Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
At the Hack the Port 2022 event, the CyberWire held a CyberWire Live event. CyberWire Daily Podcast host Dave Bittner was joined by Roya Gordon, OT/IoT Security Research Evangelist at Nozomi Networks, and Christian Lees, CTO at Resecurity. During this fireside chat format session, Dave and our guests discussed ICS, OT cybersecurity, the role of security research and demos, supply chain compromise, and IT/OT security trends among other things. Thanks to the team at MISI/DreamPort for this opportunity.
In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.
Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware. Origins of the Chaos ransomware operation. The GuLoader campaign uses bogus purchase orders. Security researchers are targeted in a malware campaign. Hyperlocal disinformation. Turla reconnaissance has been detected in Austrian and Estonian networks. Ben Yelin describes a content moderation fight that may be headed to the supreme court. Our guest is Richard Melick from Zimperium to discuss threats to mobile security. Robin Hood (or not). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/99 Selected reading. 2022 Data Breach Investigations Report (Verizon Business)  Yashma Ransomware, Tracing the Chaos Family Tree (BlackBerry) Spoofed Saudi Purchase Order Drops GuLoader: Part 1 (Fortinet Blog)  Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon (Cyble) Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine (CyberScoop)  Russian hackers perform reconnaissance against Austria, Estonia (BleepingComputer) New ransomware forces victims to donate to poor (The Independent)
There’s a new loader identified in wiper campaigns. President Putin complains of sanctions and cyberattacks, and vows to increase Russia's cybersecurity. Coordinated inauthenticity at scale. Killnet crows large over Italian operations. Conti's dissolution doesn't mean its operators' disappearance. Rick Howard looks at software defined perimeters. Dinah Davis from Arctic Wolf on how ransomware groups are upping their game to nation state levels. And happy birthday, US Cyber Command...but we're not necessarily wishing you a moonshot for your birthday present. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/98 Selected reading. Sandworm uses a new version of ArguePatch to attack targets in Ukraine (WeLiveSecurity)  Putin complains about barrage of cyberattacks (Military Times) Putin promises to bolster Russia's IT security in face of cyber attacks (Reuters) Russia keeps getting hacked (Mashable)  Putin is bringing his disinformation war to Ukraine (Newsweek)  Putin is bringing his disinformation war to Ukraine (Newsweek) Russian government procured powerful botnet to shift social media trending topics (The Record by Recorded Future) Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns (The Hacker News)  Russian Hackers Claim Responsibility for Attacks on Italian Government Websites (Wall Street Journal) Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet (Infosecurity Magazine)  DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape (AdvIntel)  Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there (The Record by Recorded Future) Could a Cyber Attack Overthrow a Government? Conti Ransomware Group Now Threatening To Topple Costa Rican Government if Ransom Not Paid (CPO Magazine)  Fears grow after ransomware attack on Costa Rica escalates (TechCrunch)  US Cyber Command’s birthday (US Cyber Command) U.S. Needs New 'Manhattan Project' to Avoid Cyber Catastrophe | Opinion (Newsweek) Cyber pros are fed up with talk about a cyber-Manhattan Project (Washington Post)
Was Conti’s digital insurrection in Costa Rica misdirection? Google assesses a commercial spyware threat “with high confidence.” Continuing expectations of escalation in cyberspace. The limitations of an alliance of convenience. Fronton botnet shows versatility. Russian hacktivists hit Italian targets, again. Lazarus Group undertakes new SolarWinds exploitation. Crypters in the C2C market. CrateDepression supply chain attack. Johannes Ullrich describes an advance fee scam hitting crypto markets. Our guest is Marty Roesch, CEO of Netography and inventor of Snort. Canada to exclude Huawei from 5G networks on security grounds. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/97 Selected reading. Conti ransomware shuts down operation, rebrands into smaller units (BleepingComputer)  Protecting Android users from 0-Day attacks (Google)  Microsoft President: Cyber Space Has Become the New Domain of Warfare (Infosecurity Magazine) Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes (Check Point Research)  Chinese Hackers Tried to Steal Russian Defense Data, Report Says (New York Times)  China-linked Space Pirates APT targets the Russian aerospace industry (Security Affairs)  This Russian botnet does far more than DDoS attacks - and on a massive scale (ZDNet)  Pro-Russian hackers attack institutional websites in Italy, police say (Reuters)  Lazarus hackers target VMware servers with Log4Shell exploits (BleepingComputer) ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups (Security Intelligence)  CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware (SentinelOne)  Canada to ban Huawei/ZTE 5G equipment, joining Five Eyes allies (Reuters)
Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare –Truth, Tactics and Strategies”. Robo-calling the Kremlin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant)  CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) Emergency Directive 22-03 (CISA)  Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA)  Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA)  CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire)  Additional facts: TDI data security event (Texas Department of Insurance)  This Hacktivist Site Lets You Prank Call Russian Officials (Wired)
Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "international" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her book “Security Metrics, a Beginner's Guide”. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a “reset.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Chaos Ransomware Variant Sides with Russia (Fortinet Blog) Did hackers commandeer surveillance robots at a Russian airport? (The Daily Dot)  Russian Hacking Cartel Attacks Costa Rican Government Agencies (New York Times)  Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts (CyberScoop)  "We will overthrow the government" - Does Conti have help inside Costa Rica? (Tech Monitor)  Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system (Yahoo)  Ethiopia faces new cyberattacks on its Nile dam (Al-Monitor)  Cyber Insurers Raise Rates Amid a Surge in Costly Hacks (Wall Street Journal)
An assessment of the Russian cyber threat. NATO's Article 5 in cyberspace. Conti's ransomware attack against Costa Rica spreads, in scope and effect. Bluetooth vulnerabilities demonstrated in proof-of-concept. CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Joe Carrigan looks at updates to the FIDO alliance. Rick Howard and Ben Rothke discuss author Andrew Stewart's book "A Vulnerable System: The History of Information Security in the Computer Age". And,the doctor was in, but wow, was he also way out of line. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/95 Selected reading. Russia Planned a Major Military Overhaul. Ukraine Shows the Result. (New York Times)  The Cyberwar Against Pro-Ukrainian Countries is Real. Here’s What to Do (CSO Online)  Collective cyber defence and attack: NATO’s Article 5 after the Ukraine conflict (European Leadership Network)  Cyber attack on Costa Rica grows as more agencies hit, president says (Reuters) Ransomware gang threatens to ‘overthrow’ new Costa Rica government, raises demand to $20 million (The Record by Recorded Future)  Hacker Shows Off a Way to Unlock Tesla Models, Start Cars (Bloomberg) NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk (NCC Group)  Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks (NCC Group Research)  Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks (NCC Group Research) Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks (NCC Group Research)  Alert (AA22-137A) Weak Security Controls and Practices Routinely Exploited for Initial Access (CISA) Hacker and Ransomware Designer Charged for Use and Sale of Ransomware, and Profit Sharing Arrangements with Cybercriminals (U.S. Attorney’s Office for the Eastern District of New York)  US prosecutors allege Venezuelan doctor is ransomware mastermind (ZDNet)  'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says (The Record by Recorded Future)  U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (The Hacker News)
Users are advised to patch Zyxel firewalls. Battlefield failure and popular morale in Russia’s hybrid war. Nuisance-level hacktivism in the hybrid war. Sweden and Finland move closer to NATO membership; concern over possible Russian cyberattacks rises. Intelligence, disinformation, or wishful thinking? Conti calls for rebellion in Costa Rica. PayOrGrief is just rebranded DoppelPaymer. Anonymous action in Sri Lanka seems indiscriminate and counterproductive. Dinah Davis from Arctic Wolf examines cyber security for startups. Rick Howard looks at two factor authentication. And a judge says cryptocurrency can’t be used to evade sanctions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/94 Selected reading. Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (SecurityWeek)  Zyxel security advisory for OS command injection vulnerability of firewalls (Zyxel)  Growing evidence of a military disaster on the Donets pierces a pro-Russian bubble. (New York Times)  OpRussia update: Anonymous breached other organizations (Security Affairs)  Italy prevents pro-Russian hacker attacks during Eurovision contest (Reuters)  Finland, Sweden’s NATO moves prompt fears of Russian cyberattacks (The Hill)  Coup to remove cancer-stricken Putin underway in Russia, Ukrainian intelligence chief says (Fortune)  Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn't pay (SC Magazine)  Anonymous wanted to help Sri Lankans. Their hacks put many in grave danger (Rest of World)  U.S. issues charges in first criminal cryptocurrency sanctions case (Washington Post)
Ukraine holds its first war crimes trial. Are there war crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). Roblox seems to have been used to introduce a backdoor. CISA issues ICS advisories. Darkweb C2C trader sentenced. The last conspirator in the strange case of the eBay newsletter takes a guilty plea. Carole Theriault looks at Google’s new approach to cookies in Europe. Our guest is Mary Writz of ForgeRock on the growing importance of mobile device authentication security. And CIA gets a CISO. For links to all of today's stories check out our CyberWire daily news briefing: httpshttps://thecyberwire.com/newsletters/daily-briefing/11/93 Selected reading. Ukraine to put first Russian soldier on trial for war crimes | DW | 12.05.2022 (Deutsche Welle) Russian soldier on trial in first Ukraine war-crimes case (AP NEWS) First Russian soldier goes on trial in Ukraine for war crimes (the Guardian)  The Case for War Crimes Charges Against Russia’s Sandworm Hackers (Wired) Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer)  Iranian APT Cobalt Mirage launching ransomware attacks (SearchSecurity) Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (The Hacker News)  Iranian Cyberspy Group Launching Ransomware Attacks Against US (SecurityWeek)  Please Confirm You Received Our APT | FortiGuard Labs  (Fortinet Blog)  Roblox Exploited with Trojans from Scripting Engine (Avanan) Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme (CyberScoop) Ukrainian sentenced to 4 years for selling hacked passwords (The Record by Recorded Future)  Ex-eBay exec charged with harassing newsletter publishers pleads guilty (Reuters) CIA selects new CISO with deep private sector experience (The Record by Recorded Future)
Killnet hits Italian targets. Access to RuTube is restored. Hacktivism in the hybrid war. Emotet surges. Clearing up the confusion of NPM dependency confusion attacks. Tim Eades from Cyber Mentor Fund on finding the right investors. Our guest is Michael DeBolt of Intel 471 on the growing interest in Biometrics in the criminal underground. And cybercrime and punishment, Florida-man edition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/92 Selected reading. Ukraine maps reveal how much territory Russia has lost in just a few days (Newsweek)  Pro-Russian hackers target Italy institutional websites -ANSA news agency (Reuters)  Russian cyber experts restore RuTube access after three-day outage (Reuters)  They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They’re Hacking Back. (Wall Street Journal) Ukraine hacktivism 'problematic' for security teams says NSA cyber chief (Tech Monitor) HP Wolf Security Threat Insights Report Q1 2022 | HP Wolf Security (HP Wolf Security) npm supply chain attack targets Germany-based companies with dangerous backdoor malware (JFrog) SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineerin (SecurityWeek) Trio Of Cybercriminals Sentenced For Conspiracy To Commit Fraud And Aggravated Identity Theft (US Attorney for the Middle District of Florida)
There’s international consensus on the cyberattack against Viasat. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies are exploited, but to what end? Caleb Barlow examines Russia’s future on the internet. Our guest is Deepen Desai from Zscaler with the latest phishing research. And new advisories from CISA and its partners. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/91 Selected reading. Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (Proofpoint) NPM dependency confusion hacks target German firms (ReversingLabs) npm Supply Chain Attack Targeting Germany-Based Companies (JFrog) Adminer in Industrial Products (CISA) Eaton Intelligent Power Protector (CISA)  Eaton Intelligent Power Manager Infrastructure (CISA)  Eaton Intelligent Power Manager (CISA) AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (CISA)  Mitsubishi Electric MELSOFT GT OPC UA (CISA)  CISA Adds One Known Exploited Vulnerability to Catalog (CISA)  Alert (AA22-131A) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) Russia downed satellite internet in Ukraine -Western officials (Reuters)  US and its allies say Russia waged cyberattack that took out satellite network (Ars Technica)  Western powers blame Russia for Ukraine satellite hack (The Record by Recorded Future)  Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)  Attribution of Russia’s Malicious Cyber Activity Against Ukraine - United States Department of State (United States Department of State)  U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors (CISA) Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion (GOV.UK) Estonia joins the statement of attribution on cyberattacks against Ukraine (Ministry of Foreign Affairs, Republic of Estonia)  Statement on Russia’s malicious cyber activity affecting Europe and Ukraine (Canada.ca)  Attribution to Russia for malicious cyber activity against European networks (Australian Government Department of Foreign Affairs and Trade)  Russia hacked an American satellite company one hour before the Ukraine invasion (MIT Technology Review)  NSA Probing Reach of Software From Russia’s Kaspersky in US Systems (Bloomberg)
A quick introductory note on Russia’s hybrid war against Ukraine. Russian television schedules hacked to display anti-war message. Phishing campaign distributes Jester Stealer in Ukraine. European Council formally attributes cyberattack on Viasat to Russia. Costa Rica declares a state of emergency as Conti ransomware cripples government sites. DCRat and the C2C markets. The gang behind REvil does indeed seem to be back. More Joker-infested apps found in Google Play. Guest Nick Adams from Differential Ventures discusses what will drive continued growth of cybersecurity beyond attack surfaces and governance from a VC's perspective. Partner Ben Yelin from UMD CHHS on digital privacy concerns in the aftermath of the potential overturn of Roe vs Wade. And Spain’s spyware scandal takes down an intelligence chief. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/90 Selected reading. Ukraine morning briefing: Five developments as Joe Biden warns Vladimir Putin has 'no way out' (The Telegraph) Viewpoint: Putin now faces only different kinds of defeat (BBC News)  Putin's Victory Day speech gives no clue on Ukraine escalation (Reuters)  On Victory Day, Putin defends war on Ukraine as fight against ‘Nazis’ (Washington Post)  In Speech, Putin Shows Reluctance in Demanding Too Much of Russians (New York Times)  Putin's parade shows he "is going to continue at whatever cost" in Ukraine (Newsweek) Russia’s display of military might sent the West a strong message – just not the one Putin intended (The Telegraph) Russian TV Schedules Hacked on Victory Day to Show Anti-War Messages (HackRead)  Russian TV hacked to say ‘blood of Ukrainians is on your hands’ (The Telegraph)  Mass Distribution of Self-Destructing Malware in Ukraine (BankInfoSecurity)  Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)
The US Treasury Department sanctions a cryptocurrency mixer. Rewards for Justice is interested in Conti. US tractor manufacturer AGCO was hit by a ransomware attack. Russian hacktivism hits German targets and threatens the UK. A Russian diplomatic account was apparently hijacked. Tracking Cobalt Strike servers used against Ukraine. Dinah Davis from Arctic Wolf defends against DDOS attacks. Rick Howard looks at Single Sign On. And no apology for you, Mr. Bennett. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/89 Selected reading. U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats (U.S. Department of the Treasury) Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice (United States Department of State) AGCO ransomware attack disrupts tractor sales during U.S. planting season (Reuters) Agricultural equipment maker AGCO reports ransomware attack (The Record by Recorded Future) Russia’s chief diplomat in Scotland condemns Ukraine invasion in social media post (The Telegraph)   Pro-Russian Hackers Hit German Government Sites, Spiegel Says (Bloomberg) Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine (IronNet) Russia tensions with Israel may intensify as Kremlin denies Putin's apology (Newsweek)
An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mother’s Day (and stay safe online). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/88 Selected reading. Mariupol steel mill battle rages as Ukraine repels attacks (Military Times)  Why the battle for Mariupol is important for Vladimir Putin. (New York Times) A race against time in Ukraine as Russia advances, West sends weapons (Washington Post) The AP Interview: Belarus admits Russia's war 'drags on' (AP NEWS) Russia’s ally Belarus criticises war effort for ‘dragging on’ (The Telegraph) NSA cyber boss seeks to discourage vigilante hacking against Russia (Defense News) Shields Up: Russian Cyberattacks Headed Our Way (JD Supra) Raspberry Robin gets the worm early (Red Canary)  VIP3R: New actor. Old story. Great success. (Menlo Security) Johnson Controls Metasys (CISA)  Top 3 Mother’s Day Scam Sites – Be Smart When Buying Gifts (Trend Micro News)
Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. And Anonymous leaks emails allegedly belonging to the Nauru Police Force. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/87 Selected reading. Russian ally Belarus launches military quick-response drills (Washington Post) Putin’s Ukraine War: Desperate Belarus dictator strikes back (Atlantic Council) Russian ransomware group claims attack on Bulgarian refugee agency (CyberScoop) Russia and Ukraine Conflict Q&A | Cybersixgill (Cybersixgill) Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain (Cequence) Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention (HackRead)
An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle…. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/86 Selected reading. Update on cyber activity in Eastern Europe (Google)  Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say (CyberScoop) Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs (The Record by Recorded Future) SolarWinds hackers set up phony media outlets to trick targets (CyberScoop)  SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse (Recorded Future)  Experts discover a Chinese-APT cyber espionage operation targeting US organizations (VentureBeat) Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason Nocturnus)  Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques (Cybereason)  Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say (CNN)  Researchers tie ransomware families to North Korean cyber-army (The Record by Recorded Future) The Hermit Kingdom’s Ransomware Play (Trellix) New espionage group is targeting corporate M&A (TechCrunch)  Cyberespionage Group Targeting M&A, Corporate Transactions Personnel (SecurityWeek)  UNC3524: Eye Spy on Your Email (Mandiant)  Yokogawa CENTUM and ProSafe-RS (CISA)  Cops ignored call to nearby robbery, preferring to hunt Pokémon (Graham Cluley)
Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/85 Selected reading. Microsoft sees Russian cyberattacks on Ukraine 'getting more and more disruptive' (Inside Defense)  Sergey Lavrov claims Hitler had 'Jewish blood' (The Telegraph) Lavrov’s anti-Semitic outburst exposes absurdity of Russia’s “Nazi Ukraine” claims (Atlantic Council)  Russia likens Zelensky to Hitler as Mariupol says Russia worse than Nazis (Newsweek)  Russia reroutes internet in occupied Ukrainian territory through Russian telcos (The Record by Recorded Future)  Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine (Trustwave) Zhadnost ‘stamps’ out Ukrainian National Postal Service’s website. (SecurityScorecard)  Industrial cybersecurity researchers, looking for help, go public with unpatched IoT bug (The Record by Recorded Future)  Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk (Nozomi Networks) Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (The Hacker News)  Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (The Hacker News)  New Black Basta Ransomware Possibly Linked to Conti Group (SecurityWeek)  Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims (The Hacker News)  Conti and Hive ransomware operations: What we learned from these groups' victim chats (Cisco Talos)  Conti and Hive ransomware operations: (Cisco Talos)
Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week’s DDoS incident was retaliation for Bucharest’s support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop)  Russian hackers compromise embassy emails to target governments (BleepingComputer)  Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR)  Feared Russian cyberattacks against US have yet to materialize (C4ISRNet) Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post)  A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer) Ukraine’s Digital Fight Goes Global (Foreign Affairs) Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future)  REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)
Russian and Ukrainian operators exchange cyberattacks. Wiper malware: contained, but a potentially resurgent threat. #OpRussia update. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous breach claims. CISA issues two new ICS advisories. Caleb Barlow on cleaning up the digital exhaust of your home. Our guests are Freddy Dezeure and George Webster on reporting cyber risk to boards. A Declaration for the Future of the Internet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/83 Selected reading. Russian missiles bombard Kyiv during UN chief’s visit (The Telegraph)  Zelenskiy urges ‘strong response’ after Russia strikes Kyiv during UN Ukraine visit (the Guardian)  Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector (Security Affairs)  Ongoing DDoS attacks from compromised sites hit Ukraine (Security Affairs)  Ukraine’s Digital Battle With Russia Isn’t Going as Expected (Wired)  CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine (CISA)  Government and researchers keep US attention on Russia's cyber activity in Ukraine (The Record by Recorded Future)  CISA Adds New Russian Malware to Cyber Advisory (Nextgov)  An Overview of the Increasing Wiper Malware Threat (Fortinet Blog)  Cyber Attacks Hit Romanian Government Websites (Balkan Insight)  More than $13 million stolen from DeFi platform Deus Finance (The Record by Recorded Future)  Coca-Cola Investigates Hacking Claim (Wall Street Journal)  Coca-Cola investigating data breach claims by Stormous group (Computing)  Has 'clown show' hacking gang Stormous really breached Coca-Cola? (Tech Monitor)  Delta Electronics DIAEnergie (CISA)  Johnson Controls Metasys (CISA) 1 A Declaration for the Future of the Internet (The White House)  FACT SHEET: United States and 60 Global Partners Launch Declaration for the Future of the Internet (The White House)  US joins 55 nations to set rules for internet, with eye on China and Russia (South China Morning Post) China, India, Russia missing from future of internet pledge by US, EU, and 33 others (ZDNet)  US, partners launch plan for 'future' of internet, as China, Russia use 'dangerous' malign practices (Fox News)  U.S. joins 55 nations to set new global rules for the internet (Reuters) Reporting Cyber Risk to Boards. Board Edition. Reporting Cyber Risk to Boards. CISO Edition.
Comments (23)

Gabriel Plume

I sure hope he had a great time contributing to innocent Palestinian deaths!

Apr 18th
Reply

Vince Fitzpatrick

.k. ti. lm j . . . m.p nm w m .. p ..n n. k .u nm o

Sep 21st
Reply

Allison Phillips

Re: Ransom DDoS episode... not only did that dude mispronounce technology names (indicating lack of technical knowledge), he used the phrase “or their [law enforcement counterparts] in other civilized countries”. In saying this, he effectively implies that hackers who write in broken English are savages from uncivilized countries. The implicit racial connotations in making a statement like that are seriously offensive (equating being ‘civilized’ with speaking English well). Really surprising and disappointing.

Sep 5th
Reply

Debra Dukes

✌Deb.

Jun 13th
Reply

Debra Dukes

Great Podcast, Thank you for sharing Deb.✌

Jun 13th
Reply

Debra Dukes

Excellent Podcast and I'm shocked at this time and point we should have this covered by now.So enjoyed Deb.

Jun 13th
Reply

Debra Dukes

Awesome, Podcast Thanks so much for sharing Deb👍🏼✌

Jun 11th
Reply

Debra Dukes

Larry , Dave I really appreciate all the work and information it's about time that they finally get something done about this.Really enjoyed Deb👌✌

Jun 1st
Reply

Nathan Smith

Bollocks means balls as in testicles. It is a slang term for as you say someone talking nonsense / hogwash Just came across the podcast good stuff 👍👍

Feb 14th
Reply

elrey741

12:07: make sure you are updated to chrome 77

Nov 14th
Reply

Jef Cesar

Ahahaa! Verry well tought off!

Nov 4th
Reply

Міла Тарнопольська

it made my morning! 😊

Nov 4th
Reply (1)

Michael Ford

I have been bingeing this podcast and recommending this to everyone. especially the non tech folks since they are more target prone.

Oct 25th
Reply

s smith

I couldn't help notice how pro-israel the host is over the last few shows

May 16th
Reply

Raju Ghorai

good

Dec 17th
Reply

Tim Debisz

;D <3

Oct 31st
Reply

Argha Bhattacharya

Awesome episode. Ryan Olson spoke so well. Made things simple to understand even for someone who is new to "cryptojacking"

Oct 6th
Reply

Glen Nile

Awesome book list! I'm set for the summer.

Jun 15th
Reply (1)

Jim Maahs

Svc Now survey and discussion about patching, super interesting and informative. Thanks.

May 3rd
Reply

Nathan Katzenstein

excellent podcast. thorough in it's presentation, wide in covered topics and humorous to top it off. A must for Cyber security junkies.

Mar 27th
Reply (1)
Download from Google Play
Download from App Store