russia missing from future of internet pledge by US, EU, and 33 others (ZDNet)
US, partners launch plan for 'future' of internet, as China, Russia use 'dangerous' malign practices (Fox News)
U.S. joins 55 nations to set new global rules for the internet (Reuters)
Reporting Cyber Risk to Boards. Board Edition.
Reporting Cyber Risk to Boards. CISO Edition.
Microsoft summarizes the scale of Russian cyberattacks against Ukraine. Russian cyber capabilities should be neither overestimated nor underestimated. Russia has also come under cyberattack during its hybrid war. Chinese intelligence services are paying close attention to Russian targets. The Five Eyes advise us on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Linda Gray-Martin and Britta Glade from RSA discuss what’s new at RSAC and cybersecurity trends. Marc van Zadelhoff of Devo talks about their new podcast Cyber CEOs Decoded coming to the CyberWire network. And, hey kids, name that mascot.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/82
Selected reading.
Special Report: Ukraine (Microsoft)
Russian Cyber Capabilities Have ‘Reached Their Full Potential,’ Ukrainian Official Says (Wall Street Journal)
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload (Nozomi Networks)
Russia Is Being Hacked at an Unprecedented Scale (Wired)
BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog (Secureworks)
CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Vulnerabilities (National Security Agency/Central Security Service)
The Air Force is trusting the internet to name its ridiculous new cybersecurity mascot (Task & Purpose)
Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, “The Art of Cyberwarfare - An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime.” And the US Department of State has added six Russian GRU officers to its Rewards for Justice program.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/81
Selected reading.
Britain says Ukraine controls majority of its airspace (Reuters)
Latest strikes on Russia hint daring Ukraine is not intimidated by the Kremlin (The Telegraph)
West gearing up to help Ukraine for ‘long haul’, says US defence secretary (the Guardian)
U.S., allies promise to keep backing Ukraine in its war with Russia (Washington Post)
Russia-linked hackers claim to have breached Coca-Cola Company (CyberNews)
Stormous ransomware gang claims to have hacked Coca-Cola (Security Affairs)
Chinese drone-maker DJI quits Russia and Ukraine (Register)
Russia to Cut Gas to Poland and Bulgaria, Making Energy a Weapon (Bloomberg)
Russia cuts off gas to Poland, Bulgaria, stoking tensions with E.U. over Ukraine (Washington Post)
Why Russia’s Economy Is Holding On (Foreign Policy)
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets (Symantec)
A "Naver"-ending game of Lazarus APT (Zscaler)
U.S. offers $10 mln reward for information on Russian intelligence officers -State Dept (Reuters)
US offering $10 million for info on Russian military hackers accused of NotPetya attacks (The Record by Recorded Future)
Rewards for Justice – Reward Offer for Information on Russian Military Intelligence Officers Conducting Malicious Activity Against U.S. Critical Infrastructure - United States Department of State (United States Department of State)
Heightened cyber tension as Quds Day approaches. Costa Rican electrical utility suffers from Conti ransomware. Emotet’s operators seem to be exploring new possibilities. North Korean cyber operators target journalists who cover the DPRK. A guilty plea in a strange case of corporate-connected cyberstalking. Bel Yelin ponders the potential Twitter takeover. Mr. Security Answer Person John Pescatore addresses questions about vendors. And cybercrime, run like a business.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/80
Selected reading.
Russia’s invasion of Ukraine: List of key events from day 62 (Al Jazeera)
Ukraine takes war behind enemy lines as Russian fuel depots set ablaze (The Telegraph)
Russia pounds eastern Ukraine as West promises Kyiv new arms (AP NEWS)
Finland, Sweden to begin NATO application in May, say local media reports (Reuters)
‘Thanks, Putin’: Finnish and Swedish Lawmakers Aim for NATO Membership (Foreign Policy)
World War Three now a 'real' danger, Russian foreign minister Sergei Lavrov warns (The Telegraph)
Moscow cites risk of nuclear war as U.S., allies pledge heavier arms for Ukraine (Reuters)
Russia Warns of Nuclear War Risk as Ukraine Talks Go On (Bloomberg)
From Jordan to Japan: US invites 14 non-NATO nations to Ukraine defense summit (Breaking Defense)
State TV says Iran foiled cyberattacks on public services (AP NEWS)
State TV Says Iran Foiled Cyberattacks on Public Services (SecurityWeek)
Iranian hackers claim they’ve hit the Bank of Israel - but ‘no proof,’ cyber authority says (Haaretz)
North Korean hackers targeting journalists with novel malware (BleepingComputer)
The ink-stained trail of GOLDBACKDOOR (Stairwell)
Conti ransomware cripples systems of electricity manager in Costa Rican town (The Record by Recorded Future)
Emotet Tests New Delivery Techniques (Proofpoint)
Ex-eBay exec pleads guilty to harassing couple whose newsletter raised ire (Reuters)
Mastermind of Natick couple’s harassment pleads guilty (Boston Globe)
Former eBay Executive Pleads Guilty to His Role in Cyberstalking Campaign (US Department of Justice)
Cyberkriminelle bieten Schadsoftware kostenlos an (IT-Markt)
Download from Google Play
Download from App Store
United States
I sure hope he had a great time contributing to innocent Palestinian deaths!
.k. ti. lm j . . . m.p nm w m .. p ..n n. k .u nm o
Re: Ransom DDoS episode... not only did that dude mispronounce technology names (indicating lack of technical knowledge), he used the phrase “or their [law enforcement counterparts] in other civilized countries”. In saying this, he effectively implies that hackers who write in broken English are savages from uncivilized countries. The implicit racial connotations in making a statement like that are seriously offensive (equating being ‘civilized’ with speaking English well). Really surprising and disappointing.
✌Deb.
Great Podcast, Thank you for sharing Deb.✌
Excellent Podcast and I'm shocked at this time and point we should have this covered by now.So enjoyed Deb.
Awesome, Podcast Thanks so much for sharing Deb👍🏼✌
Larry , Dave I really appreciate all the work and information it's about time that they finally get something done about this.Really enjoyed Deb👌✌
Bollocks means balls as in testicles. It is a slang term for as you say someone talking nonsense / hogwash Just came across the podcast good stuff 👍👍
12:07: make sure you are updated to chrome 77
Ahahaa! Verry well tought off!
it made my morning! 😊
I have been bingeing this podcast and recommending this to everyone. especially the non tech folks since they are more target prone.
I couldn't help notice how pro-israel the host is over the last few shows
good
;D <3
Awesome episode. Ryan Olson spoke so well. Made things simple to understand even for someone who is new to "cryptojacking"
Awesome book list! I'm set for the summer.
Svc Now survey and discussion about patching, super interesting and informative. Thanks.
excellent podcast. thorough in it's presentation, wide in covered topics and humorous to top it off. A must for Cyber security junkies.