CyberWire Daily

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world. read less
NewsNews

Episodes

Cybersecurity snow day.
3d ago
Cybersecurity snow day.
A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgänger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2K’s CSO Rick Howard speaks with AWS’ CISO Chris Betz about strong security cultures and AI. A look inside the world’s largest live-fire cyber-defense exercise.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Dave is joined by Andy Ellis, to discuss today’s top story on the CrowdStrike-induced Microsoft outage. N2K’s CSO Rick Howard recently caught up with AWS’ CISO Chris Betz at the AWS re:Inforce 2024 event. They  discuss strong security cultures and AI. You can watch Chris’ keynote from the event here. Read Chris’ blog post, “How the unique culture of security at AWS makes a difference.” Selected Reading Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World (WIRED) Counting the Costs of the Microsoft-CrowdStrike Outage (The New York Times) Major Microsoft 365 outage caused by Azure configuration change (Bleeping Computer) Most of SolarWinds hacking suit filed by SEC dismissed (SC Magazine) Ransomware Remains a Major Threat to Energy (BankInfoSecurity) Investigation prompts European hosting companies to suspend accounts linked to Russian disinfo (The Record) MediSecure Data Breach Impacts 12.9 Million Individuals (SecurityWeek) Russians plead guilty to involvement in LockBit ransomware attacks (Bleeping Computer) Inside the world’s largest ‘live-fire’ cyber-defense exercise (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SSM On-Prem Flaw is a 10/10 disaster.
4d ago
SSM On-Prem Flaw is a 10/10 disaster.
Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK’s NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."  Selected Reading Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary) Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer) UK national blood stocks in 'very fragile' state following ransomware attack (The Record) Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek) Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek) Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs) WazirX reports security breach at crypto exchange following $230 million 'suspicious transfer' (TechCrunch) SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts (Wiz Blog) Jail time for operators of DDoS service used to crash thousands of devices (Cybernews) Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Criminal networks crumble.
5d ago
Criminal networks crumble.
Interpol pursues West African cybercrime groups. Bassett Furniture shuts down manufacturing following a ransomware attack. A gastroenterologist group notifies patients of a data breach. An Apache HugeGraph flaw is being actively exploited. Octo Tempest updates its toolkit. Satori uncovers evil twin campaigns on Google Play. The cost of the Change Healthcare breach crosses the two billion dollar mark. Cybersecurity venture funding saw a surge last quarter. Cyber regulatory agencies face legal challenges. On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins us to talk about exploring the intricate world of cybercrime enablement services. Fighting disinformation is easier said than done.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins Dave to talk about exploring the intricate world of cybercrime enablement services. You can find out more about SpyCloud’s “How the Threat Actors at SpaxMedia Distribute Malware Globally” here.   Selected Reading Global Police Swoop on Black Axe Cybercrime Syndicate (Infosecurity Magazine) Furniture giant shuts down manufacturing facilities after ransomware attack (The Record) MNGI Digestive Health Data Breach Impacts 765,000 Individuals (SecurityWeek) Apache HugeGraph Vulnerability Exploited in Wild (SecurityWeek) Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal (Security Affairs) Report Identifies More Than 250 Evil Twin Mobile Applications (Security Boulevard) Change Healthcare's Breach Costs Could Reach $2.5 Billion (GovInfo Security) Cybersecurity Funding Jumps 144% In Q2 (Crunchbase) The US Supreme Court Kneecapped US Cyber Strategy (WIRED) Even the Best Tools to Fight Disinformation Are Not Enough (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Squarespace's square off with hijacked domains.
6d ago
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark.  Bellingcat sleuths pinpoint an alleged cartel member.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Learn more about the /555 benchmark. Selected Reading Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security) Kaspersky Lab Closing U.S. Division; Laying Off Workers (Zero Day) Beware of BadPack: One Weird Trick Being Used Against Android Devices (Palo Alto Networks Unit 42) New Poco RAT Weaponizing 7zip Files Using Google Drive (GB Hackers) CISA broke into a US federal agency, and no one noticed for a full 5 months (The Register) Organizations Warned of Exploited GeoServer Vulnerability (Security Week) Microsoft finally fixes Outlook alerts bug caused by December updates (Bleeping Computer) New Open Source law in Switzerland (Joinup) Exploring the Skyline: How we Located an Alleged Cartel Member in Dubai (Bellingcat) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Conspiracy theories in politics.
1w ago
Conspiracy theories in politics.
The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disney’s Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. This Week on CSO Perspectives Dave chats with Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, about his latest episode of CSO Perspectives which focuses on the current state of MITRE ATT&CK. If you are a N2K Pro subscriber, you can find this installment of CSO Perspectives here. The accompanying essay is available here. If you’re not a subscriber and want to check out a sample of the discussion Rick has with his Hash Table members about MITRE ATT&CK, you can find it here.  Selected Reading Conspiracy theories spread swiftly in hours after Trump rally shooting (The Washington Post) AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (WIRED) Pharmacy Giant Rite Aid Hit By Ransomware (Infosecurity Magazine) Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data (HackRead) Malicious Python packages found exfiltrating user data to Telegram bot (Computing) HardBit ransomware version 4.0 supports new obfuscation techniques (Security Affairs) Hackers use PoC exploits in attacks 22 minutes after release (Bleeping Computer) Google is reportedly planning its biggest startup acquisition ever (The Verge) Automotive SaaS provider CDK paid $25 million ransom to hackers (BeyondMachines.net) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The current state of MITRE ATT&CK.
1w ago
The current state of MITRE ATT&CK.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber’s Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene’s VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap  [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity.  [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
AT&T's not so LOL hack.
12-07-2024
AT&T's not so LOL hack.
AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest At the recent AWS re:Inforce 2024 conference, N2K’s Brandon Karpf spoke with Brigid Johnson, Director of AWS Identity, about the importance of identity and where we need to go. You can watch a replay of Brigid’s session at the event, IAM policy power hour, here.  Selected Reading AT&T Details Massive Breach of Customers' Call and Text Logs (Data Breach Today) NATO Set to Build New Cyber Defense Center (Infosecurity Magazine) New Presidential memorandum sets cybersecurity priorities for FY 2026, tasking OMB and ONCD to evaluate submissions (Industrial Cyber) mSpy Data Breach: Millions of Customers’ Data Exposed (GB Hackers) Advance Auto Parts’ Snowflake Breach Hits 2.3 Million People (Infosecurity Magazine) These Linksys routers are likely transmitting cleartext passwords (TechSpot) Known SSH-Snake bites more victims with multiple OSS exploitation (CSO Online) Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) Germany to Strip Huawei From Its 5G Networks (The New York Times) EU threatens Musk’s X with a fine of up to 6% of global turnover (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Inside the crypto scam empire.
11-07-2024
Inside the crypto scam empire.
A major Pig Butchering marketplace has ties to the Cambodian ruling family. Lulu Hypermarket suffers a data breach. GitLab patches critical flaws. Palo Alto Networks addresses BlastRadius. ViperSoftX malware variants grow ever more stealthy. A New Mexico man gets seven years for SWATting. State and local government employees are increasingly lured in by phishing attacks. Hackers impersonate live chat agents from Etsy and Upwork. The GOP’s official platform looks to roll back AI regulation. On today’s Threat Vector, David Moulton from Palo Alto Networks Unit 42 discusses the evolving threats of AI-generated malware with experts Rem Dudas and Bar Matalon. NATO brings the social media influencers to Washington. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, hosted by David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, he explores the evolving world of AI-generated malware with guests, Rem Dudas, Senior Threat Intelligence Analyst, and Bar Matalon, Threat Intelligence Team Lead. From exploring the vulnerabilities in AI models to discussing the potential implications for cybersecurity, this episode offers a deep dive into the challenges and opportunities posed by this emerging threat. You can listen to the full episode here.  Selected Reading The $11 Billion Marketplace Enabling the Crypto Scam Economy (WIRED) Hackers steal data of 200k Lulu customers in an alleged breach (CSO Online) GitLab update addresses pipeline execution vulnerability (Developer Tech News) Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool (SecurityWeek) ViperSoftX malware covertly runs PowerShell using AutoIT scripting (Bleeping Computer) Man sentenced to 7 years for Westfield High School threat hoax (Current Publishing) State, local governments facing deluge of phishing attacks (SC Media) Hackers impersonate live chat support agents in new phishing scam (Cybernews) 2024 GOP platform would roll back tech regulations on AI, crypto (The Washington Post) NATO's newest weapon is online content creators (The Washington Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Old school, new threat.
10-07-2024
Old school, new threat.
Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Jack Cable, Senior Technical Advisor at CISA, joins us to share an update on CISA's Secure by Design Alert series. For some background, you can find CISA’s Secure by Design whitepaper here. Details on today’s update can be found here.  Selected Reading New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (Ars Technica) US Disrupts AI-Powered Russian Bot Farm on X (SecurityWeek) FTC says anonymous messaging app failed to stop ‘rampant cyberbullying’ (The Verge) NEA Approves AI Guidance, But It’s Vital for Educators to Tread Carefully (EducationWeek) Hackvists release two gigabytes of Heritage Foundation data (CyberScoop) Microsoft and Apple ditch OpenAI board seats amid regulatory scrutiny (The Verge) Australia instructs government entities to check for tech exposed to foreign control (The Record) Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (BleepingComputer) Graham Cluley ties the knot (Mastodon)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Uniting against APT40.
09-07-2024
Uniting against APT40.
The UK’s NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmaster’s Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Dave Bittner is joined by Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. You can learn more about the state of pentesting from Cobalt’s State of Pentesting 2024 report here.  Selected Reading The NCSC and partners issue alert about evolving techniques used by China state-sponsored cyber attacks (NCSC) ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (The Record) New group exploits public cloud services to spy on Russian agencies, Kaspersky says (The Record) Continued Progress Towards a Secure Open Source Ecosystem (CISA) Decrypted: DoNex Ransomware and its Predecessors (Avast Threat Labs) Neiman Marcus data breach: 31 million email addresses found exposed (Bleeping Computer) GuardZoo spyware used by Houthis to target military personnel (Help Net Security) Cybersecurity Funding Surges in Q2 2024: Pinpoint Search Group Report Highlights Year-Over-Year Growth (Pinpoint Search Group) Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The age old battle between iPhone and Android.
08-07-2024
The age old battle between iPhone and Android.
Microsoft is phasing out Android use for employees in China. Mastodon patches a security flaw exposing private posts. OpenAI kept a previous breach close to the vest. Nearly 10 billion passwords are leaked online. A Republican senator presses CISA for more information about a January hack. A breach of the Egyptian Health Department impacts 122,000 individuals. South Africa's National Health Laboratory Service (NHLS) suffers a ransomware attack. Eldorado is a new ransomware-as-a-service offering. CISA adds a Cisco command injection vulnerability to its Known Exploited Vulnerabilities catalog. N2K’s CSO Rick Howard catches up with AWS’ Vice President of Global Services Security Hart Rossman to discuss extending your security around genAI.  Ransomware scrambles your peace of mind. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Recently N2K’s CSO Rick Howard caught up with AWS’ Vice President of Global Services Security Hart Rossman at the AWS re:Inforce event. They discussed extending your security around genAI. Watch Hart’s presentation from AWS re:Inforce 2024 - Securely accelerating generative AI innovation. Selected Reading Microsoft Orders China Staff to Switch From Android Phones to iPhones for Work (Bloomberg) Mastodon: Security flaw allows unauthorized access to posts (Stack Diary) A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too (The New York Times) “A treasure trove for adversaries”: 10 billion stolen passwords have been shared online in the biggest data leak of all time (ITPro) Senate leader demands answers from CISA on Ivanti-enabled hack of sensitive systems (The Record) Egyptian Health Department Data Breach: 120,000 Users' Data Exposed (GB Hackers) South African pathology labs down after ransomware attack (The Cape Independent) New Eldorado ransomware targets Windows, VMware ESXi VMs (Bleeping Computer) CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog (Security Affairs) New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]
05-07-2024
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]
As our team is offline taking an extended break for the July 4th Independence Day holiday in the US, we thought you'd enjoy an episode from one of N2K Network shows, Threat Vector. This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report. They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of 'living off the land' attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption supply chain attacks and share recommendations for mitigating these cyber threats. Resources: Read the 2024 Unit 42 Incident Response report. Listen to Beyond the Breach: Strategies Against Ivanti Vulnerabilities. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: The curious case of the missing IcedID. [Only Malware in the Building]
04-07-2024
Encore: The curious case of the missing IcedID. [Only Malware in the Building]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.  Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape. And be sure to check out the latest episode of Only Malware in the Building here. Learn more about your ad choices. Visit megaphone.fm/adchoices