The CyberWire Daily

The CyberWire Daily

thecyberwire.com/podcasts/daily-podcast
The daily cyber security news and insights leaders depend on.


Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
Aug 11 • 22 min
Belarus shuts down its Internet after its incumbent president’s surprising, perhaps implausible, no…really implausible landslide reelection. Papua New Guinea undergoes buyer’s remorse over that Huawei-built National Data Centre it sprung for a…
Introducing Word Notes - NMAP (noun)
Aug 11 • 3 min
The CyberWire’s newest show is here - it’s called Word Notes, and it just launched today with 10 binge-able episodes. Think of it as your audio infosec glossary. It’s not an interview show, it’s just fun, informative, 2-3 minute podcasts that…
What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
Aug 10 • 24 min
The US Office of the Director of National Intelligence has released an appreciation of the goals of election interference among three principal US adversaries, Russia, China and Iran. Anomali offers a look at the ransomware-as-a-service market with…
The Green Goldfish and cyber threat intelligence.
Aug 9 • 6 min
Cyber threat intelligence analyst Selena Larson from journalist to industrial security.
Like anything these days, you have to disinfect it first.
Aug 8 • 23 min
“Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” hosting usually refers to hosting locations in countries with little or corrupt law enforcement,…
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
Aug 7 • 24 min
President Trump issues Executive Orders restricting TikTok and WeChat in the US. A Chinese APT has been active in industrial espionage against Taiwan’s semiconductor industry. Intel sustains a leak of sensitive company intellectual property. Rewards…
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
Aug 6 • 22 min
The US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing. The US is also offering rewards of up to ten million dollars for information about foreign computer crimes aimed at…
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
Aug 5 • 20 min
NSA, yes, NSA, has some privacy advice. Interpol offers its take on where cybercrime is going during the time of the pandemic. Iran’s Oilrig is getting clever with its data exfiltration. The FBI would like to know when you’re finally going to move…
US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
Aug 4 • 20 min
The US attributes the Taidoor remote access Trojan to the Chinese government. Sources tell Reuters that documents used in an attempt to influence the last British general election were taken from the compromised email account of the trade minister….
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
Aug 3 • 22 min
Microsoft is in talks to acquire TikTok as the US hints that it may be considering action against other Chinese software companies. Three young men have been charged in the Twitter hack. An apparent distributed denial-of-service attack turns out to…
Rely on your strengths in the areas of the unknown.
Aug 2 • 7 min
Director of Security Engineering at Marketa and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus…
Detecting Twitter bots in real time.
Aug 1 • 21 min
NortonLifeLock Research Group (NRG) released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time. The tool is intended to help users understand the prevalence of bots and disinformation…
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
Jul 31 • 25 min
An update on social engineering at Twitter. A quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns. North Korea’s…
A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
Jul 30 • 19 min
Yesterday’s antitrust hearings in the US House of Representatives focus on Big Tech’s big data as something open to use in restraint of trade. And there are questions about community standards as well. The BootHole vulnerability may not represent…
Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.
Jul 29 • 20 min
Alleged Russian influence operations described by US intelligence services. “Ghostwriter” targets the Baltic region with anti-NATO false narratives. Chinese intelligence is said to have compromised Vatican networks. Loss of customer PII seems the…
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
Jul 28 • 21 min
Cloudflare says that reported Ukrainian breaches aren’t its issue. Trend Micro describes a new and unusually capable strain of malware. Garmin is reported to have obtained a decryptor for WastedLocker ransomware. Third-party risk continues in the…
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
Jul 27 • 20 min
A vigilante appears to be interfering with Emotet’s payloads. A fintech breach is blamed on a third-party service provider. A list of Cloudflare users is dumped online. There’s a going-out-of-business sale over at the Cerberus cybergang. Malek ben…
No matter the statistic, even if against the odds, focus on what you want.
Jul 26 • 6 min
Privacy and data security lawyer, Dominique Shelton Leipzig on doing what she’s always wanted to do with a cyber twist.
It was only a matter of time.
Jul 25 • 12 min
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability….
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.
Jul 24 • 24 min
CISA and NSA warn of a foreign threat to US critical infrastructure. A look at what the Bears have been up to lately. The Blackbaud extortion incident shows its ripple effects. An awful lot of Twitter employees had access to powerful admin tools….
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
Jul 23 • 21 min
Twitter updates the news of last week’s incident: the attackers seem to have accessed some direct messages. France’s partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline. A quiet cryptominer. The cyber…
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
Jul 22 • 20 min
“Meowing” is now a thing: the automated discovery and wiping of exposed and unprotected databases. The US indicts two Chinese nationals on eleven counts of hacking and reports evidence that Chinese intelligence services are now using…
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
Jul 21 • 21 min
The Intelligence and Security Committee of Parliament has rendered its report on the Russian cyber threat. Trend Micro reports on the workings of the cyber criminal underground economy. Ben Yelin on U.S. Customs and Border Protection collecting…
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
Jul 20 • 19 min
Notes on last week’s Twitter hack, and on the allure of original gangster and other celebrity usernames. Using marketing databases for intelligence collection. The US Government mulls a ban on TikTok. Johannes Ullrich from SANS on Google Cloud…
Have to be able to communicate to everybody.
Jul 19 • 6 min
Computer security writer, podcaster and public speaker Graham Cluley on bullying his way out of programming.
Every time we get smarter, the bad guy changes something.
Jul 18 • 30 min
Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this…
High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.
Jul 17 • 25 min
The Twitter hack is looking more like high-grade, low-end crime. It also worries people over the disinformation potential it suggests. People care, they really do, that someone hacked COVID-19 biomedical research (we’ll explain). Australia joins the…
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.
Jul 16 • 22 min
Twitter sustained a major incident in which celebrity accounts were hijacked yesterday. It seems to have been a social engineering caper, but it’s motivation, nominally financial, remains unclear. British authorities call out Russia for an influence…
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
Jul 15 • 20 min
A 2018 Presidential finding authorized extensive CIA cyber operations against Russia, China, Iran, and North Korea. Wattpad may have been breached. The SEC asks its registrants to take steps to protect themselves against ransomware. Free VPNs’…
Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
Jul 14 • 21 min
The British Government decides to ban Huawei. More on the malware associated with Golden Tax software package. The Molerats appear to be behind some spyware misrepresenting itself as a secure chat app. The Porphiex botnet is back distributing a new…
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
Jul 13 • 21 min
President Trump says he authorized US Cyber Command’s retaliation against Russia’s Internet Research Agency for midterm election meddling. North Korean financially motivated hacking as a sign of internal power dynamics. TrickBot accidentally…
Turn challenges into opportunities.
Jul 12 • 6 min
Cybersecurity and disinformation researcher Bilyana Lilly on her career path to affecting greater understanding.
Are you running what you think you’re running?
Jul 11 • 13 min
Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by…
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.
Jul 10 • 24 min
Unpatched and beyond-end-of-life systems are (again) at risk. Conti ransomware appears to be steadily displacing its ancestor Ryuk in criminal markets. Are privacy laws as consumer friendly as they’re often taken to be? There may be some grounds for…
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
Jul 9 • 20 min
Facebook takes down more coordinated inauthenticity. Preinstalled malware is found in discount phones available under the FCC’s Lifeline program. The Evilnum APT continues its attacks against fintech platforms and services. Joker Android malware…
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
Jul 8 • 20 min
The Natanz blast looks like traditional sabotage. CISA releases its strategy for securing industrial control systems. Authorities in Germany seize DDoSecrets’ server pursuant to a US request. Microsoft takes down COVID-19-themed BEC and phishing…
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
Jul 7 • 20 min
Explosions at Iranian nuclear sites remain unexplained, but look increasingly like conventional sabotage as opposed to cyberattacks. The Cosmic Lynx gang sets a high bar for business email compromise. The Purple Fox exploit kit gets an upgrade. Ben…
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
Jul 6 • 20 min
An Iranian nuclear installation may have been hacked. Or maybe not, but in any case it was damaged. Huawei gets more skeptical looks. European police round up hundreds of online contraband dealers. Thomas Etheridge from CrowdStrike on the increased…
Solving hard problems and pursuing your passions.
Jul 5 • 7 min
CEO Matt Devost, describes many firsts in his career, including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For…
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
Jul 2 • 21 min
Evil Corp seems to have been shuffling through some newspaper sites. Don’t take the gangs’ communiqués at face value, but some appear to be trolling for unprotected MongoDB databases. A look at Taurus, an information-stealer being sold in…
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
Jul 1 • 21 min
EvilQuest ransomware found in pirated versions of Little Snitch app. Out-of-band patches from Microsoft and Oracle. Extensive Chinese surveillance of Uighurs described. Hong Kong and the world react to China’s new National Security Law. The US FCC…
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
Jun 30 • 21 min
NSA and CISA agree: take Palo Alto’s advisory about its PAN-OS operating system seriously. StrongPity is back and active against targets in Turkey and Syria. A big Bitcoin scam is using spoofed news outlets and bogus celebrity endorsements to lure…
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
Jun 29 • 20 min
The University of California San Francisco pays Netwalker extortionists nearly a million and a half to recover its data. A Kashmir utility restores business systems after last week’s cyberattack. The website defacements in Ethiopia continue to look…
Get your foot in the door and prove your worth.
Jun 28 • 6 min
Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief…
Enter the RAT
Jun 27 • 21 min
A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade. The report…
Camille Stewart from Google and Lauren Zabierek from Harvard’s Belfer Center on the Sharethemicincyber event.
Jun 26 • 24 min
This is an extended interview of our conversation with Camille Stewart and Lauren Zabierek originally aired in our daily podcast 06/26/2020. In response to anti-black racism and the deaths of countless black people, the country and the world are…
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
Jun 26 • 25 min
Microsoft urges Exchange server patching. Sure it does your taxes, but it’s got another agenda, too: the GoldenSpy backdoor may be in your tax software if you do business in China. Magecart ups its game. DDoSecrets says they’re not going to roll…
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
Jun 25 • 19 min
Akamai’s report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater privacy. The US designates Huawei and Hikvision as…
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
Jun 24 • 22 min
Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into…
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
Jun 23 • 20 min
International conflicts and disputes are attended by hacking in South Asia, Australia, and Africa. The US designates four Chinese media outlets as foreign missions, that is, propaganda outfits. Sodinokibi ransomware sniffs at paycard and point-of-sale…
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
Jun 22 • 20 min
BlueLeaks dumps stolen police files online. A report of spyware delivered via network injection. COVID-19 apps and databases are reported to have indifferent privacy safeguards, and there’s been one big recent leak. India and Australia both on alert…
Superhero origin stories and lessons that last.
Jun 21 • 6 min
Johannes Ullrich relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security…
Click here to update your webhook.
Jun 20 • 16 min
Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from your applications to Slack. Generally, Slack webhooks are considered a low risk integration. A deeper…
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
Jun 19 • 23 min
A look at the “state-based cyber actor” the Australian government is concerned about. Some signs of Chinese retaliation for Five Eyes’ skepticism of Huawei. Johannes Ullrich explains malware triggering multiple signatures in anti-malware…
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
Jun 18 • 20 min
Sino-Indian conflict extends to cyberspace. InvisiMole connected to Gamaredon. Spyware found in Chrome extensions. Phishing around technical defenses (and some criminal use of captchas). The US Justice Department releases its study of Section 230 of…
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
Jun 17 • 21 min
Ripple20 vulnerabilities are reported in the IoT software supply chain. North Korean operators go for intelligence, but also for cash, and they’re phishing in LinkedIn’s pond. Sino-Indian tensions find expression in cyberspace. A long look at the…
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
Jun 16 • 20 min
What does Beijing want to know about US Presidential campaigns? Position papers, mostly. A redacted version of the CIA’s inquiry into the WikiLeaks Vault 7 material is out. That DDoS attack you read about on Twitter? Never happened. Former eBay…
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
Jun 15 • 19 min
A new Android spyware tool is deployed against China’s Uyghur minority. Anonymous claims it disrupted the Atlanta Police Department’s website yesterday to protest a police shooting. An apparently legitimate security firm has apparently been…
The mark of making a difference.
Jun 14 • 6 min
Each week we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. This will be a regular feature in our daily feed, but it will also have it’s own feed…
The value of the why and the who.
Jun 13 • 24 min
Proactive, efficient threat mitigation and risk management require understanding adversaries’ fundamental thought processes, not just their tools and methods. Cyber threat intelligence analysts combed through 15 years (2004 to 2019) of public…
Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
Jun 12 • 26 min
Twitter’s transparency efforts see through accounts being run by Chinese, Russian, and Turkish actors. Zoom is working to both comply with Chinese law and contain the reputational damage involved in doing so. Industrial firms recover from Ekans…
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
Jun 11 • 20 min
The Gamaredon Group is back, and what’s their secret? Like Crazy Eddie’s, it’s volume! Doxing during times of unrest. Phoney contact-tracing apps are snooping on personal information in at least ten countries. Thanos is a criminal favorite in…
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
Jun 10 • 20 min
Notes on Patch Tuesday—it was a fairly big one this time. Honda continues its investigation of the incident it sustained over the weekend, and outsiders see it as a ransomware attack. Facebook is said to have developed a Tails zero-day to help the…
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
Jun 9 • 21 min
Commercialized hacking-for-hire is traced to an Indian firm, but it’s probably not an isolated problem. Ransomware shuts down Honda production lines in three continents. Criminals develop and distribute an anti-DDoS tool to help keep the dark web…
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
Jun 8 • 20 min
South and Southwest Asian regional rivalries play out in cyberspace. Election interference could move from disruptive influence operations to actual vote manipulation. Someone is spearphishing leaders in Germany’s PPE task force. Nations move to…
Ask more people to dance.
Jun 7 • 5 min
Introducing the newest podcast in the CyberWire family - Career Notes. Each week we’re going to step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words….
Due diligence cannot be done as a one-off.
Jun 6 • 17 min
Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had…
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.
Jun 5 • 23 min
It’s mostly cyberespionage today, with an admixture of influence operations. Google has warned both major US Presidential campaigns that Chinese and Iranian intelligence services are after their staffers’ email accounts, so far apparently without…
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.
Jun 4 • 20 min
Nuisance-level hacktivism continues to surround US protests. The Higaisa APT is active in Southeast Asia. Goblin Panda is back, with USB-borne malware. A new strain of ransomware is described: “Tycoon.” The EU considers whether to sanction Russia…
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
Jun 3 • 20 min
Protest groups sustain DDoS attacks, too. Old school denial-of-service afflicts police radio networks in Chicago: they’re being jammed with talk, music, and other noise. Influencers and wannabes continue to use unrest as an occasion for on-line…
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
Jun 2 • 21 min
Unrest accompanied by misinformation, disinformation, and Anonymous theater. Booter hacktivism. Extremist inauthenticity. The Cyberspace Solarium Commission releases its white paper on the pandemic’s lessons for cybersecurity. Joe Carrigan unpacks…
Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
Jun 1 • 20 min
Hacking, and more claims of hacking, surround the unrest in Minnesota. Data breach at Amtrak Guest Rewards. More companies found port scanning. Four cybersecurity lessons from the pandemic. David Dufour from Webroot with an overview of online scams…
Extending security tools to the at home workforce during the pandemic.
May 31 • 29 min
In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past…
Twofold snooping venture.
May 30 • 18 min
Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected….
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
May 29 • 25 min
NSA warns that the GRU’s Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and…
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
May 28 • 21 min
Hackers-for-hire find criminal work during the pandemic. The US Department of Energy is said to have taken possession of a Chinese-manufactured transformer. US President Trump may be considering an Executive Order about the legal status of social…
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.
May 27 • 20 min
Berserk Bear is back, and snuffling around Germany’s infrastructure. Two new Android issues surface. India opens up the source code for its COVID-19 contact-tracing app as such technological adjuncts to public health continue to arouse privacy…
The evolution of malware, both criminal and state-run.
May 26 • 20 min
Turla tunes its tools. The commodity Trojan AnarchyGrabber is now stealing passwords. A new iOS jailbreak has been released. The UK reconsiders its decision to allow Huawei into its 5G networks. A tech group lobbies the US House against warrantless…
Naming and shaming is the worst thing we can do.
May 23 • 23 min
In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims’ networks before they deployed the…
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing…
May 22 • 25 min
Indonesia’s election database has leaked, and PII is for sale in the dark web. Phishing campaigns abuse Firebase. The Shiny Hunters are selling Mathway user records. US agencies warn of COVID-19-themed criminal campaigns. Contact tracing technology…
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
May 21 • 21 min
Website defacements in Israel may be hacktivist work. Iranian cyberespionage against Saudi Arabia and Kuwait. The latest evolution of ZeuS. The Winnti Group is still hacking, and it still likes stealing in-game commodities. Contact tracing during the…
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
May 20 • 20 min
Cyber spies steal prototype missile data. Others hack into South Asian telecoms, and still others go after easyJet passengers’ travel data. Cyberattacks, misinformation, and cyber fraud continue to follow the COVID-19 pandemic. Joe Carrigan weighs…
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
May 19 • 21 min
Foreign intelligence services attribute a recent cyberattack on an Iranian port to Israeli operators. EasyJet discloses a breach of passenger information. Verizon’s annual Data Breach Report is out, and it finds more errors than it does exploits. A…
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
May 18 • 20 min
European supercomputers were hacked by cryptominers. UK electrical power distributor recovers from its cyberattack. A database containing personal data related to the EU Parliament is found exposed. REvil says it’s got the celebrity goods, but has…
Gangnam Industrial Style APT campaign targets South Korea.
May 16 • 17 min
Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. CyberX has identified more than 200…
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
May 15 • 25 min
More malware designed for air-gapped systems. A British utility sustains a ransomware attack. The US Cyberspace Solarium Commission sees lessons in the pandemic for cybersecurity. Contact-tracing technologies take a step back,maybe a step or two…
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
May 14 • 20 min
ARCHER goes offline after a security incident. Scammers smish victims with bogus contact-tracing messages. Ramsay malware goes after air-gapped systems. Ako ransomware now places a surcharge on deletion of stolen data. Google boots creepware apps with…
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
May 13 • 20 min
Ransomware continues to steal personal information. Notes on Patch Tuesday—and please, by all means patch. The FBI says it’s investigating cyberespionage directed against COVID-19 researchers (and US officials see direct data corruption in…
Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
May 12 • 20 min
Unattributed cyberattacks in an Iranian port prompt speculation that a broader cyberwar in the Middle East may be in the offing. CISA releases malware analysis reports on North Korea’s Hidden Cobra. Astaroth malware grows more evasive (and it was…
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
May 11 • 20 min
A cyberattack with kinetic effect. Shiny Hunters post more stolen wares online. Thunderspy and evil maids. Some developing background to the US bulk power state-of-emergency Executive Order. Contact tracing apps: reliability, privacy, security,…
Cybersecurity First Principles
May 11 • 17 min
This week’s CSO Perspectives is the first in a series of shows about cybersecurity strategy. Rick Howard discusses the concept of first principles as an organizing principle and how the technique can be applied to cybersecurity to build a foundational…
The U.S. campaign trail is actually quite secure.
May 9 • 19 min
Multiple media reports have indicated that the United States’ (U.S.) 2020 general election could be targeted by foreign and domestic actors after the successful cyber and misinformation attacks during the 2016 general election. The responsibility of…
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
May 8 • 24 min
Naikon has returned from four years in the shadows to snoop around the shores of the South China Sea. Tencent trains censorship algorithms on WeChat. Snake ransomware is back, making its way through the healthcare sector. Seeing Charming Kitten’s…
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
May 7 • 19 min
A new Monero miner is out and about. Hidden Cobra is pushing a RAT through a Trojanized two-factor authentication app. The rise and fall of a botnet. Markets, criminal and legitimate, react to the pandemic. Ransomware hits Taiwan. Remcos is resurgent….
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
May 6 • 20 min
Facebook reports on the coordinated inauthenticity it took down in April. Investigations into COVID-19’s origins continue, as does medical espionage. Contact tracing’s challenges. Joe Carrigan from JHU ISI on recent flaws in antivirus products,…
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
May 5 • 20 min
A pretty Fancy Bear hunt in Germany. A new IoT botnet surfaces. Cryptojackers exploit a Salt bug. Bribing an insider as a way to get personal data. The UK’s NCSC and the US CISA issue a joint warning about campaigns directed against institutions…
A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
May 4 • 20 min
A US Executive Order on Securing the United States Bulk-Power System declares a state of emergency in electricity generation and distribution. China’s disinformation about COVID-19 may have begun in the earliest stages of the pandemic. Someone’s…
Fingerprint authentication is not completely secure.
May 2 • 17 min
Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. Our guest today is Craig Williams, director of Talos outreach at Cisco….
China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
May 1 • 24 min
Tensions between China and its neighbors. ICS incursions are troubling. The US intelligence community comments on COVID 19 disinformation. The FBI tracks increased cybercrime activity during the pandemic. Johannes Ullrich explains Excel 4 Macro…
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
Apr 30 • 20 min
Ransomware not only encrypts and steals data, but establishes persistence as well. Apple and Google roll out their exposure notification API. GCHQ will help secure Britain’s centralized contact tracing system. A conspiracy-minded motive for doxing….
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
Apr 29 • 21 min
Researchers see a coming shift in tactics used by Chinese “content farmers.” Amplifying disinformation through influencers and other agents of influence. PhantomLance is a quiet and selective Vietnamese cyber espionage campaign. Lawful intercept…
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
Apr 28 • 20 min
Shade ransomware operators close down, or so they say. A US pharmaceutical company is the victim of CLOP ransomware, and a Chinese medical research firm is breached by cyber criminals. Centralized versus decentralized approaches to contact tracing. A…
Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
Apr 27 • 20 min
Reports to the contrary, as far as anyone really knows, North Korea’s Kim is still large and in charge. Poland reports Russian disinformation effort. The EU issues a controversial report on COVID-19 disinformation amid accusations that Europe is…
Contact tracing as COVID-19 aid.
Apr 25 • 31 min
Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a contagious individual. Mayank Varia from Boston University describes how his team suggests an approach…
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
Apr 24 • 25 min
An update on those iOS zero-days: they may not be as serious as assumed. Calls to take biomedical facilities off the hacking target list. Nazar and the ShadowBrokers. NSA and ASD issue joint advice on web shell malware. A report on astroturfing and…
APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
Apr 23 • 20 min
Someone, probably Vietnam, is trying to develop intelligence on China’s experience with the coronavirus. Florentine Banker is an example of well-organized crime. iOS zero-days have been exploited in the wild; a fix is promised. A cryptomining botnet…
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.
Apr 22 • 21 min
The US Senate authorizes more COVID-19 small business relief. A data exposure at the US Small Business Administration. The CTL-League looks like a model for cyber volunteer organizations. The US Senate reports its evaluation of the Intelligence…
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
Apr 21 • 20 min
Fears about North Korean instability can wait until it’s determined that there’s actually instability. An economic espionage campaign targeted the oil and gas sector. Much phishing surrounds government COVID-19 economic relief programs around the…
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
Apr 20 • 20 min
A wave of attacks against hospitals and infrastructure in the Czech Republic seems to have been largely unsuccessful, but more may be on their way. German relief funds earmarked for small business are looted by cybercrooks. PoetRAT is active against…
Four cybersecurity novels to distract you from the current zombie apocalypse.
Apr 20 • 22 min
Rick Howard, the CyberWire’s Chief Analyst, CSO, and Senior Fellow discusses his favorite cyber novels to distract us from our current emergency situation: “Threat Vector” by Tom Clancy and Mark Greaney, “Neuromancer,” by William Gibson,…
Complementary colors: teaming tactics in cybersecurity.
Apr 19 • 27 min
We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for…
How low can they go? A spike in Coronavirus phishing.
Apr 18 • 14 min
As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web. Joining us today is Fleming Shi, CTO of Barracuda discussing…
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
Apr 17 • 25 min
Czech intelligence warns of an impending cyber campaign against hospitals. The US Defense Department alerts contractors that Electric Panda is back, and after their data. Pulse Secure VPN’s post- patching issues. Google blocks COVID-19 phishing…
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
Apr 16 • 21 min
The US Government issues a major advisory warning of North Korean offensives in cyberspace, most of them financially motivated. Ericsson will provide BT the equipment to replace Huawei gear in its networks. Notes on COVID-19-themed cybercrime. Some…
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
Apr 15 • 20 min
Energetic Bear’s pawprints seen at SFO. A leading windpower company is hit with ransomware. Advice for more secure telework. Why healthcare is an attractive target for cyberattack during a pandemic. ICANN pleads for action against scam domains. And…
The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.
Apr 14 • 19 min
Demand for online services during the pandemic stresses government providers. APT41’s backdoor campaign aimed at information theft. Contact-tracking apps and privacy. Some courts move to hear cases online. Zoom’s continuing mixed success. And did…
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
Apr 13 • 21 min
Vandals prank victims with security researchers’ names. San Francisco International discloses compromised networks. Google and Apple cooperate on contact tracking tech. Chinese disinformation campaigns rely on ad purchases and social media…
Alexa, are you actually self-aware? (And, does it matter?)
Apr 13 • 15 min
Enjoy the second of three free episodes of our new CSO Perspectives podcast. Rick Howard, the CyberWire’s Chief Analyst, discusses the Artificial Intelligence hype. Listen as Rick talks about the emergence of machine learning as a key…
Profiling an audacious Nigerian cybercriminal.
Apr 11 • 20 min
By day, he is Dton, an upstanding Nigerian citizen. He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored…
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
Apr 10 • 26 min
The curious history of the delusion that COVID-19 has something to do with 5G. Malvertising spoofs a security company’s website. Data breach hits Pakistani mobile users. xHelper is still in circulation. Data privacy versus data utility….
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.
Apr 9 • 21 min
Operation Pinball roils up Eastern Europe and the Near Abroad. Crooks who can’t write idiomatic American English are spoofing emails from the White House in a COVID-19-themed phishing campaign. CISA updates telework guidelines for Federal agencies….
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
Apr 8 • 20 min
NCSC and CISA issue a joint warning on cyber threats during the COVID-19 pandemic. India’s government seeks to limit disinformation in social media. Zoom works on privacy issues, and government contact-tracking apps face their own problems. A new…
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
Apr 7 • 21 min
Criminals increase their targeting of hospitals and pharmaceutical companies. Ordinary scams proliferate worldwide, using COVID-19 as their bait. Social media seek to inhibit the flow of coronavirus misinformation. The commodification of zero-day…
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
Apr 6 • 20 min
The COVID-19 pandemic continues to drive a spike in cybercrime. It’s also been the occasion for various state-operated disinformation campaigns, and for some surprisingly widespread popular delusions. Zoom’s acknowledgement that some traffic was…
Your Security Stack is Moving: SASE is Coming.
Apr 6 • 13 min
Introducing: CSO Perspectives with Rick Howard. We are just now witnessing the beginnings of a new and disruptive way that the our organization’s CxOs will deploy software defined networking (SD-WAN) and consume cybersecurity services. It is called…
A rough year ahead for ransomware attacks - and how to stop them.
Apr 4 • 12 min
2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their reach. Allan Liska, Senior Analyst at Recorded Future, shares their findings and predictions in…
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
Apr 3 • 26 min
Geolocation in support of social distancing. Fixing vulnerabilities in a popular teleconferencing service. Twitter bots running an influence campaign against the Turkish government are taken down. A biotech firm reports a ransomware attack. More on…
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
Apr 2 • 20 min
Attempts on World Health Organization email accounts possibly linked to Iran. Mandrake Android malware is active against carefully selected targets. Vollgar attacks Windows systems running MS-SQL Server. Hospitals remain attractive targets for…
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
Apr 1 • 20 min
Marriott discloses a major data breach. Another insecurely configured Elasticsearch database is found, this one belonging to a secure cloud backup provider. More spearphishing from Pyongyang. The US Justice Department IG sees systemic problems in the…
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
Mar 31 • 20 min
FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the…
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Mar 30 • 21 min
Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgia’s voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance…
Hidden dangers inside Windows and LINUX computers.
Mar 28 • 20 min
Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick…
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Mar 27 • 25 min
Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North Korean…
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
Mar 26 • 19 min
NIST offers advice on telework, as does Microsoft. Things to do for your professional growth while you’re in your bunker. Magecart hits Tupperware, and they won’t be the last as e-commerce targeting spikes. DNS hijacking contributes to an…
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
Mar 25 • 20 min
APT41 is back, and throwing its weight around in about twenty verticals. States and gangs swap commodity malware. The FSB—yes, that FSB—takes down a major Russian carding gang. Coronavirus-themed attacks are likely to outlast the pandemic. Facebook…
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
Mar 24 • 20 min
WildPressure APT targets industrial systems in the Middle East. ICS attack tools show increasing commodification. TrickMo works against secure banking. Microsoft warns of RCE vulnerability in the way Windows renders fonts. Click fraud malware found in…
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.
Mar 23 • 20 min
US prosecutors begin to follow through on their announced determination to pay close attention to coronavirus fraud. Data stolen from Chinese social network Weibo is now for sale on the black market—at a discount. The pandemic affects scheduled…
The security implications of cloud infrastructure in IoT.
Mar 21 • 27 min
Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. The key findings in these reports shed light on security missteps that are actually in practice by…
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.
Mar 20 • 24 min
CISA describes what counts as critical infrastructure during a pandemic, and offers some advice on how to organize work during the emergency. Iran runs a disinformation campaign—apparently mostly for the benefit of a domestic audience—alleging that…
EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
Mar 19 • 20 min
The EU suggests that Russia’s mounting an ongoing disinformation campaign concerning COVID-19. Russia says they didn’t do nuthin’. TrickBot is back with a new module, still under development, and it seems most interested in Hong Kong and the US….
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been…an incident. Advice from NIST, and from Dame Vera Lynne.
Mar 18 • 21 min
More coronavirus phishing expeditions. Don’t let idleness or desperation lead you into a money-mule scam. How do behavioral expectations change during periods of remote work? The Health and Human Services incident appears to be just that. NIST has…
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
Mar 17 • 20 min
The cyberattack on the US Department of Health and Human Services seems now to have been a minor incident. Disinformation about COVID-19 and measures to contain the pandemic continues to serve as both phishbait and disruption. And US prosecutors move…
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
Mar 16 • 20 min
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working. David Dufour from Webroot on their 2020 Threat Report, guest is Simone Petrella from CyberVista on cybersecurity skills….
TLS is here to stay.
Mar 14 • 16 min
As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more attention, since it’s easier for analysts and security tools to identify malicious communication…
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.
Mar 13 • 24 min
COVID-19 significantly increased remote working, and the pandemic is now a favorite lure in the phishing tackle of both intelligence services and criminal gangs. Russian trolling has been off-shored, setting up shop in Ghana and Nigeria for running…
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
Mar 12 • 20 min
Turla’s back, this time with watering holes in compromised Armenian websites. Data exposures are reported in the Netherlands and the United States. China accuses Taiwan of waging cyberwarfare in an attempt to disrupt Beijing’s management of the…
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.
Mar 11 • 19 min
The Cyberspace Solarium has released its report, as promised, and they wish to make your flesh creep. Coronavirus scams and phishbait amount to what some are calling an “infodemic.” Some notes on Patch Tuesday, and, finally, some words on the…
Caution in the Play store. EU power consortium’s business systems hacked. Cablegate—a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
Mar 10 • 20 min
Google removes from the Play store an app nominally designed to track COVID-19 infections. An EU power distribution consortium says its business systems were hacked. An assessment of Cablegate has been declassified. Ex-CIA employee Schulte’s trial…
Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.
Mar 9 • 20 min
Coronavirus misinformation, coronavirus online scams, and coronavirus disinformation. Ransomware hits a steel plant, local government, and a defense contractor. And how criminals’ desire for glory betrays them in social media. Zulfikar Ramzan from…
Overworked developers write vulnerable software.
Mar 7 • 14 min
Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately secure code development depends on the actions and decisions taken by the people who develop the code….
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
Mar 6 • 23 min
Virgin Media discloses a data exposure incident, another misconfigured database. Microsoft subdomains are reported vulnerable to takeover. A dark web search engine is gaining popularity, and black market share. Researchers find that Russian…
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
Mar 5 • 19 min
Credential stuffing affects J. Crew and Tesco customers. T-Mobile discloses a data breach. Emcor works to recover from a ransomware infestation. Coronavirus-themed emails remain common phishbait—it’s an international problem. US authorities are…
Election security—a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
Mar 4 • 20 min
A quick security retrospective on Super Tuesday, a day on which no dogs barked (or bears growled, or kittens yowled, or pandas did whatever it is that pandas do). The Cyberspace Solarium previewed the good-government framework it intends to recommend…
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.
Mar 3 • 22 min
Chinese security firm calls out the US CIA for Vault 7 campaigns against civil aviation. Meanwhile, the jury’s out in the Joshua Shulte Vault 7 case. Incident responders in the UK may be reentering the labor market. US agencies issue a joint warning…
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
Mar 2 • 18 min
It’s Super Tuesday eve, and people worry about influence operations, both foreign and domestic. DoppelPaymer hits a precision manufacturer, and moves surprisingly quickly to expose stolen files. Vulnerable WordPress plugins are being exploited in…
Application tracking in Wacom tablets.
Feb 29 • 18 min
Today’s Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing discovery involving his Wacom tablet tracking his applications. The post struck a nerve and has…
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
Feb 28 • 25 min
South Carolina prepares for tomorrow’s primary, confident that it will be able to conduct the vote securely and without disruption. An evolved version of the Cerberus Trojan has been spotted. Bots are making fraudulent appeals for brushfire aid to…
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
Feb 27 • 22 min
Naming and shaming seems to work, at least against China’s Ministry of State Security. Iranian cyberespionage continues its regional focus. Wi-Fi chip flaws could expose encrypted traffic to snoopers. Someone, maybe from abroad, is pretending to be…
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.
Feb 26 • 20 min
Google patches a Chrome zero-day. Ransomware attacks against infrastructure. DoppelPaymer prepares to dox its victims. How CISA and NSA cooperate. Dallas County, Iowa, finally drops charges against pentesters. Mr. Assange’s evolving defense against…
Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt—no joy this time. Notes from RSAC 2020.
Feb 25 • 22 min
Cloud Snooper is infesting cloud infrastructure servers. A China-skeptical advocacy group draws attention to US states’ contracts with Chinese vendors that aren’t named “Huawei.” Senator Wyden would like the security company that audited the…
Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.
Feb 24 • 21 min
The EU condemns Russian cyberattacks on Georgia, and Russia says Russia didn’t do it—it’s all propaganda. Skids can buy spamming tools for less than twenty bucks. Satellite constellations offer an expanding attack surface. Amid continuing worries…
Rigging the game.
Feb 23 • 40 min
*This is a rebroadcast from our Cyber Law and Policy show, Caveat.* Ben describes a decades-long global espionage campaign alleged to have been carried out by the CIA and NSA, Dave shares a story about the feds using cell phone location data for…
New vulnerabilities in PC sound cards.
Feb 22 • 19 min
SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. On this week’s Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at…
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
Feb 21 • 23 min
The US Defense Information Agency discloses a data breach affecting personal information of up to two-hundred thousand individuals. More international reprobation for the alleged GRU hack of Georgian websites. Trolls move from creation to curation….
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.
Feb 20 • 21 min
British and American authorities blame Russia’s GRU for last October’s defacement campaign against Georgian websites. Senator Sanders thinks maybe some of his apparent supporters are Russian bots—the ones who are tweeting bad stuff in social…
Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
Feb 19 • 20 min
CISA reports a ransomware infestation in a US natural gas compression facility—it arrived by spearphishing and there are, CISA thinks, larger lessons to be learned. A new threat actor, possibly linked to China’s government, is running an espionage…
Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
Feb 18 • 21 min
Fox Kitten appears to combine three APTs linked to Iran. LokiBot is masquerading as an installer for Epic Games. Unsigned firmware found in multiple devices. Extortionists threaten to flood AdSense banners with bot traffic. China says the Empire of…
If you can’t detect it, you can’t steal it.
Feb 15 • 23 min
BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical “stealth” encryption technology that will be significantly more secure and private for highly-sensitive…
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
Feb 14 • 23 min
The US indicts Huawei for racketeering. The FBI and CISA release details on malware used by North Korea’s Hidden Cobra. Iran attributes last week’s DDoS attack to the US. Google takes down a big malvertising and click-fraud network that exploited…
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
Feb 13 • 20 min
Researchers report phishing campaigns underway in the Palestinian Territories. They appear to be a Hamas-linked effort targeting the rival Fatah organization. FireEye offers a summary of current Iranian cyber capabilities. The GAO warns that the…
Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
Feb 12 • 20 min
Facebook takes down coordinated inauthenticity from Myanmar, Vietnam, Iran, and Russia. The US says it’s got the goods on Huawei’s backdoors. Notes on Patch Tuesday. The EU backs away from a five-year moratorium on facial recognition software….
Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
Feb 11 • 20 min
Pyongyang establishes a template for pariah states trying to profit in cyberspace. The FBI warns that there’s a RAT in the ICS software supply chain. The US has a new counterintelligence strategy, and cyber figures in it prominently. Likud’s…
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
Feb 10 • 21 min
US indicts four members of China’s People’s Liberation Army in connection with the 2017 Equifax breach. North Korea establishes an Internet template for pariah regimes’ sanctions evasion. Iran sustained a major DDoS attack Saturday. US…
The Chameleon attacks Online Social Networks
Feb 8 • 16 min
The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a…
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
Feb 7 • 25 min
Chinese espionage groups target Malaysian officials, and two more Japanese defense contractors say they were breached, also by China. Google patches Android problems, including an unusual Bluetooth bug. Google also expels apps that wanted unreasonable…
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.
Feb 6 • 21 min
Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.’s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The…
Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
Feb 5 • 20 min
Iowa’s Democrats are still counting their caucus results, but on the other hand they weren’t hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a…
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
Feb 4 • 21 min
Iowa Democrats work to sort out app-induced confusion over Monday’s Presidential caucus. A McAfee study finds widespread susceptibility to influence operations in US county websites. Twitter fixes an API vulnerability and suspends a large network of…
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
Feb 3 • 17 min
Dragos publicly releases its full report on EKANS ransomware, the first known ransomware with a real if primitive capability against industrial control systems. An Australian logistics company struggles with an unspecified malware infestation….
Eric Haseltine on his book, “The Spy in Moscow Station.”
Feb 2 • 25 min
On this Special Edition, our extended conversation with Eric Haseltine on his book “.” The book… “tells of a time when—much like today—Russian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of…
Tracking one of China’s hidden hacking groups - Research Saturday
Feb 1 • 17 min
Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. We are joined by Fox-IT’s Maarten van Dantzig who shares his insights into their new…
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is…
Jan 31 • 23 min
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is…
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
Jan 30 • 22 min
UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million…
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.
Jan 29 • 21 min
Snake ransomware appears to have hit industrial control systems, and may be connected to Iran. The verdict on the Saudi hack of Mr. Bezos’ phone seems to stand at not proven, but the Kingdom does seem to have used Pegasus intercept tools against…
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
Jan 28 • 20 min
Britain decides to let Huawei into its 5G infrastructure, just a little bit, anyway. Citizen Lab reports on its investigation of Saudi use of Pegasus spyware against journalists. Avast is again collecting user data and sharing anonymized data with a…
A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
Jan 27 • 19 min
Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos’ iPhone: that…
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC
Jan 26 • 32 min
In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to…
Know Thine Enemy - Identifying North American Cyber Threats - Research Saturday
Jan 25 • 26 min
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into…
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
Jan 24 • 26 min
PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking…
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
Jan 23 • 18 min
There’s more phishing around the Arabian Gulf, but it doesn’t look local. Reactions to Brazil’s indictment of Glenn Greenwald. The forensic report on Jeff Bezos’s smartphone has emerged, and the UN wants some investigating. Microsoft discloses…
The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
Jan 22 • 20 min
UN rapporteurs say that the Saudi Crown Prince was probably involved in the installation of spyware on Amazon founder Jeff Bezos’s personal phone. Brazilian prosecutors have indicted Glenn Greenwald, co-founder of the Intercept, on hacking charges….
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
Jan 21 • 20 min
A new RAT goes after Arabic-speaking targets. Updates on US-Iranian tension in cyberspace. An Internet Explorer bug is being exploited in the wild; a patch will arrive in February. A pseudo-vigilante seems to be preparing Citrix devices for future…
Clever breaches demonstrate IoT security gaps - Research Saturday
Jan 18 • 20 min
Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no…
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
Jan 17 • 25 min
Hacks and rumors of hacks surrounding US-Iranian tension. Ukrainian authorities are looking into the Burisma hack, and they’d like FBI assistance. The FBI quietly warns that two US cities were hacked by a foreign service. The New York Fed has…
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Jan 16 • 21 min
Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls “heightened geopolitical tension.”…
Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
Jan 15 • 21 min
NSA gives Microsoft a heads-up about a Windows vulnerability, and CISA is right behind them with instructions for Federal civilian agencies and advice for everyone else. Norway’s Consumer Council finds that dating apps are “out of control” with…
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
Jan 14 • 21 min
NSA discloses a vulnerability to Microsoft so it can be patched quickly. Intrusion Truth describes thirteen front companies for China’s APT40—they’re interested in offensive cyber capabilities. Area 1 reports that Russia’s GRU conducted a…
Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
Jan 13 • 20 min
The FBI reiterates prudent, consensus warnings about a heightened probability of cyberattacks from Iran, but so far nothing beyond credential-spraying battlespace preparation has come to notice. The US Congress mulls the definition of “act of war”…
Profiling the Linken Sphere anti-detection browser - Research Saturday
Jan 11 • 11 min
Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an…
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
Jan 10 • 25 min
Amid indications that both Iran and the US would prefer to back away from open war, concerns about Iranian power grid battlespace preparation remain high. Recent website defacements, however, increasingly look more like the work of young hacktivists…
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
Jan 9 • 21 min
As kinetic combat abates in Iraq, warnings of cyber threats increase. US intelligence agencies warn of heightened likelihood of Iranian cyber operations. These may be more serious than the low-grade website defacements and Twitter impersonations so…
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
Jan 8 • 21 min
Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed,…
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
Jan 7 • 21 min
The kittens haven’t scratched much so far, but the US Government and others are warning organizations to be alert to the likelihood of Iranian cyberattacks in retaliation for the combat death, by US missile, of Quds Force commander Soleimani. Fancy…
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
Jan 6 • 17 min
Iran vows retribution for the US drone strike that killed the commander of the Quds Force. The US prepares for Iranian action, and the Department of Homeland Security warns that cyberattacks are particularly likely. Some low-grade Iranian cyber…
Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.
Jan 3 • 22 min
The US and Iran trade fire in Iraq, and a leading Iranian general is killed in a US airstrike. A corresponding escalation of cyber operations can be expected. Currency exchange Travelex continues to operate manually as it works to recover from what it…
A Jira vulnerability that’s leaking data in the public cloud - Research Saturday
Jan 2 • 13 min
Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery —…
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
Jan 2 • 20 min
Microsoft takes down bogus domains operated by North Korea’s Thallium Advanced Persistent Threat. The Cloud Hoppercyber espionage campaign turns out to have been far more extensive than hitherto believed. The US wants Huawei (and ZTE) out of…
Special Edition - Daniel Garrie from Law & Forensics on eDiscovery
Dec 31, 2019 • 16 min
In this CyberWire special edition, an extended conversation with Daniel Garrie from Law & Forensics, a global legal engineering firm, and Editor-in-Chief of the Journal of Law & Cyber Warfare. Much of the discovery that happens in litigation…
Special Edition - Ron Gula and Mike Janke - VC pitfalls and how to avoid them
Dec 30, 2019 • 29 min
In this CyberWire special edition, advice from a pair of seasoned cyber security investors. Ron Gula caught our eye with an article he recently penned titled “Cyber entrepreneur pitfalls you can avoid.” In it, he gathers a group of tech investors to…
Special Edition - Mandy Rogers from Northrup Grumman on her career and diversity in cyber security
Dec 28, 2019 • 18 min
In this CyberWire special edition, an extended conversation with Mandy Rogers, Operations Manager for Engineering and Sciences at Northrup Grumman. The conversation centers around her inspirational career journey from humble beginnings on a farm in…
Special Edition - Phil Quade from Fortinet on his book “The Digital Big Bang”
Dec 27, 2019 • 11 min
In this CyberWire special edition, an extended conversation with Phil Quade, CISO of Fortinet and author of the book “The Digital Big Bang”. The book features insights from industry security leaders from both the public and private sectors revealing…
Special Edition - Bob Ackerman from Allegis Capital with Insights on the cyber security VC environment
Dec 26, 2019 • 10 min
In this CyberWire special edition, an extended conversation with Bob Ackerman from Allegis Capital. Cybersecurity will continue to be a major investment theme in 2020, but the maturing of the market will see a change to focus on better measurement and…
Special Edition - Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach
Dec 24, 2019 • 19 min
In this CyberWire special edition, an extended conversation with Kevin Lancaster from Kaseya and ID Agent. In 2015, Kevin led the team responsible for restoring and protecting the identities of 4.2M gov employees in the Office of Personnel Management…
Special Edition - Sean O’Brien with @RISK Technologies on Election Security.
Dec 23, 2019 • 26 min
In this CyberWire special edition, a conversation with Sean O’Brien with @RISK Technologies on Election Security. Having fought both on the ground in Africa as a member of the US Intelligence Community and the Department of Defense and in cyberspace…
Inside Magecart and Genesis. — Research Saturday
Dec 21, 2019 • 17 min
Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona…
Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
Dec 20, 2019 • 21 min
Pegasus may have appeared in Pakistan. Legion Loader packs in six bits of malware in one Hornets’ Nest campaign. Someone may have hacked Bank of England press releases to give them a few seconds’ advantage in high-speed trading. Frakfurt, in the…
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.
Dec 19, 2019 • 20 min
Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in…
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
Dec 18, 2019 • 20 min
More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style—the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much…
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
Dec 17, 2019 • 21 min
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Dec 16, 2019 • 16 min
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Special Edition — Capturing the flag at NXTWORK 2019
Dec 15, 2019 • 29 min
Capturing the flag at NXTWORK 2019
WAV files carry malicious data payloads. — Research Saturday
Dec 14, 2019 • 16 min
WAV files carry malicious data payloads. — Research Saturday
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
Dec 13, 2019 • 22 min
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
Dec 12, 2019 • 19 min
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
Dec 11, 2019 • 20 min
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
Dec 10, 2019 • 19 min
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
Dec 9, 2019 • 14 min
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
Targeting routers to hit gaming servers. — Research Saturday
Dec 7, 2019 • 16 min
Targeting routers to hit gaming servers. — Research Saturday
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
Dec 6, 2019 • 22 min
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
Dec 5, 2019 • 21 min
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
Dec 4, 2019 • 20 min
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
Dec 3, 2019 • 20 min
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
Dec 2, 2019 • 15 min
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
Caveat 04 — Slowly awakening to the problems we face
Dec 1, 2019 • 41 min
Caveat 04 — Slowly awakening to the problems we face
Special Edition — Peter W. Singer author of LikeWar
Nov 30, 2019 • 31 min
Special Edition — Peter W. Singer author of LikeWar
Special Edition — John Maeda author of How to Speak Machine
Nov 29, 2019 • 20 min
Special Edition — John Maeda author of How to Speak Machine
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
Nov 27, 2019 • 20 min
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
Nov 26, 2019 • 19 min
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
Nov 25, 2019 • 20 min
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
Mustang Panda leverages Windows shortcut files. — Research Saturday
Nov 23, 2019 • 12 min
Mustang Panda leverages Windows shortcut files. — Research Saturday
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
Nov 22, 2019 • 25 min
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
Nov 21, 2019 • 20 min
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
Nov 20, 2019 • 18 min
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
Nov 19, 2019 • 20 min
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Nov 18, 2019 • 15 min
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Sodinokibi aka REvil connections to GandCrab — Research Saturday
Nov 16, 2019 • 17 min
Sodinokibi aka REvil connections to GandCrab — Research Saturday
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
Nov 15, 2019 • 26 min
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
Nov 14, 2019 • 19 min
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
Nov 13, 2019 • 20 min
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
Nov 12, 2019 • 15 min
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
Special Edition — Andy Greenberg from WIRED on his book “Sandworm.”
Nov 11, 2019 • 26 min
Special Edition — Andy Greenberg from WIRED on his book “Sandworm.”
Monitoring the growing sophistication of PKPLUG — Research Saturday
Nov 9, 2019 • 20 min
Monitoring the growing sophistication of PKPLUG — Research Saturday
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
Nov 8, 2019 • 24 min
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
Nov 7, 2019 • 20 min
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
Nov 6, 2019 • 20 min
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
Nov 5, 2019 • 15 min
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
Nov 4, 2019 • 15 min
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
Special Edition — Insider Threats
Nov 3, 2019 • 22 min
Special Edition — Insider Threats
Usable security is a delicate balance. — Research Saturday
Nov 2, 2019 • 18 min
Usable security is a delicate balance. — Research Saturday
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
Nov 1, 2019 • 25 min
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
Oct 31, 2019 • 20 min
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
The Malware Mash
Oct 31, 2019 • 3 min
The Malware Mash
Caveat Ep 2 — Privacy and biometric data.
Oct 30, 2019 • 37 min
Caveat Ep 2 — Privacy and biometric data.
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
Oct 30, 2019 • 20 min
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
Oct 29, 2019 • 21 min
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
Oct 28, 2019 • 16 min
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
Masad Steals via Social Media. — Research Saturday
Oct 26, 2019 • 17 min
Masad Steals via Social Media. — Research Saturday
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
Oct 25, 2019 • 26 min
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
Oct 24, 2019 • 20 min
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
Caveat — Crowdsourced private surveillance.
Oct 24, 2019 • 39 min
Caveat — Crowdsourced private surveillance.
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
Oct 23, 2019 • 20 min
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
Oct 22, 2019 • 21 min
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
Oct 21, 2019 • 15 min
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
Hoping for SOHO security — Research Saturday
Oct 19, 2019 • 15 min
Hoping for SOHO security — Research Saturday
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Oct 18, 2019 • 25 min
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
Oct 17, 2019 • 20 min
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
Oct 16, 2019 • 19 min
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
Oct 15, 2019 • 20 min
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
Decrypting ransomware for good. — Research Saturday
Oct 12, 2019 • 19 min
Decrypting ransomware for good. — Research Saturday
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
Oct 11, 2019 • 22 min
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
Oct 10, 2019 • 19 min
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
Oct 9, 2019 • 20 min
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
Oct 8, 2019 • 19 min
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
Oct 7, 2019 • 17 min
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
The fuzzy boundaries of APT41. — Research Saturday
Oct 5, 2019 • 22 min
The fuzzy boundaries of APT41. — Research Saturday
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
Oct 4, 2019 • 25 min
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
Oct 3, 2019 • 20 min
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
Oct 2, 2019 • 20 min
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
Oct 1, 2019 • 20 min
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
Sep 30, 2019 • 19 min
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
Focusing on Autumn Aperture. — Research Saturday
Sep 28, 2019 • 18 min
Focusing on Autumn Aperture. — Research Saturday
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
Sep 27, 2019 • 25 min
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
Sep 26, 2019 • 20 min
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
Sep 25, 2019 • 20 min
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
Sep 24, 2019 • 19 min
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
Sep 23, 2019 • 16 min
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
Leaky guest networks and covert channels. — Research Saturday
Sep 21, 2019 • 15 min
Leaky guest networks and covert channels. — Research Saturday
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
Sep 20, 2019 • 24 min
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
Sep 19, 2019 • 18 min
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
Sep 18, 2019 • 19 min
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
Sep 17, 2019 • 20 min
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
Sep 16, 2019 • 17 min
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
Bluetooth blues: KNOB attack explained. — Research Saturday
Sep 14, 2019 • 17 min
Bluetooth blues: KNOB attack explained. — Research Saturday
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
Sep 13, 2019 • 25 min
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
Sep 12, 2019 • 19 min
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
Sep 11, 2019 • 20 min
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
Sep 10, 2019 • 20 min
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
Sep 9, 2019 • 15 min
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
VOIP phone system harbors decade-old vulnerability. — Research Saturday
Sep 7, 2019 • 26 min
VOIP phone system harbors decade-old vulnerability. — Research Saturday
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
Sep 6, 2019 • 25 min
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
Sep 5, 2019 • 19 min
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
Sep 4, 2019 • 19 min
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
Sep 3, 2019 • 20 min
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
Emotet’s updated business model — Research Saturday
Aug 31, 2019 • 23 min
Emotet’s updated business model — Research Saturday
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
Aug 30, 2019 • 21 min
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
Aug 29, 2019 • 19 min
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
Aug 28, 2019 • 20 min
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
Aug 27, 2019 • 19 min
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
Aug 26, 2019 • 19 min
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
Gift card bots evolve and adapt — Research Saturday
Aug 24, 2019 • 23 min
Gift card bots evolve and adapt — Research Saturday
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
Aug 23, 2019 • 22 min
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
Aug 22, 2019 • 20 min
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
Aug 21, 2019 • 20 min
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
Aug 20, 2019 • 21 min
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
Aug 19, 2019 • 19 min
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
Detecting dating profile fraud — Research Saturday
Aug 17, 2019 • 25 min
Detecting dating profile fraud — Research Saturday
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
Aug 16, 2019 • 23 min
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
Aug 15, 2019 • 18 min
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
Aug 14, 2019 • 20 min
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
Aug 13, 2019 • 20 min
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
Aug 12, 2019 • 20 min
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
Unpacking the Malvertising Ecosystem — Research Saturday
Aug 10, 2019 • 26 min
Unpacking the Malvertising Ecosystem — Research Saturday
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
Aug 9, 2019 • 25 min
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Aug 8, 2019 • 19 min
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
Aug 7, 2019 • 20 min
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Aug 6, 2019 • 20 min
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
Aug 5, 2019 • 18 min
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
Package manager repository malware detection — Research Saturday
Aug 3, 2019 • 11 min
Package manager repository malware detection — Research Saturday
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
Aug 2, 2019 • 24 min
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
Aug 1, 2019 • 20 min
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
Jul 31, 2019 • 19 min
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
Jul 30, 2019 • 20 min
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
Jul 29, 2019 • 19 min
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
Special Edition - Cult of the Dead Cow author Joseph Menn extended interview
Jul 28, 2019 • 23 min
Special Edition - Cult of the Dead Cow author Joseph Menn extended interview
Day to day app fraud in the Google Play store — Research Saturday
Jul 27, 2019 • 20 min
Day to day app fraud in the Google Play store — Research Saturday
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
Jul 26, 2019 • 25 min
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
Jul 25, 2019 • 20 min
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
Jul 24, 2019 • 19 min
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
Jul 23, 2019 • 19 min
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
Jul 22, 2019 • 19 min
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
Special Edition — The Fifth Domain coauthor Richard A. Clarke
Jul 21, 2019 • 22 min
Special Edition — The Fifth Domain coauthor Richard A. Clarke
Nansh0u not your normal cryptominer — Research Saturday
Jul 20, 2019 • 17 min
Nansh0u not your normal cryptominer — Research Saturday
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
Jul 19, 2019 • 24 min
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
Jul 18, 2019 • 19 min
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
Jul 17, 2019 • 20 min
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
Jul 16, 2019 • 19 min
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
Jul 15, 2019 • 19 min
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
Opportunistic botnets round up vulnerable routers — Research Saturday
Jul 13, 2019 • 18 min
Opportunistic botnets round up vulnerable routers — Research Saturday
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
Jul 12, 2019 • 23 min
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
Jul 11, 2019 • 20 min
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
Jul 10, 2019 • 20 min
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
Jul 9, 2019 • 20 min
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
Jul 8, 2019 • 20 min
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.
Jul 3, 2019 • 20 min
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
Jul 2, 2019 • 19 min
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
Jul 1, 2019 • 20 min
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
Giving everyone a stake in the success of Open Source implementation — Research Saturday
Jun 29, 2019 • 21 min
Giving everyone a stake in the success of Open Source implementation — Research Saturday
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”
Jun 28, 2019 • 24 min
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
Jun 27, 2019 • 20 min
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
Jun 26, 2019 • 20 min
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.
Jun 25, 2019 • 20 min
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.
Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.
Jun 24, 2019 • 19 min
Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.
Middleboxes may be meddling with TLS connections — Research Saturday
Jun 22, 2019 • 21 min
Middleboxes may be meddling with TLS connections — Research Saturday
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
Jun 21, 2019 • 24 min
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
Jun 20, 2019 • 20 min
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
Jun 19, 2019 • 19 min
BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
Jun 18, 2019 • 20 min
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
Jun 17, 2019 • 20 min
Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
Apps on third-party Android store carry unwelcome code — Research Saturday
Jun 15, 2019 • 12 min
Apps on third-party Android store carry unwelcome code — Research Saturday
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
Jun 14, 2019 • 24 min
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.
Jun 13, 2019 • 20 min
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.
Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
Jun 12, 2019 • 20 min
Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
Jun 11, 2019 • 20 min
Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
Jun 10, 2019 • 17 min
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
Xwo scans for default credentials and exposed web services — Research Saturday
Jun 8, 2019 • 14 min
Xwo scans for default credentials and exposed web services — Research Saturday
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.
Jun 7, 2019 • 25 min
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?
Jun 6, 2019 • 19 min
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.
Jun 5, 2019 • 20 min
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
Jun 4, 2019 • 19 min
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.
Jun 3, 2019 • 20 min
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.
Blockchain bandits plunder weak wallets — Research Saturday
Jun 1, 2019 • 19 min
Blockchain bandits plunder weak wallets — Research Saturday
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
May 31, 2019 • 25 min
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
May 30, 2019 • 20 min
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
May 29, 2019 • 20 min
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.
May 28, 2019 • 15 min
Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.
A fresh look at GOSSIPGIRL and the Supra Threat Actors — Research Saturday
May 25, 2019 • 29 min
A fresh look at GOSSIPGIRL and the Supra Threat Actors — Research Saturday
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
May 24, 2019 • 25 min
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
May 23, 2019 • 20 min
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
May 22, 2019 • 19 min
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
May 21, 2019 • 18 min
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
May 20, 2019 • 20 min
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
Elfin APT group targets Middle East energy sector — Research Saturday
May 18, 2019 • 15 min
Elfin APT group targets Middle East energy sector — Research Saturday
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
May 17, 2019 • 25 min
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
May 16, 2019 • 20 min
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
May 15, 2019 • 18 min
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.
May 14, 2019 • 20 min
Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
May 13, 2019 • 16 min
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
Steganography enables sophisticated OceanLotus payloads — Research Saturday
May 11, 2019 • 17 min
Steganography enables sophisticated OceanLotus payloads — Research Saturday
Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
May 10, 2019 • 24 min
Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
May 9, 2019 • 18 min
Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.
May 8, 2019 • 20 min
Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
May 7, 2019 • 20 min
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
May 6, 2019 • 20 min
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
Sea Turtle state-sponsored DNS hijacking — Research Saturday
May 4, 2019 • 23 min
Sea Turtle state-sponsored DNS hijacking — Research Saturday
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
May 3, 2019 • 25 min
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
Wipro update. Office 365 attacks. The “Smart Content Store” is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
May 2, 2019 • 17 min
Wipro update. Office 365 attacks. The “Smart Content Store” is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
May 1, 2019 • 20 min
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
Apr 30, 2019 • 20 min
Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.
Apr 29, 2019 • 15 min
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.
Deep Learning threatens 3D medical imaging integrity — Research Saturday
Apr 27, 2019 • 21 min
Deep Learning threatens 3D medical imaging integrity — Research Saturday
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
Apr 26, 2019 • 24 min
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
Apr 25, 2019 • 20 min
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.
Apr 24, 2019 • 20 min
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
Apr 23, 2019 • 20 min
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
Apr 22, 2019 • 16 min
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
Undetectable vote manipulation in SwissPost e-voting system — Research Saturday
Apr 20, 2019 • 26 min
Undetectable vote manipulation in SwissPost e-voting system — Research Saturday
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Apr 19, 2019 • 24 min
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
Apr 18, 2019 • 20 min
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
Apr 17, 2019 • 19 min
Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.
Apr 16, 2019 • 19 min
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.
ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
Apr 15, 2019 • 15 min
ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
The ghost and the mole; Eric O’Neill’s Gray Day — Special Edition
Apr 14, 2019 • 37 min
The ghost and the mole; Eric O’Neill’s Gray Day — Special Edition
Establishing software root of trust unconditionally — Research Saturday
Apr 13, 2019 • 22 min
Establishing software root of trust unconditionally — Research Saturday
Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
Apr 12, 2019 • 24 min
Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Apr 11, 2019 • 20 min
Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.
Apr 10, 2019 • 17 min
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.
GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
Apr 9, 2019 • 20 min
GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
Apr 8, 2019 • 15 min
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
Lessons learned from Ukraine elections — Research Saturday
Apr 6, 2019 • 23 min
Lessons learned from Ukraine elections — Research Saturday
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
Apr 5, 2019 • 20 min
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
Apr 4, 2019 • 20 min
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
Apr 3, 2019 • 20 min
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
Apr 2, 2019 • 20 min
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
Apr 1, 2019 • 18 min
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
Bonus Episode: The grugq illuminates influence operations
Mar 31, 2019 • 34 min
Bonus Episode: The grugq illuminates influence operations
Alarming vulnerabilities in automotive security systems — Research Saturday
Mar 30, 2019 • 18 min
Alarming vulnerabilities in automotive security systems — Research Saturday
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
Mar 29, 2019 • 24 min
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.
Mar 28, 2019 • 19 min
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.
Mar 27, 2019 • 20 min
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
Mar 26, 2019 • 20 min
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
Mar 25, 2019 • 19 min
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
Ryuk ransomware relationship revelations — Research Saturday
Mar 23, 2019 • 21 min
Ryuk ransomware relationship revelations — Research Saturday
Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
Mar 22, 2019 • 23 min
Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
Mar 21, 2019 • 19 min
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
Mar 20, 2019 • 19 min
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
Mar 19, 2019 • 18 min
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence—no hacking or sabotage required. Gnostiplayers are back. AI and evil.
Mar 18, 2019 • 16 min
Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence—no hacking or sabotage required. Gnostiplayers are back. AI and evil.
ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday
Mar 16, 2019 • 11 min
ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.
Mar 15, 2019 • 21 min
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.
Mar 14, 2019 • 20 min
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).
Mar 13, 2019 • 20 min
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
Mar 12, 2019 • 20 min
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
Mar 11, 2019 • 16 min
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
Job-seeker exposes banking network to Lazurus Group — Research Saturday
Mar 9, 2019 • 22 min
Job-seeker exposes banking network to Lazurus Group — Research Saturday
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
Mar 8, 2019 • 22 min
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.
Mar 7, 2019 • 20 min
Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
Mar 6, 2019 • 20 min
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
Mar 5, 2019 • 19 min
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.
Mar 4, 2019 • 15 min
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.
Fake Fortnite app scams infect gamers — Research Saturday
Mar 2, 2019 • 15 min
Fake Fortnite app scams infect gamers — Research Saturday
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.
Mar 1, 2019 • 23 min
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
Feb 28, 2019 • 20 min
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
Feb 27, 2019 • 20 min
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.
Feb 26, 2019 • 20 min
Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
Feb 25, 2019 • 16 min
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
Rosneft suspicions shift from espionage to business email compromise — Research Saturday
Feb 23, 2019 • 27 min
Rosneft suspicions shift from espionage to business email compromise — Research Saturday
Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
Feb 22, 2019 • 25 min
Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
Feb 21, 2019 • 20 min
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
Feb 20, 2019 • 20 min
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
Feb 19, 2019 • 20 min
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
Seedworm digs Middle East intelligence — Research Saturday
Feb 16, 2019 • 16 min
Seedworm digs Middle East intelligence — Research Saturday
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
Feb 15, 2019 • 26 min
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
Feb 14, 2019 • 20 min
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.
Feb 13, 2019 • 19 min
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
Feb 12, 2019 • 19 min
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
Feb 11, 2019 • 19 min
Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
Trends and tips for cloud security — Research Saturday
Feb 9, 2019 • 19 min
Trends and tips for cloud security — Research Saturday
Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
Feb 8, 2019 • 25 min
Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
Feb 7, 2019 • 20 min
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
Feb 6, 2019 • 20 min
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
Feb 5, 2019 • 20 min
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.
Feb 4, 2019 • 17 min
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.
Online underground markets in the Middle East — Research Saturday
Feb 2, 2019 • 17 min
Online underground markets in the Middle East — Research Saturday
No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.
Feb 1, 2019 • 24 min
No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.
Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.
Jan 31, 2019 • 20 min
Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.
US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.
Jan 30, 2019 • 19 min
US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.
004 Case studies in risk and regulation — CyberWire-X
Jan 30, 2019 • 32 min
004 Case studies in risk and regulation — CyberWire-X
FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.
Jan 29, 2019 • 20 min
FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.
Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.
Jan 28, 2019 • 19 min
Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.
Amplification bots and how to detect them. — Research Saturday
Jan 26, 2019 • 18 min
Amplification bots and how to detect them. — Research Saturday
Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
Jan 25, 2019 • 25 min
Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.
Jan 24, 2019 • 20 min
The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.
Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.
Jan 23, 2019 • 19 min
Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.
Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.
Jan 22, 2019 • 20 min
Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.
Luring IoT botnets to the honeypot — Research Saturday
Jan 19, 2019 • 18 min
Luring IoT botnets to the honeypot — Research Saturday
Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.
Jan 18, 2019 • 25 min
Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.
Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.
Jan 17, 2019 • 19 min
Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.
SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.
Jan 16, 2019 • 20 min
SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.
Jan 15, 2019 • 19 min
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.
Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.
Jan 14, 2019 • 18 min
Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.
Magecart payment card theft analysis — Research Saturday
Jan 12, 2019 • 29 min
Magecart payment card theft analysis — Research Saturday
Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.
Jan 11, 2019 • 22 min
Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.
TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.
Jan 10, 2019 • 19 min
TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.
ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?
Jan 9, 2019 • 19 min
ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?
German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.
Jan 8, 2019 • 19 min
German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.
German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?
Jan 7, 2019 • 20 min
German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?
NOKKI, Reaper and DOGCALL target Russians and Cambodians — Research Saturday
Jan 5, 2019 • 14 min
NOKKI, Reaper and Dogcall target Russians and Cambodians — Research Saturday
Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.
Jan 4, 2019 • 25 min
Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.
2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.
Jan 3, 2019 • 19 min
2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.
Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore.
Jan 2, 2019 • 19 min
Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore.
Apple Device Enrollment Program vulnerabilities explored — Research Saturday
Dec 22, 2018 • 17 min
Apple Device Enrollment Program vulnerabilities explored — Research Saturday
Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.
Dec 21, 2018 • 29 min
Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.
003 Risk and regulation in the financial sector — CyberWire X
Dec 21, 2018 • 29 min
003 Risk and regulation in the financial sector — CyberWire X
US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
Dec 20, 2018 • 20 min
US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.
Dec 19, 2018 • 19 min
Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.
Dec 18, 2018 • 19 min
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
Dec 17, 2018 • 15 min
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
The Sony hack and the perils of attribution — Research Saturday
Dec 15, 2018 • 20 min
The Sony hack and the perils of attribution — Research Saturday
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
Dec 14, 2018 • 25 min
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.
Dec 13, 2018 • 20 min
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.
Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.
Dec 12, 2018 • 20 min
Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.
Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.
Dec 11, 2018 • 19 min
Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.
A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
Dec 10, 2018 • 19 min
A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
Operation Red Signature targets South Korean supply chain — Research Saturday
Dec 8, 2018 • 23 min
Operation Red Signature targets South Korean supply chain — Research Saturday
Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.
Dec 7, 2018 • 25 min
Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.
Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.
Dec 6, 2018 • 19 min
Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.
DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.
Dec 5, 2018 • 20 min
DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.
Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.
Dec 4, 2018 • 20 min
Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.
US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
Dec 3, 2018 • 14 min
US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
Settling in with GDPR — CyberWire-X
Dec 3, 2018 • 29 min
Settling in with GDPR — CyberWire-X
Getting an education on Cobalt Dickens — Research Saturday
Dec 1, 2018 • 12 min
Getting an education on Cobalt Dickens — Research Saturday
Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.
Nov 30, 2018 • 24 min
Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.
Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.
Nov 29, 2018 • 20 min
Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.
DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.
Nov 28, 2018 • 20 min
DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.
Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.
Nov 27, 2018 • 20 min
Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.
A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.
Nov 26, 2018 • 18 min
A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.
Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.
Nov 21, 2018 • 19 min
Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.
Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.
Nov 20, 2018 • 19 min
Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.
CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”
Nov 19, 2018 • 16 min
CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”
Doubling down on Cobalt Group activity — Research Saturday
Nov 17, 2018 • 18 min
Doubling down on Cobalt Group activity — Research Saturday
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
Nov 16, 2018 • 22 min
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
Nov 15, 2018 • 18 min
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.
Nov 14, 2018 • 20 min
When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.
GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.
Nov 13, 2018 • 19 min
GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.
Regulation in the U.S. — CyberWire X
Nov 13, 2018 • 28 min
Regulation in the U.S. — CyberWire X
Establishing international norms in cyberspace — Research Saturday
Nov 10, 2018 • 20 min
Establishing international norms in cyberspace — Research Saturday
Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.
Nov 9, 2018 • 24 min
Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.
Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.
Nov 8, 2018 • 18 min
Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.
A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.
Nov 7, 2018 • 20 min
A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.
Iran complains, threatens, and spies. Election Day cybersecurity notes.
Nov 6, 2018 • 19 min
Iran complains, threatens, and spies. Election Day cybersecurity notes.
US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its “R” back?
Nov 5, 2018 • 16 min
US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its “R” back?
Election protection — Research Saturday
Nov 3, 2018 • 22 min
Election protection — Research Saturday
Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.
Nov 2, 2018 • 25 min
Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.
Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.
Nov 1, 2018 • 20 min
Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.
Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.
Oct 31, 2018 • 20 min
Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.
This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.
Oct 30, 2018 • 19 min
This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.
Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.
Oct 29, 2018 • 16 min
Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.
Faxploitation — Research Saturday
Oct 27, 2018 • 14 min
Faxploitation — Research Saturday
Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?
Oct 26, 2018 • 22 min
Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?
Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.
Oct 25, 2018 • 18 min
Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.
Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.
Oct 24, 2018 • 20 min
Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.
Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.
Oct 23, 2018 • 17 min
Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.
Making the business case for privacy. — Special Edition
Oct 23, 2018 • 21 min
Making the business case for privacy. — Special Edition
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
Oct 22, 2018 • 12 min
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
Stormy weather in the Office 365 cloud. — Research Saturday
Oct 20, 2018 • 21 min
Stormy weather in the Office 365 cloud. — Research Saturday
Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.
Oct 19, 2018 • 23 min
Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.
Looks like Comment Crew, but probably isn’t. Facebook breached by spammers. Twitter’s big troll trove. Router issues. Who dunnit to YouTube?
Oct 18, 2018 • 19 min
Looks like Comment Crew, but probably isn’t. Facebook breached by spammers. Twitter’s big troll trove. Router issues. Who dunnit to YouTube?
Meddling with the midterms — Special Edition
Oct 17, 2018 • 21 min
Meddling with the midterms — Special Edition
Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.
Oct 17, 2018 • 19 min
Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.
Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).
Oct 16, 2018 • 18 min
Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).
Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.
Oct 15, 2018 • 19 min
Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.
Driving GPS manipulation — Research Saturday
Oct 13, 2018 • 27 min
Driving GPS manipulation — Research Saturday
Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more “inauthentic” accounts. Data privacy. Cyber sanctions.
Oct 12, 2018 • 24 min
Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more “inauthentic” accounts. Data privacy. Cyber sanctions.
Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn’t hack the OPCW.
Oct 11, 2018 • 20 min
Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn’t hack the OPCW.
Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.
Oct 10, 2018 • 20 min
Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.
Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google’s good and bad news.
Oct 9, 2018 • 19 min
Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google’s good and bad news.
Cryptojacking criminal capers continue — Research Saturday
Oct 6, 2018 • 22 min
Cryptojacking criminal capers continue — Research Saturday
Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia’s GRU. NPPD to become Cybersecurity and Infrastructure Security Agency
Oct 5, 2018 • 23 min
Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia’s GRU. NPPD to become Cybersecurity and Infrastructure Security Agency
Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.
Oct 4, 2018 • 19 min
Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.
Facebook breach updates. Bogus Zoho Office Suite. Brazil’s big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.
Oct 3, 2018 • 19 min
Facebook breach updates. Bogus Zoho Office Suite. Brazil’s big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.
RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.
Oct 2, 2018 • 19 min
RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.
Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.
Oct 1, 2018 • 19 min
Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.
Sophisticated FIN7 criminal group hits payment card data — Research Saturday.
Sep 29, 2018 • 31 min
Sophisticated FIN7 criminal group hits payment card data — Research Saturday.
Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?
Sep 28, 2018 • 24 min
Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?
Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple’s Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.
Sep 27, 2018 • 19 min
Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple’s Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.
Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.
Sep 26, 2018 • 17 min
Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.
Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta’s ransomware remediation. Payroll phishing. Quantum strategy.
Sep 25, 2018 • 18 min
Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta’s ransomware remediation. Payroll phishing. Quantum strategy.
Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.
Sep 24, 2018 • 16 min
Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.
ICS honeypots attract sophisticated snoops. — Research Saturday
Sep 22, 2018 • 21 min
ICS honeypots attract sophisticated snoops. — Research Saturday
US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.
Sep 21, 2018 • 25 min
US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.
Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year’s breach.
Sep 20, 2018 • 16 min
Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year’s breach.
State Department cybersecurity issues. Iron Group’s pseudoransomware. Bristol Airport’s deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.
Sep 19, 2018 • 19 min
State Department cybersecurity issues. Iron Group’s pseudoransomware. Bristol Airport’s deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.
Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won’t be EternalBlue’s last ride. Preventing data abuse.
Sep 18, 2018 • 19 min
Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won’t be EternalBlue’s last ride. Preventing data abuse.
Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?
Sep 17, 2018 • 18 min
Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?
Android device eavesdropping investigation. — Research Saturday
Sep 15, 2018 • 17 min
Android device eavesdropping investigation. — Research Saturday
Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a “smear campaign.” Wait and see on pipeline fires.
Sep 14, 2018 • 24 min
Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a “smear campaign.” Wait and see on pipeline fires.
Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.
Sep 13, 2018 • 19 min
Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.
Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.
Sep 12, 2018 • 19 min
Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.
Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.
Sep 11, 2018 • 19 min
Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.
Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA’s breach. Cyber moonshots.
Sep 10, 2018 • 19 min
Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA’s breach. Cyber moonshots.
Leafminer espionage digs the Middle East. — Research Saturday
Sep 8, 2018 • 22 min
Leafminer espionage digs the Middle East. — Research Saturday
Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.
Sep 7, 2018 • 24 min
Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.
Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig’s new tricks.
Sep 6, 2018 • 20 min
Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig’s new tricks.
Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.
Sep 5, 2018 • 20 min
Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.
Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.
Sep 4, 2018 • 15 min
Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.
ATM hacks on the rise. — Research Saturday
Sep 1, 2018 • 22 min
ATM hacks on the rise. — Research Saturday
Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.
Aug 31, 2018 • 25 min
Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.
Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.
Aug 30, 2018 • 17 min
Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.
Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.
Aug 29, 2018 • 20 min
Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.
Social media struggle with their social role. Election hacking concerns remain high. Australia’s new government shuffles cybersecurity responsibilities.
Aug 28, 2018 • 20 min
Social media struggle with their social role. Election hacking concerns remain high. Australia’s new government shuffles cybersecurity responsibilities.
Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.
Aug 27, 2018 • 17 min
Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.
Cyber espionage coming from Chinese University. — Research Saturday
Aug 25, 2018 • 26 min
Cyber espionage coming from Chinese University. — Research Saturday
More action against Iranian influence operations. Tehran’s cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.
Aug 24, 2018 • 24 min
More action against Iranian influence operations. Tehran’s cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.
If you’re running a red team, let someone know it’s a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.
Aug 23, 2018 • 19 min
If you’re running a red team, let someone know it’s a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.
Facebook takes down “inauthentic” Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it’s Tehran. Triout Android spyware described. Hacking back?
Aug 22, 2018 • 20 min
Facebook takes down “inauthentic” Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it’s Tehran. Triout Android spyware described. Hacking back?
Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.
Aug 21, 2018 • 19 min
Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.
Beers with Talos — Live from the RiRa at Black Hat
Aug 21, 2018 • 82 min
Beers with Talos — Live from the RiRa at Black Hat
DarkHotel is back. So is Necurs, and it’s distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.
Aug 20, 2018 • 16 min
DarkHotel is back. So is Necurs, and it’s distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.
Stealthy ad fraud campaign evades detection. — Research Saturday
Aug 18, 2018 • 19 min
Stealthy ad fraud campaign evades detection. — Research Saturday
Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.
Aug 17, 2018 • 24 min
Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.
Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia’s new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.
Aug 16, 2018 • 19 min
Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia’s new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.
Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI’s new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?
Aug 15, 2018 • 19 min
Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI’s new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?
Cryptowars notes. DDoS in Finland. Bears aren’t under the beds; they’re in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .
Aug 14, 2018 • 19 min
Cryptowars notes. DDoS in Finland. Bears aren’t under the beds; they’re in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .
Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.
Aug 13, 2018 • 16 min
Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.
Thrip espionage group lives off the land. — Research Saturday
Aug 11, 2018 • 25 min
Thrip espionage group lives off the land. — Research Saturday
DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.
Aug 10, 2018 • 22 min
DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.
State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.
Aug 9, 2018 • 19 min
State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.
Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.
Aug 8, 2018 • 17 min
Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.
TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.
Aug 7, 2018 • 19 min
TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.
More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?
Aug 6, 2018 • 19 min
More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?
Cortana voice assistant lets you in. — Research Saturday
Aug 4, 2018 • 21 min
Cortana voice assistant lets you in. — Research Saturday
Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.
Aug 3, 2018 • 24 min
Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.
RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.
Aug 2, 2018 • 18 min
RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.
Reddit Hacked. Ukrainians nabbed. Facebook boots “inauthentic” accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale’s old breach. Google and censorship.
Aug 1, 2018 • 19 min
Reddit Hacked. Ukrainians nabbed. Facebook boots “inauthentic” accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale’s old breach. Google and censorship.
Data-centric security. — Special Edition
Aug 1, 2018 • 27 min
Data-centric security. — Special Edition
Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.
Jul 31, 2018 • 19 min
Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.
NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.
Jul 30, 2018 • 16 min
NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.
BabaYaga strangely symbiotic Wordpress malware — Research Saturday
Jul 28, 2018 • 20 min
BabaYaga strangely symbiotic Wordpress malware — Research Saturday
Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.
Jul 27, 2018 • 21 min
Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.
LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA’s IG scowls.
Jul 26, 2018 • 19 min
LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA’s IG scowls.
Leafminer wants to learn from the best, and that’s not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.
Jul 25, 2018 • 20 min
Leafminer wants to learn from the best, and that’s not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.
Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?
Jul 24, 2018 • 19 min
Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?
SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.
Jul 23, 2018 • 14 min
SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.
Measuring the spearphishing threat — Research Saturday
Jul 21, 2018 • 23 min
Measuring the spearphishing threat — Research Saturday
Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.
Jul 20, 2018 • 21 min
Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.
Fancy Bear’s Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.
Jul 19, 2018 • 19 min
Fancy Bear’s Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.
Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.
Jul 18, 2018 • 20 min
Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.
Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.
Jul 17, 2018 • 19 min
Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.
DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.
Jul 16, 2018 • 19 min
DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.
A new approach to mission critical systems — Research Saturday
Jul 14, 2018 • 21 min
A new approach to mission critical systems — Research Saturday
Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.
Jul 13, 2018 • 25 min
Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.
Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.
Jul 12, 2018 • 20 min
Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.
Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.
Jul 11, 2018 • 19 min
Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.
More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.
Jul 10, 2018 • 20 min
More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.
Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.
Jul 9, 2018 • 15 min
Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.
No Distribute Scanners help sell malware
Jul 7, 2018 • 14 min
No Distribute Scanners help sell malware
When catphishing, it pays to know what bait they’ll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.
Jul 6, 2018 • 22 min
When catphishing, it pays to know what bait they’ll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.
Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won’t be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.
Jul 5, 2018 • 19 min
Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won’t be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.
Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?
Jul 3, 2018 • 19 min
Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?
Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable’s IPO. US-Russia summit will talk election influence ops.
Jul 2, 2018 • 15 min
Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable’s IPO. US-Russia summit will talk election influence ops.
VPNFilter malware could brick devices worldwide — Research Saturday
Jun 30, 2018 • 28 min
VPNFilter malware could brick devices worldwide — Research Saturday
Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.
Jun 29, 2018 • 24 min
Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.
Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.
Jun 28, 2018 • 19 min
Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.
Separating fools from money. — Hacking Humans
Jun 28, 2018 • 29 min
Separating fools from money. — Hacking Humans
DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner’s plea.
Jun 27, 2018 • 19 min
DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner’s plea.
Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler’s USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.
Jun 26, 2018 • 19 min
Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler’s USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.
Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.
Jun 25, 2018 • 14 min
Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.
LG smartphone keyboard vulnerabilities — Research Saturday
Jun 23, 2018 • 16 min
LG smartphone keyboard vulnerabilities — Research Saturday
Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.
Jun 22, 2018 • 24 min
Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying.
Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn’t like the cut of ZTE’s or Huawei’s jib. Tesla sues a former employee.
Jun 21, 2018 • 19 min
Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn’t like the cut of ZTE’s or Huawei’s jib. Tesla sues a former employee.
Playing on Kindness — Hacking Humans
Jun 21, 2018 • 22 min
Playing on Kindness — Hacking Humans
Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.
Jun 20, 2018 • 19 min
Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.
Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.
Jun 19, 2018 • 19 min
Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.
Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra’s back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.
Jun 18, 2018 • 18 min
Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra’s back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.
Cyber bank heists — Research Saturday
Jun 16, 2018 • 15 min
Cyber bank heists — Research Saturday
MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.
Jun 15, 2018 • 22 min
MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.
Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy…
Jun 14, 2018 • 18 min
Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13.
Hacking Humans — Gaming pro athletes online.
Jun 14, 2018 • 30 min
Hacking Humans — Gaming pro athletes online.
Cable-tapping for a new century. Lazarus Group update. BabaYaga’s cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.
Jun 13, 2018 • 16 min
Cable-tapping for a new century. Lazarus Group update. BabaYaga’s cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.
Don’t get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.
Jun 12, 2018 • 19 min
Don’t get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.
SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.
Jun 11, 2018 • 17 min
SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.
Winnti Umbrella Chinese threat group — Research Saturday
Jun 9, 2018 • 20 min
Winnti Umbrella Chinese threat group — Research Saturday
Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.
Jun 8, 2018 • 24 min
Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.
New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.
Jun 7, 2018 • 19 min
New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.
Hacking Humans — A flood of misinformation and fake news
Jun 7, 2018 • 30 min
Hacking Humans — A flood of misinformation and fake news
Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft’s GitHub acquisition. Facebook’s coziness with Shanghai?
Jun 6, 2018 • 19 min
Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft’s GitHub acquisition. Facebook’s coziness with Shanghai?
DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler’s poly.
Jun 5, 2018 • 18 min
DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler’s poly.
Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.
Jun 4, 2018 • 14 min
Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.
Islamic State propaganda persistence — Research Saturday
Jun 2, 2018 • 19 min
Islamic State propaganda persistence — Research Saturday
Lazarus Group updates. Cybercrime’s GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google’s knowledge panels.
Jun 1, 2018 • 24 min
Lazarus Group updates. Cybercrime’s GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google’s knowledge panels.
Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.
May 31, 2018 • 19 min
Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.
Hacking Humans - Social engineering works because we’re human.
May 31, 2018 • 30 min
Hacking Humans - Social engineering works because we’re human.
More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won’t pay extortion. Stay away from Joker’s Stash. Crime and punishment.
May 30, 2018 • 18 min
More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won’t pay extortion. Stay away from Joker’s Stash. Crime and punishment.
Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. “Courvoisier” sentenced. NATO looks at Russia’s weaponized jokes.
May 29, 2018 • 19 min
Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. “Courvoisier” sentenced. NATO looks at Russia’s weaponized jokes.
UPnProxy infiltrates home routers — Research Saturday
May 26, 2018 • 20 min
UPnProxy infiltrates home routers — Research Saturday
VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa’s selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.
May 25, 2018 • 24 min
VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa’s selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.
VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.
May 24, 2018 • 19 min
VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.
Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE’s fraying lifeline. Facebook and the EU. Brain Food.
May 23, 2018 • 19 min
Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE’s fraying lifeline. Facebook and the EU. Brain Food.
Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.
May 22, 2018 • 18 min
Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.
DPRK’s Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.
May 21, 2018 • 16 min
DPRK’s Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.
Threat actors hijack Lojack — Research Saturday
May 19, 2018 • 17 min
Threat actors hijack Lojack — Research Saturday
Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.
May 18, 2018 • 23 min
Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.
Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR’s disclosure timeline. Congressional hearings. DarkOverlord collared.
May 17, 2018 • 19 min
Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR’s disclosure timeline. Congressional hearings. DarkOverlord collared.
Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?
May 16, 2018 • 19 min
Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?
Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.
May 15, 2018 • 19 min
Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.
Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm’s ad buys. Reining in apps. Cell tracking. Anonymous is back.
May 14, 2018 • 15 min
Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm’s ad buys. Reining in apps. Cell tracking. Anonymous is back.
Three pillars of Artificial Intelligence — Research Saturday
May 12, 2018 • 32 min
Three pillars of Artificial Intelligence — Research Saturday
Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.
May 11, 2018 • 23 min
Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.
Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal’s memory. Is ZTE going down?
May 10, 2018 • 19 min
Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal’s memory. Is ZTE going down?
Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear’s false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.
May 9, 2018 • 18 min
Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear’s false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.
Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.
May 8, 2018 • 18 min
Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.
2018 RSAC Outlook - Special Edition
May 8, 2018 • 17 min
2018 RSAC Outlook - Special Edition
Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?
May 7, 2018 • 16 min
Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?
BlackTDS and ThreadKit offered in criminal markets — Research Saturday
May 5, 2018 • 21 min
BlackTDS and ThreadKit offered in criminal markets — Research Saturday
In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.
May 4, 2018 • 24 min
In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.
Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?
May 3, 2018 • 19 min
Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?
New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.
May 2, 2018 • 19 min
New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.
Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.
May 1, 2018 • 18 min
Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.
Bank hack in Mexico. FacexWorm goes cryptomining. SamSam’s volume discount. Influence ops. Researchers confirm that teams use teamwork.
Apr 30, 2018 • 19 min
Bank hack in Mexico. FacexWorm goes cryptomining. SamSam’s volume discount. Influence ops. Researchers confirm that teams use teamwork.
New MacOS backdoor linked to OceanLotus — Research Saturday
Apr 28, 2018 • 19 min
New MacOS backdoor linked to OceanLotus — Research Saturday
Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper’s Charter notes. Crypt armistice or just key escrow?
Apr 27, 2018 • 20 min
Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper’s Charter notes. Crypt armistice or just key escrow?
Some fix fast, others not at all. Ransomware campaign’s demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.
Apr 26, 2018 • 19 min
Some fix fast, others not at all. Ransomware campaign’s demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.
DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.
Apr 25, 2018 • 19 min
DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.
Ransomware in Ukraine’s Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.
Apr 24, 2018 • 18 min
Ransomware in Ukraine’s Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.
ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won’t sell Kaspersky ads. UK sentence in Crackas with Attitude case.
Apr 23, 2018 • 15 min
ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won’t sell Kaspersky ads. UK sentence in Crackas with Attitude case.
InnaputRAT exfiltrates victim data — Research Saturday
Apr 21, 2018 • 20 min
InnaputRAT exfiltrates victim data — Research Saturday
RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.
Apr 20, 2018 • 18 min
RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.
Dispatches from RSA 2018. Russia continues to test the Five Eyes’ patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.
Apr 19, 2018 • 19 min
Dispatches from RSA 2018. Russia continues to test the Five Eyes’ patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.
More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.
Apr 18, 2018 • 16 min
More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.
Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.
Apr 17, 2018 • 20 min
Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.
Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.
Apr 16, 2018 • 14 min
Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.
Energetic Dragonfly and DYMALLOY Bear 2.0 — Research Saturday
Apr 14, 2018 • 18 min
Energetic Dragonfly and DYMALLOY Bear 2.0 — Research Saturday
Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?
Apr 13, 2018 • 24 min
Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?
Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. “Early bird” code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.
Apr 12, 2018 • 19 min
Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. “Early bird” code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.
Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?
Apr 11, 2018 • 15 min
Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?
Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?
Apr 10, 2018 • 18 min
Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?
Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.
Apr 9, 2018 • 14 min
Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.
Crypto crumple zones — Research Saturday
Apr 7, 2018 • 35 min
Crypto crumple zones — Research Saturday
Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.
Apr 6, 2018 • 21 min
Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.
Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.
Apr 5, 2018 • 19 min
Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.
Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread’s incident response.
Apr 4, 2018 • 19 min
Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread’s incident response.
Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.
Apr 3, 2018 • 19 min
Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.
Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook’s troubles. Kremlin doxed. Reality Winner case update.
Apr 2, 2018 • 16 min
Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook’s troubles. Kremlin doxed. Reality Winner case update.
Chasing FlawedAMMYY — Research Saturday
Mar 31, 2018 • 19 min
Chasing FlawedAMMYY — Research Saturday
Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.
Mar 30, 2018 • 20 min
Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.
Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.
Mar 29, 2018 • 19 min
Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.
Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.
Mar 28, 2018 • 19 min
Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.
Blockchains that bind us — Special Edition
Mar 28, 2018 • 33 min
Blockchains that bind us — Special Edition
Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.
Mar 27, 2018 • 18 min
Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.
Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.
Mar 26, 2018 • 17 min
Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.
Code comments cause SAML conundrum — Research Saturday
Mar 24, 2018 • 15 min
Code comments cause SAML conundrum — Research Saturday
US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook’s troubles persist, as do Cambridge Analytica’s.
Mar 23, 2018 • 26 min
US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook’s troubles persist, as do Cambridge Analytica’s.
Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.
Mar 22, 2018 • 19 min
Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.
Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook’s no-good, bad, awful week.
Mar 21, 2018 • 18 min
Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook’s no-good, bad, awful week.
Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.
Mar 20, 2018 • 19 min
Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.
Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.
Mar 19, 2018 • 19 min
Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.
Cryptojacking injections heat up - Research Saturday
Mar 17, 2018 • 22 min
Cryptojacking injections heat up - Research Saturday
NATO-Russian cyber tensions high. They’re also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?
Mar 16, 2018 • 23 min
NATO-Russian cyber tensions high. They’re also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?
Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.
Mar 15, 2018 • 19 min
Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.
AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.
Mar 14, 2018 • 19 min
AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.
May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.
Mar 13, 2018 • 19 min
May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.
Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.
Mar 12, 2018 • 18 min
Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.
Dark Caracal APT steals out of Lebanon — Research Saturday
Mar 10, 2018 • 36 min
Dark Caracal APT steals out of Lebanon — Research Saturday
Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?
Mar 9, 2018 • 21 min
Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?
A Memcrash kill-switch. Shadow Brokers’ leaked “Territorial Dispute” tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.
Mar 8, 2018 • 16 min
A Memcrash kill-switch. Shadow Brokers’ leaked “Territorial Dispute” tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.
Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.
Mar 7, 2018 • 18 min
Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.
Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.
Mar 6, 2018 • 18 min
Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.
Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American “yelling and hollering”).
Mar 5, 2018 • 16 min
Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American “yelling and hollering”).
Lebal malware phishes for victims — Research Saturday
Mar 3, 2018 • 14 min
Lebal malware phishes for victims — Research Saturday
Memcrashing no longer just a theoretical possibility. Fancy Bear’s pawprints in German networks and other peoples’ embassies. Deterrence in cyberspace. High-profile fraud victims.
Mar 2, 2018 • 21 min
Memcrashing no longer just a theoretical possibility. Fancy Bear’s pawprints in German networks and other peoples’ embassies. Deterrence in cyberspace. High-profile fraud victims.
Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?
Mar 1, 2018 • 16 min
Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?
Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.
Feb 28, 2018 • 18 min
Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.
Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?
Feb 27, 2018 • 18 min
Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?
Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.
Feb 26, 2018 • 19 min
Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.
Phishing for holiday winnings — Research Saturday
Feb 24, 2018 • 19 min
Phishing for holiday winnings — Research Saturday
Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.
Feb 23, 2018 • 22 min
Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.
Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus’s shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.
Feb 22, 2018 • 18 min
Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus’s shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.
SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.
Feb 21, 2018 • 19 min
SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.
SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.
Feb 20, 2018 • 17 min
SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.
The uncanny HEX men — Research Saturday
Feb 17, 2018 • 22 min
The uncanny HEX men — Research Saturday
The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.
Feb 16, 2018 • 22 min
The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.
Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.
Feb 15, 2018 • 18 min
Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.
Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).
Feb 14, 2018 • 18 min
Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).
Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.
Feb 13, 2018 • 18 min
Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.
Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.
Feb 12, 2018 • 14 min
Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.
IcedID banking trojan — Research Saturday
Feb 10, 2018 • 20 min
IcedID banking trojan — Research Saturday
Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?
Feb 9, 2018 • 22 min
Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?
Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.
Feb 8, 2018 • 18 min
Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.
Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the “Microsoft” Help Desk scam.
Feb 7, 2018 • 19 min
Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the “Microsoft” Help Desk scam.
More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.
Feb 6, 2018 • 17 min
More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.
DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.
Feb 5, 2018 • 16 min
DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.
Advanced adware with nation-state tactics — Research Saturday
Feb 3, 2018 • 16 min
Advanced adware with nation-state tactics — Research Saturday
JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.
Feb 2, 2018 • 24 min
JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.
ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.
Feb 1, 2018 • 18 min
ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.
Phishing campaign targets Israeli scientists. Low-level contract phishing in China’s hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.
Jan 31, 2018 • 18 min
Phishing campaign targets Israeli scientists. Low-level contract phishing in China’s hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.
Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper’s Charter loses in court. US House may release surveillance memos. Strava OPSEC.
Jan 30, 2018 • 18 min
Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper’s Charter loses in court. US House may release surveillance memos. Strava OPSEC.
Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?
Jan 29, 2018 • 14 min
Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?
Targeting Olympic organizations — Research Saturday
Jan 27, 2018 • 18 min
Targeting Olympic organizations — Research Saturday
Lebal’s layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.
Jan 26, 2018 • 22 min
Lebal’s layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.
2018 forecast — CyberWire Special Edition
Jan 26, 2018 • 32 min
2018 forecast — CyberWire Special Edition
Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.
Jan 25, 2018 • 19 min
Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.
Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK’s new office to combat disinformation. Pirated pdfs hold malware.
Jan 24, 2018 • 17 min
Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK’s new office to combat disinformation. Pirated pdfs hold malware.
ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.
Jan 23, 2018 • 17 min
ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.
Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.
Jan 22, 2018 • 15 min
Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.
Fancy Bear Duping Doping Domains — Research Saturday
Jan 20, 2018 • 13 min
Fancy Bear Duping Doping Domains — Research Saturday
AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.
Jan 19, 2018 • 25 min
AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.
Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?
Jan 18, 2018 • 17 min
Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?
Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.
Jan 17, 2018 • 16 min
Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.
New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.
Jan 16, 2018 • 20 min
New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.
Shake Your MoneyTaker — Research Saturday
Jan 13, 2018 • 18 min
Shake Your MoneyTaker — Research Saturday
Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.
Jan 12, 2018 • 24 min
Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.
Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn’t Bitcoin Cash.
Jan 11, 2018 • 19 min
Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn’t Bitcoin Cash.
Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.
Jan 10, 2018 • 15 min
Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.
Spectre and Meltdown mitigations. Psiphon and Iran’s unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.
Jan 9, 2018 • 17 min
Spectre and Meltdown mitigations. Psiphon and Iran’s unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.
Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.
Jan 8, 2018 • 16 min
Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.
TRISIS Malware: Fail-safe fail — Research Saturday
Jan 6, 2018 • 35 min
TRISIS Malware: Fail-safe fail — Research Saturday
Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.
Jan 5, 2018 • 21 min
Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.
Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran’s Internet crackdown. Indications of a guilty plea in NSA leak case.
Jan 4, 2018 • 16 min
Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran’s Internet crackdown. Indications of a guilty plea in NSA leak case.
Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. “Trackmageddon.” Curating YouTube. Condolences to a SWATTING victim’s family.
Jan 3, 2018 • 17 min
Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. “Trackmageddon.” Curating YouTube. Condolences to a SWATTING victim’s family.
ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.
Jan 2, 2018 • 13 min
ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.
Hunting the Sowbug — Research Saturday
Dec 30, 2017 • 17 min
Hunting the Sowbug — Research Saturday
The German Cybersecurity Market with Gerald Hahn
Dec 29, 2017 • 12 min
The German Cybersecurity Market with Gerald Hahn
The CISO’s changing role with Andrew Wild
Dec 28, 2017 • 14 min
The CISO’s changing role with Andrew Wild
“Hacked Again” author Scott Schober
Dec 27, 2017 • 18 min
“Hacked Again” author Scott Schober
Active defense and “hacking back” with Johnathan Braverman from Cymmetria
Dec 26, 2017 • 14 min
Active defense and “hacking back” with Johnathan Braverman from Cymmetria
Keyboys back in town — Research Saturday
Dec 23, 2017 • 18 min
Keyboys back in town — Research Saturday
Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.
Dec 22, 2017 • 23 min
Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.
More data found exposed in an AWS S3 bucket. EtherDelta’s DNS impersonation issue. DPRK says it doesn’t hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.
Dec 21, 2017 • 19 min
More data found exposed in an AWS S3 bucket. EtherDelta’s DNS impersonation issue. DPRK says it doesn’t hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.
Pyongyang’s snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?
Dec 20, 2017 • 18 min
Pyongyang’s snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?
North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.
Dec 19, 2017 • 19 min
North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.
Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.
Dec 18, 2017 • 14 min
Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.
The unique culture of the Middle Eastern and North African underground — Research Saturday
Dec 16, 2017 • 22 min
The unique culture of the Middle Eastern and North African underground — Research Saturday
Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.
Dec 15, 2017 • 22 min
Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.
Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.
Dec 14, 2017 • 16 min
Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.
A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.
Dec 13, 2017 • 19 min
A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.
Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?
Dec 12, 2017 • 19 min
Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?
Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.
Dec 11, 2017 • 13 min
Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.
Stealthy Zberp Banking Trojan — Research Saturday
Dec 9, 2017 • 23 min
Stealthy Zberp Banking Trojan — Research Saturday
Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft’s emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.
Dec 8, 2017 • 21 min
Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft’s emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.
Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.
Dec 7, 2017 • 16 min
Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.
Satori botnet is awake (and it’s not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.
Dec 6, 2017 • 19 min
Satori botnet is awake (and it’s not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.
Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.
Dec 5, 2017 • 17 min
Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.
Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.
Dec 4, 2017 • 13 min
Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.
Staying ahead of Fast Flux Networks — Research Saturday
Dec 2, 2017 • 17 min
Staying ahead of Fast Flux Networks — Research Saturday
Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.
Dec 1, 2017 • 19 min
Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.
Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?
Nov 30, 2017 • 16 min
Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?
Building your cyber security career — CyberWire Special Edition
Nov 30, 2017 • 32 min
Building your cyber security career — CyberWire Special Edition
Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.
Nov 29, 2017 • 19 min
Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.
Who’s the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.
Nov 28, 2017 • 17 min
Who’s the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.
Breach disclosure: fast and slow. Mirai’s minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.
Nov 27, 2017 • 14 min
Breach disclosure: fast and slow. Mirai’s minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.
Waiting for Terdot, a sneaky banking Trojan — Research Saturday
Nov 25, 2017 • 17 min
Waiting for Terdot, a sneaky banking Trojan — Research Saturday
The Right to Be Forgotten with Yale Law School’s Tiffany Li
Nov 22, 2017 • 18 min
The Right to Be Forgotten with Yale Law School’s Tiffany Li
Cyberspace in Peace and War author Martin C. Libicki
Nov 21, 2017 • 26 min
Cyberspace in Peace and War author Martin C. Libicki
PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business
Nov 20, 2017 • 20 min
PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business
Dark Net Pricing with Flashpoint’s Liv Rowley — Research Saturday
Nov 18, 2017 • 19 min
Dark Net Pricing with Flashpoint’s Liv Rowley — Research Saturday
AWS S3 misconfigurations. Kaspersky’s report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.
Nov 17, 2017 • 20 min
AWS S3 misconfigurations. Kaspersky’s report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.
Revisions to the US VEP (and comparisons to China’s). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?
Nov 16, 2017 • 18 min
Revisions to the US VEP (and comparisons to China’s). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?
Hidden Cobra’s RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?
Nov 15, 2017 • 18 min
Hidden Cobra’s RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?
Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.
Nov 14, 2017 • 18 min
Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.
Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.
Nov 13, 2017 • 15 min
Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.
Taiwan Bank Heist and Lazurus Group with BAE’s Adrian Nish — Research Saturday
Nov 11, 2017 • 13 min
Taiwan Bank Heist and Lazurus Group with BAE’s Adrian Nish — Research Saturday
Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.
Nov 9, 2017 • 20 min
Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.
Fancy Bear’s new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.
Nov 8, 2017 • 18 min
Fancy Bear’s new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.
Stolen Paradise Papers aren’t making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.
Nov 7, 2017 • 19 min
Stolen Paradise Papers aren’t making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.
The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?
Nov 6, 2017 • 13 min
The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?
Exploring Phishing Kits with Duo Security’s Jordan Wright — Research Saturday
Nov 4, 2017 • 29 min
Exploring Phishing Kits with Duo Security’s Jordan Wright — Research Saturday
BadRabbit misdirection? Fancy Bear’s wish list. AWS misconfigurations. Data breach notes.
Nov 3, 2017 • 20 min
BadRabbit misdirection? Fancy Bear’s wish list. AWS misconfigurations. Data breach notes.
The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn’t claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.
Nov 2, 2017 • 17 min
The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn’t claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.
Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.
Nov 1, 2017 • 17 min
Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.
A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China’s cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.
Oct 31, 2017 • 16 min
A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China’s cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.
Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.
Oct 30, 2017 • 13 min
Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.
Tracking a Trojan: KHRAT on Research Saturday
Oct 28, 2017 • 17 min
Tracking a Trojan: KHRAT on Research Saturday
BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow’s free commercial speech piety. Anonymous is back.
Oct 27, 2017 • 21 min
BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow’s free commercial speech piety. Anonymous is back.
Dogs that haven’t barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.
Oct 26, 2017 • 18 min
Dogs that haven’t barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.
BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta’s ICS Cybersecurity Conference.
Oct 25, 2017 • 18 min
BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta’s ICS Cybersecurity Conference.
Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28’s phishing. Kaspersky’s offer of code review. FBI shots in the crypto wars.
Oct 24, 2017 • 18 min
Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28’s phishing. Kaspersky’s offer of code review. FBI shots in the crypto wars.
Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.
Oct 23, 2017 • 14 min
Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.
WireX BotNet with Justin Paine from Cloudflare — Research Saturday
Oct 21, 2017 • 23 min
WireX BotNet with Justin Paine from Cloudflare
IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.
Oct 20, 2017 • 22 min
IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.
Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.
Oct 19, 2017 • 15 min
Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.
DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.
Oct 18, 2017 • 16 min
DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.
Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.
Oct 17, 2017 • 18 min
Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.
KRACK attacks. Iran’s growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.
Oct 16, 2017 • 15 min
KRACK attacks. Iran’s growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.
Synthesized DNA Malware with Peter Ney — Research Saturday
Oct 14, 2017 • 20 min
Synthesized DNA Malware with Peter Ney — Research Saturday
Germany’s BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.
Oct 13, 2017 • 21 min
Germany’s BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.
Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it’s better).
Oct 12, 2017 • 18 min
Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it’s better).
Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.
Oct 11, 2017 • 16 min
Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.
Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.
Oct 10, 2017 • 16 min
Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.
GDPR: Privacy from Across the Pond - Special Edition
Oct 9, 2017 • 29 min
GDPR: Privacy from Across the Pond - Special Edition
Android Toast Overlay: Ryan Olson from Palo Alto Networks - Research Saturday
Oct 7, 2017 • 16 min
Android Toast Overlay: Ryan Olson from Palo Alto Networks - Research Saturday
FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.
Oct 6, 2017 • 19 min
FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.
NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab’s coffin.
Oct 5, 2017 • 18 min
NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab’s coffin.
No insight yet into Las Vegas gunman’s motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.
Oct 4, 2017 • 16 min
No insight yet into Las Vegas gunman’s motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.
Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK
Oct 3, 2017 • 17 min
Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK
Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.
Oct 2, 2017 • 12 min
Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.
APT 33: FireEye’s John Hultquist on an Iranian Cyber Espionage Group - Research Saturday
Sep 30, 2017 • 14 min
APT 33: FireEye’s John Hultquist on an Iranian Cyber Espionage Group - Research Saturday
Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.
Sep 29, 2017 • 20 min
Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.
Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.
Sep 28, 2017 • 17 min
Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.
Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.
Sep 27, 2017 • 17 min
Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.
Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.
Sep 26, 2017 • 17 min
Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.
Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad’s protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.
Sep 25, 2017 • 15 min
Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad’s protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.
Pacifier APT : Bitdefender’s Liviu Arsene describes a sophisticated, multifaceted malware campaign - Research Saturday
Sep 23, 2017 • 21 min
Pacifier APT : Bitdefender’s Liviu Arsene describes a sophisticated, multifaceted malware campaign
Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.
Sep 22, 2017 • 20 min
Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.
EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.
Sep 21, 2017 • 17 min
EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.
German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.
Sep 20, 2017 • 17 min
German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.
Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.
Sep 19, 2017 • 17 min
Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.
Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.
Sep 18, 2017 • 15 min
Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.
Research Saturday— Cobian RAT: Zscaler’s Deepen Desai describes some clever malware
Sep 16, 2017 • 15 min
Cobian RAT: Zscaler’s Deepen Desai describes some clever malware
Equifax agonistes. Kaspersky denies his company’s a security risk. Political database for sale found exposed. Trolling the DCI.
Sep 15, 2017 • 19 min
Equifax agonistes. Kaspersky denies his company’s a security risk. Political database for sale found exposed. Trolling the DCI.
Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.
Sep 14, 2017 • 18 min
Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.
North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked
Sep 13, 2017 • 16 min
North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked
Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.
Sep 12, 2017 • 16 min
Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.
Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.
Sep 11, 2017 • 13 min
Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.
Equifax decides to tell people it’s been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.
Sep 8, 2017 • 21 min
Equifax decides to tell people it’s been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.
DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. “Fake News” survey.
Sep 7, 2017 • 15 min
DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. “Fake News” survey.
Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that’s not SIGINT.
Sep 6, 2017 • 17 min
Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that’s not SIGINT.
Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.
Sep 5, 2017 • 14 min
Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.
Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks’ Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.
Sep 1, 2017 • 20 min
Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks’ Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.
Turla’s Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.
Aug 31, 2017 • 17 min
Turla’s Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.
Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.
Aug 30, 2017 • 16 min
Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.
NIST Cybersecurity Framework - A CyberWire Special Edition
Aug 30, 2017 • 26 min
NIST Cybersecurity Framework - A CyberWire Special Edition
Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.
Aug 29, 2017 • 15 min
Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.
Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran’s info-ops rapper.
Aug 28, 2017 • 14 min
Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran’s info-ops rapper.
Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.
Aug 25, 2017 • 22 min
Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.
Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.
Aug 24, 2017 • 16 min
Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.
Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.
Aug 23, 2017 • 16 min
Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.
Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.
Aug 22, 2017 • 16 min
Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.
GCHQ and MalwareTech’s arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.
Aug 21, 2017 • 14 min
GCHQ and MalwareTech’s arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.
Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI…
Aug 18, 2017 • 22 min
Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI continues
Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews “Profexor.” Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.
Aug 17, 2017 • 16 min
Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews “Profexor.” Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.
NIST SP 800-53 updated. Attack on Scotland Parliament’s email system. Consequences of Equation Group leaks. “Mr. Smith” and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.
Aug 16, 2017 • 16 min
NIST SP 800-53 updated. Attack on Scotland Parliament’s email system. Consequences of Equation Group leaks. “Mr. Smith” and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.
Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to “Mr. Smith.” Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.
Aug 15, 2017 • 16 min
Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to “Mr. Smith.” Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.
Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a “ripoff.” More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.
Aug 14, 2017 • 12 min
Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a “ripoff.” More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.
HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear’s in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.
Aug 11, 2017 • 21 min
HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear’s in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.
Kenyan elections, not hacked? Someone’s poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.
Aug 10, 2017 • 16 min
Kenyan elections, not hacked? Someone’s poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.
Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.
Aug 9, 2017 • 15 min
Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.
Power grid risks. Update on the Mandiant employee hack. “Mr. Smith” holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a…
Aug 8, 2017 • 16 min
Power grid risks. Update on the Mandiant employee hack. “Mr. Smith” holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a Cybersecurity W
US Army bans DJI COTS drones. Amazon will scan AWS customers’ S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.
Aug 7, 2017 • 14 min
US Army bans DJI COTS drones. Amazon will scan AWS customers’ S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.
MalwareTech arrested over Kronos banking Trojan. “Bateleur” in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.
Aug 4, 2017 • 19 min
MalwareTech arrested over Kronos banking Trojan. “Bateleur” in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.
WikiLeaks dumps Dumbo dox. HBO’s hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.
Aug 3, 2017 • 16 min
WikiLeaks dumps Dumbo dox. HBO’s hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.
Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin’s hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.
Aug 2, 2017 • 16 min
Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin’s hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.
HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK’s Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.
Aug 1, 2017 • 16 min
HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK’s Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.
Black Hat 2017 - Research and Investment - CyberWire Special Edition
Aug 1, 2017 • 39 min
Black Hat 2017 - Research and Investment - CyberWire Special Edition
Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden’s big breach. DPRK hacks online gaming for revenue.
Jul 31, 2017 • 14 min
Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden’s big breach. DPRK hacks online gaming for revenue.
WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang’s Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.
Jul 28, 2017 • 21 min
WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang’s Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.
“Mia Ash” is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials.…
Jul 27, 2017 • 16 min
“Mia Ash” is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Anti-drone
Counterattackers’ advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.
Jul 26, 2017 • 15 min
Counterattackers’ advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.
Google Groups oversharing. E-discovery don’ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).
Jul 25, 2017 • 16 min
Google Groups oversharing. E-discovery don’ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).
Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.
Jul 24, 2017 • 15 min
Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.
Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil’s Ivy and the IoT. A look at criminal markets.
Jul 21, 2017 • 21 min
Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil’s Ivy and the IoT. A look at criminal markets.
Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.
Jul 20, 2017 • 16 min
Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.
Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.
Jul 19, 2017 • 15 min
Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.
Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.
Jul 18, 2017 • 15 min
Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.
Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.
Jul 17, 2017 • 13 min
Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.
More from WikiLeaks’ Vault7. Cyber ops and national policy. NotPetya’s costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.
Jul 14, 2017 • 21 min
More from WikiLeaks’ Vault7. Cyber ops and national policy. NotPetya’s costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.
Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.
Jul 13, 2017 • 15 min
Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.
Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.
Jul 12, 2017 • 18 min
Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.
Russia’s phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.
Jul 11, 2017 • 20 min
Russia’s phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.
Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC
Jul 10, 2017 • 14 min
Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC
NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.
Jul 7, 2017 • 21 min
NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.
Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?
Jul 6, 2017 • 15 min
Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?
Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.
Jul 5, 2017 • 16 min
Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.
Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU’s regulatory big stick. Vishing Parliament.
Jul 3, 2017 • 14 min
Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU’s regulatory big stick. Vishing Parliament.
What’s up with Petya/Nyetya/NotPetya? It’s a wiper—the extortion is just misdirection. WikiLeaks dumps “OutlawCountry” from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.
Jun 30, 2017 • 20 min
What’s up with Petya/Nyetya/NotPetya? It’s a wiper—the extortion is just misdirection. WikiLeaks dumps “OutlawCountry” from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.
Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.
Jun 29, 2017 • 14 min
Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.
IoT 2017 – Securing the Things: A CyberWire Special Edition
Jun 29, 2017 • 34 min
IoT 2017 – Securing the Things: A CyberWire Special Edition
Petya/PetrWrap/Goldeneye updates.
Jun 28, 2017 • 16 min
Petya/PetrWrap/Goldeneye updates.
Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.
Jun 27, 2017 • 16 min
Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.
Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites. 
Jun 26, 2017 • 13 min
Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites. 
Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.
Jun 23, 2017 • 20 min
Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.
WannaCry’s back and the industrial IoT’s got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.
Jun 22, 2017 • 15 min
WannaCry’s back and the industrial IoT’s got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.
Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data.
Jun 21, 2017 • 16 min
Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data.
Who’s behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.
Jun 20, 2017 • 15 min
Who’s behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.
Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn’t do it. (Didn’t need to?) Hackers sentenced.
Jun 19, 2017 • 14 min
Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn’t do it. (Didn’t need to?) Hackers sentenced.
More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.
Jun 16, 2017 • 19 min
More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.
Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers’ leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.
Jun 15, 2017 • 15 min
Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers’ leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.
A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.
Jun 14, 2017 • 19 min
A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.
CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.
Jun 13, 2017 • 15 min
CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.
CrashOverride implicated in Ukraine grid hack—possibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.
Jun 12, 2017 • 15 min
CrashOverride implicated in Ukraine grid hack—possibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.
Comey’s testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.
Jun 9, 2017 • 20 min
Comey’s testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.
Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.
Jun 8, 2017 • 14 min
Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.
Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.
Jun 7, 2017 • 14 min
Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.
Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.
Jun 6, 2017 • 14 min
Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.
ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.
Jun 5, 2017 • 14 min
ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.
Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.
Jun 2, 2017 • 19 min
Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.
It’s the first of June, and the ShadowBrokers’ exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).
Jun 1, 2017 • 14 min
It’s the first of June, and the ShadowBrokers’ exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).
Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.
May 31, 2017 • 14 min
Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.
Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.
May 30, 2017 • 12 min
Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.
WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.
May 26, 2017 • 20 min
WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.
Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.
May 25, 2017 • 14 min
Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.
Manchester bombing investigators look at bomber’s network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.
May 24, 2017 • 15 min
Manchester bombing investigators look at bomber’s network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.
ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.
May 23, 2017 • 14 min
ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.
How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).
May 22, 2017 • 13 min
How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).
WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.
May 19, 2017 • 19 min
WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.
OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.
May 18, 2017 • 14 min
OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.
Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks
May 17, 2017 • 15 min
Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks
WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?
May 16, 2017 • 14 min
WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?
WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.
May 15, 2017 • 15 min
WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.
WannaCry ransomware spreads via ShadowBrokers’ dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump’s Executive Order on cybersecurity.
May 12, 2017 • 20 min
WannaCry ransomware spreads via ShadowBrokers’ dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump’s Executive Order on cybersecurity.
French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother’s day giftcard hacking. Telephonic harassment.
May 11, 2017 • 14 min
French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother’s day giftcard hacking. Telephonic harassment.
NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.
May 10, 2017 • 14 min
NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.
Metadata signs point to St. Petersburg in l’affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.
May 9, 2017 • 15 min
Metadata signs point to St. Petersburg in l’affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.
Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.
May 8, 2017 • 13 min
Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.
Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.
May 5, 2017 • 20 min
Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.
Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin’s CISO.
May 4, 2017 • 15 min
Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin’s CISO.
Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.
May 3, 2017 • 14 min
Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.
IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar’s DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they’re after.
May 2, 2017 • 15 min
IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar’s DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they’re after.
NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.
May 1, 2017 • 13 min
NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.
OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. 
Apr 28, 2017 • 18 min
OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. 
Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority’s charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.
Apr 27, 2017 • 14 min
Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority’s charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.
Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle’s point-of-sale breach. Hacking in Fast and Furious 8.
Apr 26, 2017 • 14 min
Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle’s point-of-sale breach. Hacking in Fast and Furious 8.
Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.
Apr 25, 2017 • 14 min
Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.
Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.
Apr 24, 2017 • 15 min
Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.
States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.
Apr 21, 2017 • 19 min
States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.
Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium. A Chicago lawsuit brings privacy issues to the fore.
Apr 20, 2017 • 14 min
Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium. A Chicago lawsuit brings privacy issues to the fore.
Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.
Apr 19, 2017 • 14 min
Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.
Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.
Apr 18, 2017 • 14 min
Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.
Missiles and malware? ShadowBrokers’ leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?
Apr 17, 2017 • 14 min
Missiles and malware? ShadowBrokers’ leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?
ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.
Apr 14, 2017 • 19 min
ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits.
Apr 13, 2017 • 14 min
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits.
Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers
Apr 12, 2017 • 13 min
Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers
Women in Cybersecurity 2017: A CyberWire Special Edition
Apr 12, 2017 • 23 min
Women in Cybersecurity 2017: A CyberWire Special Edition
Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes Gödel Prize
Apr 11, 2017 • 14 min
Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes Gödel Prize
Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
Apr 10, 2017 • 15 min
Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
APT10’s Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.
Apr 7, 2017 • 19 min
APT10’s Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.
Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.
Apr 6, 2017 • 14 min
Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.
Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.
Apr 5, 2017 • 15 min
Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.
Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security.
Apr 4, 2017 • 14 min
Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security.
WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.
Apr 3, 2017 • 15 min
WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.
Fancy Bear’s phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? 
Mar 31, 2017 • 19 min
Fancy Bear’s phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? 
Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.
Mar 30, 2017 • 14 min
Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.
Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.
Mar 29, 2017 • 14 min
Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.
Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.
Mar 28, 2017 • 15 min
Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.
Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America’s JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.
Mar 27, 2017 • 14 min
Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America’s JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.
WikiLeaks’ Vault 7 “Dark Matter” docs. Information operations, Russian style and ISIS style. Job database exposed.
Mar 24, 2017 • 20 min
WikiLeaks’ Vault 7 “Dark Matter” docs. Information operations, Russian style and ISIS style. Job database exposed.
Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.  
Mar 23, 2017 • 15 min
Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.  
Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.
Mar 22, 2017 • 13 min
Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.
Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it’s being framed by DNS spoofing. “Cyber Pearl Harbor” fears may be a distraction.
Mar 21, 2017 • 15 min
Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it’s being framed by DNS spoofing. “Cyber Pearl Harbor” fears may be a distraction.
Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council’s Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.
Mar 20, 2017 • 13 min
Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council’s Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.
Cyberspace and “Cold War Two.” Who’s leaking to WikiLeaks? Wishbone breached—warn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.
Mar 17, 2017 • 19 min
Cyberspace and “Cold War Two.” Who’s leaking to WikiLeaks? Wishbone breached—warn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.
Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.
Mar 16, 2017 • 14 min
Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.
Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.
Mar 15, 2017 • 14 min
Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.
Canadian government sites recover from the Apache Struts vulnerability. FireEye’s M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.
Mar 14, 2017 • 14 min
Canadian government sites recover from the Apache Struts vulnerability. FireEye’s M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.
Vault 7 updates—observers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.
Mar 13, 2017 • 14 min
Vault 7 updates—observers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.
WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs.
Mar 10, 2017 • 19 min
WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs.
Vault 7 doesn’t show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power.
Mar 9, 2017 • 14 min
Vault 7 doesn’t show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power.
WikiLeaks and Vault 7
Mar 8, 2017 • 15 min
WikiLeaks and Vault 7
StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks’ Vault 7. Hacking back? Wiretapping?
Mar 7, 2017 • 14 min
StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks’ Vault 7. Hacking back? Wiretapping?
RSA 2017 Roundup – Perspectives, Pitches and Predictions
Mar 6, 2017 • 45 min
RSA 2017 Roundup – Perspectives, Pitches and Predictions
Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.  
Mar 6, 2017 • 14 min
Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.  
Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar’s prospects. PRC wants cyber peace. And farewell to Howard Schmidt.
Mar 3, 2017 • 20 min
Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar’s prospects. PRC wants cyber peace. And farewell to Howard Schmidt.
Online banking funds transfer fraud. Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.
Mar 2, 2017 • 14 min
Online banking funds transfer fraud. Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.
Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.
Mar 1, 2017 • 15 min
Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.
Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.
Feb 28, 2017 • 14 min
Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.
If I Only Had a Brain… Artificial Intelligence Gets Real at RSA 2017 - CyberWire Special Edition
Feb 27, 2017 • 32 min
If I Only Had a Brain… Artificial Intelligence Gets Real at RSA 2017 - CyberWire Special Edition
Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.
Feb 27, 2017 • 13 min
Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.
SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars. 
Feb 24, 2017 • 19 min
SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars. 
Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State’s cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.
Feb 23, 2017 • 14 min
Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State’s cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.
Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York’s cyber security regulations for banks. What Verizon will get from Yahoo!
Feb 22, 2017 • 15 min
Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York’s cyber security regulations for banks. What Verizon will get from Yahoo!
A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST’s draft electrical utility cyber guidance. Problematic toys.
Feb 21, 2017 • 14 min
A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST’s draft electrical utility cyber guidance. Problematic toys.
International norms of cyber conflict. Fancy Bear’s tradecraft (with a side of дезинформа́ция). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.
Feb 17, 2017 • 20 min
International norms of cyber conflict. Fancy Bear’s tradecraft (with a side of дезинформа́ция). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.
Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported.  Notes from RSA, and an update on Android gunnery malware.
Feb 16, 2017 • 14 min
Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported.  Notes from RSA, and an update on Android gunnery malware.
Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.
Feb 15, 2017 • 14 min
Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.
RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.
Feb 14, 2017 • 14 min
RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.
Cyber attacks reported in the Middle East, from both states and non-state actors. Italy’s Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA’s Innovation Sandbox.
Feb 13, 2017 • 14 min
Cyber attacks reported in the Middle East, from both states and non-state actors. Italy’s Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA’s Innovation Sandbox.
Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine’s Day.
Feb 10, 2017 • 19 min
Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine’s Day.
The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
Feb 9, 2017 • 14 min
The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.
Feb 8, 2017 • 14 min
Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.
Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?
Feb 7, 2017 • 14 min
Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?
Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to “witchcraft.”
Feb 6, 2017 • 13 min
Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to “witchcraft.”
Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.
Feb 3, 2017 • 18 min
Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.
A black market for insider information. Cisco studies data breaches. The Internet as a threat actor’s R&D infrastructure.
Feb 2, 2017 • 14 min
A black market for insider information. Cisco studies data breaches. The Internet as a threat actor’s R&D infrastructure.
Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?
Feb 1, 2017 • 14 min
Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?
Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.
Jan 31, 2017 • 15 min
Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.
Special Edition: 2017 Cyber Security Forecast
Jan 31, 2017 • 36 min
Special Edition: 2017 Cyber Security Forecast
Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.
Jan 30, 2017 • 12 min
Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.
LeakedSource is down. DoubleFlag’s called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.
Jan 27, 2017 • 19 min
LeakedSource is down. DoubleFlag’s called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.
Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security’s 2016 breach report. International cyber conflict notes, and a treason case in Russia.
Jan 26, 2017 • 14 min
Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security’s 2016 breach report. International cyber conflict notes, and a treason case in Russia.
Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.
Jan 25, 2017 • 14 min
Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.
Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.
Jan 24, 2017 • 11 min
Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.
Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai’s master?
Jan 23, 2017 • 14 min
Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai’s master?
Carbanak gets trickier and more ambitious. Ransomware updates. It’s beginning to look a lot like 1949 (at least from Moscow).
Jan 20, 2017 • 19 min
Carbanak gets trickier and more ambitious. Ransomware updates. It’s beginning to look a lot like 1949 (at least from Moscow).
France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding “Fruitfly.” Tracking Mirai’s master.
Jan 19, 2017 • 14 min
France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding “Fruitfly.” Tracking Mirai’s master.
Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.
Jan 18, 2017 • 14 min
Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.
Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.
Jan 17, 2017 • 14 min
Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.
Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.
Jan 13, 2017 • 19 min
Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.
Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.
Jan 12, 2017 • 12 min
Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.
Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?
Jan 11, 2017 • 14 min
Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?
Witch hunts and yard sales. See relationships, not dox. Rebrandings, mergers, acquisitions, and executive moves. Building anti-witch capabilities.
Jan 10, 2017 • 14 min
Witch hunts and yard sales. See relationships, not dox. Rebrandings, mergers, acquisitions, and executive moves. Building anti-witch capabilities.
Election hacking, influence operations, and official reports. EU hacking concerns. Lawsuit over email’s invention. Twitter frowns on unrequited love. Billy Bass, meet Alexa.  
Jan 9, 2017 • 14 min
Election hacking, influence operations, and official reports. EU hacking concerns. Lawsuit over email’s invention. Twitter frowns on unrequited love. Billy Bass, meet Alexa.  
Spearphishing in industrial espionage. Ransomware gets more widespread, ruthless, and perfidious. The US Intelligence Community assures the Senate that the Russians hacked the DNC.
Jan 6, 2017 • 19 min
Spearphishing in industrial espionage. Ransomware gets more widespread, ruthless, and perfidious. The US Intelligence Community assures the Senate that the Russians hacked the DNC.
Indiscriminate IOCs erode confidence in attributions. Official leaks erode trust in information sharing. Exploit updates.
Jan 5, 2017 • 15 min
Indiscriminate IOCs erode confidence in attributions. Official leaks erode trust in information sharing. Exploit updates.
Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.
Jan 4, 2017 • 14 min
Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.
Attribution issues: one story fizzles; another looks disappointingly circumstantial. Great powers jostle in cyberspace. Hacktivists resurface online. So, alas, do terrorists.
Jan 3, 2017 • 14 min
Attribution issues: one story fizzles; another looks disappointingly circumstantial. Great powers jostle in cyberspace. Hacktivists resurface online. So, alas, do terrorists.
Best of: Daniel Ennis
Dec 30, 2016 • 14 min
Best of: Daniel Ennis
Buying Cyber Security - A CyberWire Special Edition
Dec 30, 2016 • 27 min
Buying Cyber Security - A CyberWire Special Edition
Best of: Tom Coale
Dec 29, 2016 • 14 min
Best of: Tom Coale
Best of: Tom Wingfield
Dec 28, 2016 • 15 min
Best of: Tom Wingfield
Best of: Abby Smith Rumsey
Dec 27, 2016 • 14 min
Best of: Abby Smith Rumsey
Daily & Week in Review: Gunnery hacking. Influence operations and a proportionate response thereto? Yahoo breach post mortems. NIST issues Special Publication 800-184: “Guide for Cybersecurity Event Recovery.”
Dec 23, 2016 • 21 min
Daily & Week in Review: Gunnery hacking. Influence operations and a proportionate response thereto? Yahoo breach post mortems. NIST issues Special Publication 800-184: “Guide for Cybersecurity Event Recovery.”
Daily: ISIS offers Christmas inspiration (and it’s got nothing to do with peace or good will). Fancy Bear makes a battlefield appearance. Blogging services under attack.
Dec 22, 2016 • 14 min
Daily: ISIS offers Christmas inspiration (and it’s got nothing to do with peace or good will). Fancy Bear makes a battlefield appearance. Blogging services under attack.
Daily: Grid hacking in Ukraine? German terror investigations. Airliner vulnerability dispute. NIST wants post-quantum crypto standards. Project Wycheproof. Wassenaar update.
Dec 21, 2016 • 14 min
Daily: Grid hacking in Ukraine? German terror investigations. Airliner vulnerability dispute. NIST wants post-quantum crypto standards. Project Wycheproof. Wassenaar update.
Daily: Another Ukrainian power grid outage may have cyber causes. ShadowBrokers may have got Equation Group code from a rogue insider. WordPress brute-forcing. Evading volumetric detection. Methbot ad fraud. Wassenaar remains controversial. 
Dec 20, 2016 • 14 min
Daily: Another Ukrainian power grid outage may have cyber causes. ShadowBrokers may have got Equation Group code from a rogue insider. WordPress brute-forcing. Evading volumetric detection. Methbot ad fraud. Wassenaar remains controversial. 
Daily: ShadowBrokers update. More consequences of the Yahoo! breach. Other sites suffer data compromises. US investigations of, plans for retaliation against, Russian influence operations proceed.
Dec 19, 2016 • 14 min
Daily: ShadowBrokers update. More consequences of the Yahoo! breach. Other sites suffer data compromises. US investigations of, plans for retaliation against, Russian influence operations proceed.
Daily & Week in Review: US Election Assistance Commission hacked. US, Russia, swap hard words over influence operations. Ransomware updates. More on the effects of the Yahoo! breach. Autonomous vehicles approaching.
Dec 16, 2016 • 18 min
Daily & Week in Review: US Election Assistance Commission hacked. US, Russia, swap hard words over influence operations. Ransomware updates. More on the effects of the Yahoo! breach. Autonomous vehicles approaching.
Daily: Yahoo’s big breach—industry reactions. Spyware circulates in the wild. Investigation of election hacking continues. Hacktivism and “faketivism.” The ShadowBrokers are back.
Dec 15, 2016 • 14 min
Daily: Yahoo’s big breach—industry reactions. Spyware circulates in the wild. Investigation of election hacking continues. Hacktivism and “faketivism.” The ShadowBrokers are back.
Daily: Nation-state hacking (and nation-state victims of hacking). Loyalty program breaches, and a new Android Trojan strain.
Dec 14, 2016 • 14 min
Daily: Nation-state hacking (and nation-state victims of hacking). Loyalty program breaches, and a new Android Trojan strain.
Daily: SWIFT issues new fraud warnings. US investigates Russian influence operations. Patch news. Wages of sin are in-game purchases?
Dec 13, 2016 • 14 min
Daily: SWIFT issues new fraud warnings. US investigates Russian influence operations. Patch news. Wages of sin are in-game purchases?
Daily: Stressor, booter shoppers arrested. Small DDoS against Russian banks. Botnets and home routers. Popcorn Time ransomware. US investigates Russian influence operations.
Dec 12, 2016 • 13 min
Daily: Stressor, booter shoppers arrested. Small DDoS against Russian banks. Botnets and home routers. Popcorn Time ransomware. US investigates Russian influence operations.
Daily & Week in Review: Korean cyber alert amid a presidential impeachment. Germany calls out Fancy Bear for influence ops. Georgia—the Dixie one, not the one in the Caucasus—demands a cyber explanation. Holiday phishing, the enduring DDoS threat,…
Dec 9, 2016 • 19 min
Daily & Week in Review: Korean cyber alert amid a presidential impeachment. Germany calls out Fancy Bear for influence ops. Georgia—the Dixie one, not the one in the Caucasus—demands a cyber explanation. Holiday phishing, the enduring DDoS threat, and
Daily: IP theft in Germany. “Sledgehammer” looks like DDoS by Turkish patriotic hacktivists. Floki Bot and Dridex in the wild. Competition for cyber talent in a tight labor market.
Dec 8, 2016 • 14 min
Daily: IP theft in Germany. “Sledgehammer” looks like DDoS by Turkish patriotic hacktivists. Floki Bot and Dridex in the wild. Competition for cyber talent in a tight labor market.
Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay? 
Dec 7, 2016 • 15 min
Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay? 
Daily: State-directed cyberattacks in the 2017 forecast. Tenable’s Cybersecurity Assurance Report Card. DDoS and ransomware notes. Content filtering in social media. Connected toys too curious.
Dec 6, 2016 • 15 min
Daily: State-directed cyberattacks in the 2017 forecast. Tenable’s Cybersecurity Assurance Report Card. DDoS and ransomware notes. Content filtering in social media. Connected toys too curious.
Presidential Commission on Cybersecurity offers its recommendations to the next President. Russia says its financial system is under cyber threat. Cybercrime notes, and a scorecard.
Dec 5, 2016 • 13 min
Presidential Commission on Cybersecurity offers its recommendations to the next President. Russia says its financial system is under cyber threat. Cybercrime notes, and a scorecard.
Daily & Week in Review: Europol and its partners say they’ve got the head of the Avalanche snake. DDoS and IoT botnet updates. Android vulnerability. New rules for warrants and insider threats.
Dec 2, 2016 • 19 min
Daily & Week in Review: Europol and its partners say they’ve got the head of the Avalanche snake. DDoS and IoT botnet updates. Android vulnerability. New rules for warrants and insider threats.
Daily: Shamoon and Fancy Bear are back. Mirai never left. San Francisco Muni saved by good backups. New Android Trojan found. Firefox patches threat to Tor anonymity. Surveillance policy, ISIS investigations in Germany. 
Dec 1, 2016 • 14 min
Daily: Shamoon and Fancy Bear are back. Mirai never left. San Francisco Muni saved by good backups. New Android Trojan found. Firefox patches threat to Tor anonymity. Surveillance policy, ISIS investigations in Germany. 
Daily: Mirai remains a threat; experts expect more IoT-driven DDoS. ISIS, online radicalization, and terror attacks in the US. Snooper’s Charter and its alternatives. Gooligan Android malware.
Nov 30, 2016 • 15 min
Daily: Mirai remains a threat; experts expect more IoT-driven DDoS. ISIS, online radicalization, and terror attacks in the US. Snooper’s Charter and its alternatives. Gooligan Android malware.
Daily: ISIS online sympathizers (but not ISIS itself, which is lying a bit low) claim Ohio State attacker. German security agencies warn of possible Russian disruption of elections. Mirai strikes again. San Francisco’s Muni shrugs off ransomware. A…
Nov 29, 2016 • 15 min
Daily: ISIS online sympathizers (but not ISIS itself, which is lying a bit low) claim Ohio State attacker. German security agencies warn of possible Russian disruption of elections. Mirai strikes again. San Francisco’s Muni shrugs off ransomware. A look a
Securing a Deal - Cyber Security Venture Capitalists on what they look for. A CyberWire Special Edition.
Nov 29, 2016 • 29 min
Securing a Deal - Cyber Security Venture Capitalists on what they look for. A CyberWire Special Edition.
Daily: Military, law enforcement cooperation take a toll of ISIS operators. DDoS investigations. Mirai botnet can be rented on the black market. Beware ATM skimmers. Ransomware hits San Francisco light rail. Bogus news of cable show hacking.
Nov 28, 2016 • 14 min
Daily: Military, law enforcement cooperation take a toll of ISIS operators. DDoS investigations. Mirai botnet can be rented on the black market. Beware ATM skimmers. Ransomware hits San Francisco light rail. Bogus news of cable show hacking.
Daily: ISIS shows a slightly different face in cyberspace. BITAG issues advice to the IoT industry. Jackpotting and carding investigated.
Nov 23, 2016 • 19 min
Daily: ISIS shows a slightly different face in cyberspace. BITAG issues advice to the IoT industry. Jackpotting and carding investigated.
Daily: Banks are vulnerable to more than carding and transfer fraud. Ransomware updates. Lessons for users from the Three Mobile hack. Biometrics (with hedgehog). Election hacking retrospective.
Nov 22, 2016 • 15 min
Daily: Banks are vulnerable to more than carding and transfer fraud. Ransomware updates. Lessons for users from the Three Mobile hack. Biometrics (with hedgehog). Election hacking retrospective.
Daily: More of the customary cybercrime, but with additional warnings of new ransomware vectors. Dodgy apps and holiday shopping. Credential abuse. No pardon for Snowden, for now, anyway.
Nov 21, 2016 • 14 min
Daily: More of the customary cybercrime, but with additional warnings of new ransomware vectors. Dodgy apps and holiday shopping. Credential abuse. No pardon for Snowden, for now, anyway.
Daily & Week in Review: US DNI Clapper says Russia “curtailed” election hacking after being named. Three Mobile breached. Android and iOS issues. Good news on ransomware. Start-up rundown. China calls its Internet controls “wisdom.”
Nov 18, 2016 • 19 min
Daily & Week in Review: US DNI Clapper says Russia “curtailed” election hacking after being named. Three Mobile breached. Android and iOS issues. Good news on ransomware. Start-up rundown. China calls its Internet controls “wisdom.”
Daily: Social media aren’t automatically on the right side of history, it seems. More on the Adups backdoor. Holiday shopping cyber-safety and security.
Nov 17, 2016 • 15 min
Daily: Social media aren’t automatically on the right side of history, it seems. More on the Adups backdoor. Holiday shopping cyber-safety and security.
Daily: An insider threat deadline approaches. Lawful intercept tools from Italy. Carbanak moves to new targets. Security policy in Germany and the US. A guilty plea in the TalkTalk hack.
Nov 16, 2016 • 15 min
Daily: An insider threat deadline approaches. Lawful intercept tools from Italy. Carbanak moves to new targets. Security policy in Germany and the US. A guilty plea in the TalkTalk hack.
Daily: It walks, it talks, it reports to Shanghai. Locky takes a run at US Army Cyber Command. CrySis decrypted. SpamTorte 2.0 is out. Adults should be warned off by “adult.”
Nov 15, 2016 • 16 min
Daily: It walks, it talks, it reports to Shanghai. Locky takes a run at US Army Cyber Command. CrySis decrypted. SpamTorte 2.0 is out. Adults should be warned off by “adult.”
Daily: Russian banks suffer IoT botnet DDoS. Fancy Bear’s still phishing. Lessons from Tesco fraud. Third-party risk hits Michael Page. Casino Rama data breach. Adult website loses data for 339 million accounts. FTC litigation. Moscow anti-trust…
Nov 14, 2016 • 14 min
Daily: Russian banks suffer IoT botnet DDoS. Fancy Bear’s still phishing. Lessons from Tesco fraud. Third-party risk hits Michael Page. Casino Rama data breach. Adult website loses data for 339 million accounts. FTC litigation. Moscow anti-trust case.
Daily: Yahoo! warns Verizon deal may be at risk. More OPM-themed ransomware phishing. Cyber policy advice for, and speculation about, the next US Administration.
Nov 10, 2016 • 16 min
Daily: Yahoo! warns Verizon deal may be at risk. More OPM-themed ransomware phishing. Cyber policy advice for, and speculation about, the next US Administration.
US elections proceeded undisrupted by hacking. Patch Tuesday review. Banking Trojans, Android trigger-malware, and thermostats gone wild.
Nov 9, 2016 • 15 min
US elections proceeded undisrupted by hacking. Patch Tuesday review. Banking Trojans, Android trigger-malware, and thermostats gone wild.
Daily: Election Day cyber updates. Mirai goes to pieces. Five Eyes and Europol take down dark web souks. Turkey and clamps down on their Internet.
Nov 8, 2016 • 14 min
Daily: Election Day cyber updates. Mirai goes to pieces. Five Eyes and Europol take down dark web souks. Turkey and clamps down on their Internet.
Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
Nov 7, 2016 • 13 min
Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
Mirai, “Botnet #14,” hits Liberian networks. Anonymous doesn’t much care for either jihad or the Man. A new security company forms with acquisition of Cryptzone, Catbird, Easy Solutions, and Brainspace. Election hacking updates.
Nov 4, 2016 • 19 min
Mirai, “Botnet #14,” hits Liberian networks. Anonymous doesn’t much care for either jihad or the Man. A new security company forms with acquisition of Cryptzone, Catbird, Easy Solutions, and Brainspace. Election hacking updates.
Daily: Sources say FBI is confident foreign intelligence services penetrated former Secretary of State’s private email server. WikiLeaks says it’s not a Russian tool. Notes on industry; notes on cybercrime.
Nov 3, 2016 • 14 min
Daily: Sources say FBI is confident foreign intelligence services penetrated former Secretary of State’s private email server. WikiLeaks says it’s not a Russian tool. Notes on industry; notes on cybercrime.
Daily: To disclose or not to disclose…in public. A look into the dark web. Chrome and Firefox disallow shaky certificates. Anonymous gets an incomplete. The Shadow Brokers are still after the Wealthy Elite.
Nov 2, 2016 • 15 min
Daily: To disclose or not to disclose…in public. A look into the dark web. Chrome and Firefox disallow shaky certificates. Anonymous gets an incomplete. The Shadow Brokers are still after the Wealthy Elite.
Daily: The Shadow Brokers say trick or treat to the Amerikanski. Are free elections like free beer? Google wants faster patching. The state of Mirai.
Nov 1, 2016 • 14 min
Daily: The Shadow Brokers say trick or treat to the Amerikanski. Are free elections like free beer? Google wants faster patching. The state of Mirai.
Daily: Halloween special: mummies, lycanthropes, vampires, villagers with pitchforks, and virtual stakes through virtual hearts.
Oct 31, 2016 • 13 min
Daily: Halloween special: mummies, lycanthropes, vampires, villagers with pitchforks, and virtual stakes through virtual hearts.
Daily & Week in Review: Not all experts agree you should resign yourself to being hacked. The state of fraud, 2016. Ransomware and DDoS updates. The Kremlin gets doxed.
Oct 28, 2016 • 19 min
Daily & Week in Review: Not all experts agree you should resign yourself to being hacked. The state of fraud, 2016. Ransomware and DDoS updates. The Kremlin gets doxed.
Special Edition: Exploring Cyber Security Education
Oct 28, 2016 • 31 min
Special Edition: Exploring Cyber Security Education
Daily: DDoS concerns mount—not just Mirai botnets, but LDAP exploitation. Ukrainian hacktivists release emails they say belong to one of Putin’s closest advisors. (Moscow says they’re fake. Moscow’s on its own.)
Oct 27, 2016 • 14 min
Daily: DDoS concerns mount—not just Mirai botnets, but LDAP exploitation. Ukrainian hacktivists release emails they say belong to one of Putin’s closest advisors. (Moscow says they’re fake. Moscow’s on its own.)
Daily: Youth and cyber make a bad-news-good-news story (it’s complicated). Mirai DDoS may be the work of skids. ISIS adjusts its messaging.
Oct 26, 2016 • 14 min
Daily: Youth and cyber make a bad-news-good-news story (it’s complicated). Mirai DDoS may be the work of skids. ISIS adjusts its messaging.
Daily: The Mirai botnet DDoS attack, its consequences and attribution, with commentary from various observers.
Oct 25, 2016 • 14 min
Daily: The Mirai botnet DDoS attack, its consequences and attribution, with commentary from various observers.
Daily: Recovering from Friday’s IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.
Oct 24, 2016 • 13 min
Daily: Recovering from Friday’s IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.
Daily & Week in Review: Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.
Oct 21, 2016 • 19 min
Daily & Week in Review: Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.
Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.
Oct 20, 2016 • 14 min
Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.
Daily: Blockchains at a brewery. Ecuador says it cut Assange’s Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London’s City.
Oct 19, 2016 • 14 min
Daily: Blockchains at a brewery. Ecuador says it cut Assange’s Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London’s City.
Daily: Assange still has asylum, but not so much connectivity. RT’s banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.
Oct 18, 2016 • 15 min
Daily: Assange still has asylum, but not so much connectivity. RT’s banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.
Daily: Pakistan phishes Indian Army. US election hacks continue as the US investigates and mulls its response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.
Oct 17, 2016 • 14 min
Daily: Pakistan phishes Indian Army. US election hacks continue as the US investigates and mulls its response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.
Daily & Week in Review: Political hacks: email, Twitter, and iCloud. Calls mount for tough US response to Russian cyber operations. Two Android vulnerabilities and one threat revealed. Verizon calls Yahoo! breach “material.”
Oct 14, 2016 • 19 min
Daily & Week in Review: Political hacks: email, Twitter, and iCloud. Calls mount for tough US response to Russian cyber operations. Two Android vulnerabilities and one threat revealed. Verizon calls Yahoo! breach “material.”
Daily: Patriotic hacktivism in South Asia? US, Russia cyber stare-down continues. IoT devices exploited as proxies. Cyber sector sees market volatility. Cartels launder money through games.
Oct 13, 2016 • 14 min
Daily: Patriotic hacktivism in South Asia? US, Russia cyber stare-down continues. IoT devices exploited as proxies. Cyber sector sees market volatility. Cartels launder money through games.
Daily: Australia confirms foreign intelligence service hacked Bureau of Meteorology. TV5Monde and its false-flag hack. Trojan hitting SWIFT. Patch Tuesday notes. US-Russian cyber showdown.
Oct 12, 2016 • 14 min
Daily: Australia confirms foreign intelligence service hacked Bureau of Meteorology. TV5Monde and its false-flag hack. Trojan hitting SWIFT. Patch Tuesday notes. US-Russian cyber showdown.
Daily: US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as “rubbish.” WikiLeaks posts Clinton campaign emails.
Oct 11, 2016 • 14 min
Daily: US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as “rubbish.” WikiLeaks posts Clinton campaign emails.
Daily & Week in Review: Skepticism concerning Guccifer 2.0’s claimed hack of the Clinton Foundation. NSA contractor arrest. Mirai botnet exploits. Security fatigue.
Oct 7, 2016 • 19 min
Daily & Week in Review: Skepticism concerning Guccifer 2.0’s claimed hack of the Clinton Foundation. NSA contractor arrest. Mirai botnet exploits. Security fatigue.
Daily: NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story’s still murky. Thoughts from AUSA on cyber innovation and information warfare.
Oct 6, 2016 • 14 min
Daily: NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story’s still murky. Thoughts from AUSA on cyber innovation and information warfare.
Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.
Oct 5, 2016 • 14 min
Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.
Daily: AUSA update. Mirai botnet shows risks of default IoT passwords. US-Russian tensions rise over imposition of costs.
Oct 4, 2016 • 15 min
Daily: AUSA update. Mirai botnet shows risks of default IoT passwords. US-Russian tensions rise over imposition of costs.
Daily: Hackers said to “probe” US voting systems. IoT botnet source code released. “DressCode” malware afflicts Android devices. Industry notes. SEC urged to make an example of Yahoo!
Oct 3, 2016 • 11 min
Daily: Hackers said to “probe” US voting systems. IoT botnet source code released. “DressCode” malware afflicts Android devices. Industry notes. SEC urged to make an example of Yahoo!
Daily & Week in Review: Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion.
Sep 30, 2016 • 19 min
Daily & Week in Review: Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion.
Daily: Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.
Sep 29, 2016 • 14 min
Daily: Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.
Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.
Sep 28, 2016 • 14 min
Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.
Daily: Yahoo!’s Verizon deal still on. Mac trojan hits aerospace. Facebook poked by German privacy laws.
Sep 27, 2016 • 14 min
Daily: Yahoo!’s Verizon deal still on. Mac trojan hits aerospace. Facebook poked by German privacy laws.
Daily: Yahoo! breach fallout, Krebs back online, election hack concerns.
Sep 26, 2016 • 12 min
Daily: Yahoo! breach fallout, Krebs back online, election hack concerns.
Daily & Week in Review: Yahoo! breach, infected torrents, insider threats.
Sep 23, 2016 • 20 min
Daily & Week in Review: Yahoo! breach, infected torrents, insider threats.
Daily: Record breaking DDoS, record breaking account info theft.
Sep 22, 2016 • 14 min
Daily: Record breaking DDoS, record breaking account info theft.
Daily: Russian hackers hit German targets. New ransomware. DPRK domains revealed.
Sep 21, 2016 • 14 min
Daily: Russian hackers hit German targets. New ransomware. DPRK domains revealed.
Daily: FBI hunts Russian bears, election hacking, chat bot warnings.
Sep 20, 2016 • 14 min
Daily: FBI hunts Russian bears, election hacking, chat bot warnings.
Daily: New York area bombings, ISIS defacements, Snowden pardon debate.
Sep 19, 2016 • 12 min
Daily: New York area bombings, ISIS defacements, Snowden pardon debate.
Daily & Week in Review: VIPs scrub email, cyber war vs cold war, industry news and more.
Sep 16, 2016 • 19 min
Daily & Week in Review: VIPs scrub email, cyber war vs cold war, industry news and more.
Daily: Does Fancy Bear care if it’s caught? Retaliation, vulnerabilities, litigation, and more.
Sep 15, 2016 • 14 min
Daily: Does Fancy Bear care if it’s caught? Retaliation, vulnerabilities, litigation, and more.
Daily: Pentesting meets the gig economy. Stingrays, machine learning, and more.
Sep 14, 2016 • 14 min
Daily: Pentesting meets the gig economy. Stingrays, machine learning, and more.
Daily: Lessons from recent incidents. Russia says, it’s not us, it’s you, and more.
Sep 13, 2016 • 14 min
Daily: Lessons from recent incidents. Russia says, it’s not us, it’s you, and more.
Daily: Zero-days, industry notes, the Intelligence & National Security Summit, and more.
Sep 12, 2016 • 12 min
Daily: Zero-days, industry notes, the Intelligence & National Security Summit, and more.
Daily & Week in Review: Malware mines Monero. That sad OPM breach, Crackas cracked, and more.
Sep 9, 2016 • 19 min
Daily & Week in Review: Malware mines Monero. That sad OPM breach, Crackas cracked, and more.
Daily: US voting security, cyber M&A action, OPM breach post mortem, Pokémon, and more.
Sep 8, 2016 • 15 min
Daily: US voting security, cyber M&A action, OPM breach post mortem, Pokémon, and more.
Daily: Election hacking (again). Also key sharing risks, and more.
Sep 7, 2016 • 14 min
Daily: Election hacking (again). Also key sharing risks, and more.
Daily: Slap leather, Vlad. If cyberspace is the “Wild West,” here’s the best showdown since Blazing Saddles, and more.
Sep 6, 2016 • 14 min
Daily: Slap leather, Vlad. If cyberspace is the “Wild West,” here’s the best showdown since Blazing Saddles, and more.
Daily & Week in Review: Election hacking, OS X patched, cyber saber-rattling, finding security talent, and more.
Sep 2, 2016 • 20 min
Daily & Week in Review: Election hacking, OS X patched, cyber saber-rattling, finding security talent, and more.
Daily: Russia’s cyber long game, SWIFT fraud, hack physics (not metaphors), and more.
Sep 1, 2016 • 15 min
Daily: Russia’s cyber long game, SWIFT fraud, hack physics (not metaphors), and more.
Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.
Aug 31, 2016 • 14 min
Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.
Special Edition: Fundraising and Cyber Startups
Aug 31, 2016 • 28 min
Special Edition: Fundraising and Cyber Startups
Daily: Bug hunters turn shorts. Cyber frame-ups, election fraud, spearphishing, whalephishing, and more.
Aug 30, 2016 • 14 min
Daily: Bug hunters turn shorts. Cyber frame-ups, election fraud, spearphishing, whalephishing, and more.
Daily: Bug bounty? Nah, just short the stock. Pegasus, cyber arms control, and more.
Aug 29, 2016 • 14 min
Daily: Bug bounty? Nah, just short the stock. Pegasus, cyber arms control, and more.
Daily & Week in Review: Sorry, kids, it’s back-to-school. What you should know, fellow youths, and more.
Aug 26, 2016 • 19 min
Daily & Week in Review: Sorry, kids, it’s back-to-school. What you should know, fellow youths, and more.
Daily: Info ops drive hacks. Cryptowar resurgence in Europe, and more.
Aug 25, 2016 • 14 min
Info ops drive hacks. Cryptowar resurgence in Europe, and more.
Daily: “It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)
Aug 24, 2016 • 13 min
Daily: “It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)
Daily: Shadow Brokers: zero-day hoarding (or not) and firewall exploitation.
Aug 23, 2016 • 14 min
Daily: Shadow Brokers: zero-day hoarding (or not) and firewall exploitation.
Daily: Hacking and hybrid warfare. Industry notes (including Wassenaar’s next round).
Aug 22, 2016 • 14 min
Daily: Hacking and hybrid warfare. Industry notes (including Wassenaar’s next round).
Daily & Week in Review: Hulk smash. Pokemon smish. And more on the Shadow Brokers.
Aug 19, 2016 • 20 min
Daily & Week in Review: Hulk smash. Pokemon smish. And more on the Shadow Brokers.
Daily: Who is Boson Spider? Legit zero-days among Shadow Brokers’ leaks.
Aug 18, 2016 • 15 min
Daily: Who is Boson Spider? Legit zero-days among Shadow Brokers’ leaks.
Daily: Shadow Brokers warn ‘Wealthy Elite’—new cyber cold war? And cybercrooks are still out there.
Aug 17, 2016 • 14 min
Daily: Shadow Brokers warn ‘Wealthy Elite’—new cyber cold war? And cybercrooks are still out there.
Daily: All your attack code are belong us. Guccifer 2.0 suddenly more fluent.
Aug 16, 2016 • 14 min
Daily: All your attack code are belong us. Guccifer 2.0 suddenly more fluent.
Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.
Aug 15, 2016 • 12 min
Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.
Daily & Week in Review: FBI has “high confidence” Russians hacked DNC. Olympic hacks, cyber vigilantes, criminal markets.
Aug 12, 2016 • 19 min
Daily & Week in Review: FBI has “high confidence” Russians hacked DNC. Olympic hacks, cyber vigilantes, criminal markets.
Daily: Info ops as battlespace prep. It’s hard to count Australians.
Aug 11, 2016 • 14 min
Daily: Info ops as battlespace prep. It’s hard to count Australians.
Daily: Australia’s census clogged. Iran ups its offense? Ransomware and file deletion.
Aug 10, 2016 • 14 min
Daily: Australia’s census clogged. Iran ups its offense? Ransomware and file deletion.
Daily: A look back at Vegas. Rio’s rogue Wi-Fi. Cyberwar & actual war.
Aug 9, 2016 • 13 min
Daily: A look back at Vegas. Rio’s rogue Wi-Fi. Cyberwar & actual war.
Special Edition: Black Hat, Part 2 - Trends and Insights from Industry Leaders
Aug 9, 2016 • 16 min
Special Edition: Black Hat, Part 2 - Trends and Insights from Industry Leaders
Daily: DARPA CTF: Mayhem (win), Xandra (place), Mechphish (show). Blame it on Rio.
Aug 8, 2016 • 14 min
Daily: DARPA CTF: Mayhem (win), Xandra (place), Mechphish (show). Blame it on Rio.
Daily: Election hacking, layoff rumors, the unbearable lightness of Pokemon.
Aug 5, 2016 • 18 min
Daily: Election hacking, layoff rumors, the unbearable lightness of Pokemon.
Special Edition: Black Hat - Cyber Security Trends and Investment
Aug 4, 2016 • 28 min
Special Edition: Black Hat - Cyber Security Trends and Investment
Daily: Black Hat, of course. US election concerns, and more jihadist info ops.
Aug 4, 2016 • 13 min
Daily: Black Hat, of course. US election concerns, and more jihadist info ops.
Daily: Black Hat USA, Android upgrades, and mind control (maybe).
Aug 3, 2016 • 14 min
Daily: Black Hat USA, Android upgrades, and mind control (maybe).
Daily: US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.
Aug 2, 2016 • 14 min
Daily: US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.
Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.
Aug 1, 2016 • 12 min
Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.
Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?
Jul 29, 2016 • 19 min
Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?
Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.
Jul 28, 2016 • 14 min
Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.
Daily: DNC hacks, encryption, IoT hacks, and Pokémon.
Jul 27, 2016 • 14 min
Daily: DNC hacks, encryption, IoT hacks, and Pokémon.
Daily: Russians interested in US elections? Russia says nyet, but DNC says da.
Jul 26, 2016 • 14 min
Daily: Russians interested in US elections? Russia says nyet, but DNC says da.
Daily: ISIS, al Qaeda compete online. WikiLeaks doxes DNC (courtesy FSB, GRU).
Jul 25, 2016 • 12 min
Daily: ISIS, al Qaeda compete online. WikiLeaks doxes DNC (courtesy FSB, GRU).
Daily & Week in Review: Hacktivists hit Library of Congress, Stingrays and Security Clearances
Jul 22, 2016 • 20 min
Daily & Week in Review: Hacktivists hit Library of Congress, Stingrays and Security Clearances
Daily: DDoSing ISIS. Political hacks. Inspiration is an info op.
Jul 21, 2016 • 12 min
Daily: DDoSing ISIS. Political hacks. Inspiration is an info op.
Daily: Brazilian, Chinese groups pledge allegiance to ISIS. Turkey’s coup aftermath online.
Jul 20, 2016 • 14 min
Daily: Brazilian, Chinese groups pledge allegiance to ISIS. Turkey’s coup aftermath online.
Daily: Influence online, from jihad to kawaii. Cybercrime. Industry updates.
Jul 19, 2016 • 14 min
Daily: Influence online, from jihad to kawaii. Cybercrime. Industry updates.
Special Edition: Quantifying Cyber Risk
Jul 19, 2016 • 30 min
Special Edition: Quantifying Cyber Risk
Daily: Dark web observations on coups and lists. Pokémon Go and the madness of crowds.
Jul 18, 2016 • 14 min
Daily: Dark web observations on coups and lists. Pokémon Go and the madness of crowds.
Daily & Week in Review: Pokémon Go’s astonishing success. (And attack surface?) Crime, folly, the punishment thereof.
Jul 15, 2016 • 19 min
Daily & Week in Review: Pokémon Go’s astonishing success. (And attack surface?) Crime, folly, the punishment thereof.
Daily: Slinging cyber lingo. Bad robots. Pokémon Go’s long march.
Jul 14, 2016 • 14 min
Daily: Slinging cyber lingo. Bad robots. Pokémon Go’s long march.
Daily: Patch Tuesday notes. Pokémon Go (of course), ICS security, energy recon, fansmitters.
Jul 13, 2016 • 14 min
Daily: Patch Tuesday notes. Pokémon Go (of course), ICS security, energy recon, fansmitters.
Daily: Medical device, record hacks. (Un)welcome new ransomware: Alfa, Ranscam. ISIS online decline?
Jul 12, 2016 • 12 min
Daily: Medical device, record hacks. (Un)welcome new ransomware: Alfa, Ranscam. ISIS online decline?
Daily: Pokémon Go is out, with troubles in its popular trail. Cybercrime & hacktivist miscellany.
Jul 11, 2016 • 14 min
Daily: Pokémon Go is out, with troubles in its popular trail. Cybercrime & hacktivist miscellany.
Daily & Week in Review: Classified info—goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
Jul 8, 2016 • 19 min
Daily & Week in Review: Classified info—goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
Daily: Blockchains and their uses. Pirrit adware attribution. Avast buys AVG for $1.3B.
Jul 7, 2016 • 14 min
Daily: Blockchains and their uses. Pirrit adware attribution. Avast buys AVG for $1.3B.
Daily: Cybercrime campaigns. States hope ISIS overplayed its violent hand. No indictment of Clinton over email.
Jul 6, 2016 • 11 min
Daily: Cybercrime campaigns. States hope ISIS overplayed its violent hand. No indictment of Clinton over email.
Daily: Statecraft, spycraft, & warcraft: inspiration, cells, & espionage. Cybercrime & punishment.
Jul 5, 2016 • 14 min
Daily: Statecraft, spycraft, & warcraft: inspiration, cells, & espionage. Cybercrime & punishment.
Daily & Week in Review: Conficker worms into medical IoT. Talking key management, DevOps. NERC standards take effect.
Jul 1, 2016 • 18 min
Daily & Week in Review: Conficker worms into medical IoT. Talking key management, DevOps. NERC standards take effect.
Daily: Hacktivism or denial-&-deception? (Smart money’s on D&D.) LizardStressor herds CCTV bots.
Jun 30, 2016 • 12 min
Daily: Hacktivism or denial-&-deception? (Smart money’s on D&D.) LizardStressor herds CCTV bots.
Daily: Istanbul bombings prompt global intel collection re-look. Cyber threats to transportation.
Jun 29, 2016 • 14 min
Daily: Istanbul bombings prompt global intel collection re-look. Cyber threats to transportation.
Daily: Not interested in Fancy Bear? Fancy Bear’s interested in you. No dark-grey hats, please.
Jun 28, 2016 • 13 min
Daily: Not interested in Fancy Bear? Fancy Bear’s interested in you. No dark-grey hats, please.
Daily: Ransomware: MIRCOP, Cerber, CryptXXX, Bart, TeslaCrypt (& the #95 car). Intel selling security unit?
Jun 27, 2016 • 10 min
Daily: Ransomware: MIRCOP, Cerber, CryptXXX, Bart, TeslaCrypt (& the #95 car). Intel selling security unit?
Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.
Jun 24, 2016 • 19 min
Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.
Daily: Insecurity cascades from credential breaches, homebrew servers? Cyber casus belli. Waiting for Brexit (or not).
Jun 23, 2016 • 14 min
Daily: Insecurity cascades from credential breaches, homebrew servers? Cyber casus belli. Waiting for Brexit (or not).
Daily: Android malware circulating in the wild. Did bears find Clinton Foundation servers just right? Help me, ObiWan.
Jun 22, 2016 • 13 min
Daily: Android malware circulating in the wild. Did bears find Clinton Foundation servers just right? Help me, ObiWan.
Daily: DNC hack looks like Russia’s work, but Guccifer 2.0 still says no. (Nyet?)
Jun 21, 2016 • 13 min
Daily: DNC hack looks like Russia’s work, but Guccifer 2.0 still says no. (Nyet?)
Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.
Jun 20, 2016 • 13 min
Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.
Daily & Week in Review: Car hacking. Flash Player Patched. DNC hack updates, fighting terror in cyberspace.
Jun 17, 2016 • 19 min
Daily & Week in Review: Car hacking. Flash Player Patched. DNC hack updates, fighting terror in cyberspace.
Daily: xDedic, Guccifer 2.0…but what really knocks us out is those cheap sunglasses.
Jun 16, 2016 • 14 min
Daily: xDedic, Guccifer 2.0…but what really knocks us out is those cheap sunglasses.
Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.
Jun 15, 2016 • 13 min
Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.
Daily: Run DNC. Online inspiration and the limits of investigation. North Korean cyber ops.
Jun 14, 2016 • 14 min
Daily: Run DNC. Online inspiration and the limits of investigation. North Korean cyber ops.
Daily: Jihadists continue online inspiration. India worries about China’s cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.
Jun 13, 2016 • 11 min
Daily: Jihadists continue online inspiration. India worries about China’s cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.
Daily & Week in Review: Breach reactions. Attention grid substations: squirrels, and snakes, and monkeys, oh my…
Jun 10, 2016 • 19 min
Daily & Week in Review: Breach reactions. Attention grid substations: squirrels, and snakes, and monkeys, oh my…
Daily: Ransomware spreads (backup or pay up?). Safe travels. FTC, NFL embarrassed.
Jun 9, 2016 • 11 min
Daily: Ransomware spreads (backup or pay up?). Safe travels. FTC, NFL embarrassed.
Daily: US banks warned to get their security act together. Security trends.
Jun 8, 2016 • 9 min
Daily: US banks warned to get their security act together. Security trends.
Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter’s parapet.
Jun 7, 2016 • 12 min
Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter’s parapet.
Daily: Sovereign mafia state? Spearphishing with Pay Commission bait. IoT risks.
Jun 6, 2016 • 11 min
Daily: Sovereign mafia state? Spearphishing with Pay Commission bait. IoT risks.
Daily & Week in Review: Money laundering, cyber fraud, lost laptops, & how cyber criminals get paid.
Jun 3, 2016 • 19 min
Daily & Week in Review: Money laundering, cyber fraud, lost laptops, & how cyber criminals get paid.
Daily: A look at markets, legitimate and criminal. ICS proof-of-concept exploit.
Jun 2, 2016 • 11 min
Daily: A look at markets, legitimate and criminal. ICS proof-of-concept exploit.
Daily: Stealth Falcon, OEM issues, black market trends.
Jun 1, 2016 • 11 min
Daily: Stealth Falcon, OEM issues, black market trends.
Daily: Social media breach woes, sector analysts & investor sentiment.
May 31, 2016 • 11 min
Daily: Social media breach woes, sector analysts & investor sentiment.
Daily & Week in Review: Crypto wars update, story stocks, AI, encryption, and the usual crime.
May 27, 2016 • 18 min
Daily & Week in Review: Crypto wars update, story stocks, AI, encryption, and the usual crime.
Daily: Ransomware threats. Industry (mostly good) news. US State Department IG reports on email.
May 26, 2016 • 12 min
Daily: Ransomware threats. Industry (mostly good) news. US State Department IG reports on email.
Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren’t ‘bombs?
May 25, 2016 • 9 min
Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren’t ‘bombs?
Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day… Bonus: Scunthorpe Problem.
May 24, 2016 • 11 min
Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day… Bonus: Scunthorpe Problem.
Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.
May 23, 2016 • 11 min
Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.
Daily & Week in Review: TeslaCrypt says “sorry, here’s the key.” 50-cent-ers troll China.
May 20, 2016 • 17 min
Daily & Week in Review: TeslaCrypt says “sorry, here’s the key.” 50-cent-ers troll China.
Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).
May 19, 2016 • 9 min
Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).
Daily: LinkedIn may have been breached. Malicious apps, a new Skimmer, and honor among thieves.
May 18, 2016 • 11 min
Daily: LinkedIn may have been breached. Malicious apps, a new Skimmer, and honor among thieves.
Daily: Current exploits and bugs, fraught China-US cyber relations, and industry notes.
May 17, 2016 • 12 min
Daily: Current exploits and bugs, fraught China-US cyber relations, and industry notes.
Daily: Social media collection suggests ISIS in trouble. Russian government cyber activities. US VA wants dark web help.
May 16, 2016 • 11 min
Daily: Social media collection suggests ISIS in trouble. Russian government cyber activities. US VA wants dark web help.
Daily & Week in Review: Android issues, SWIFT hacks, the cyber security marketplace.
May 13, 2016 • 19 min
Daily & Week in Review: Android issues, SWIFT hacks, the cyber security marketplace.
Daily: US-CERT warns of SAP issues. Business disruption big criminal business. A talk with IBM about Watson.
May 12, 2016 • 11 min
Daily: US-CERT warns of SAP issues. Business disruption big criminal business. A talk with IBM about Watson.
Daily: Reports of venture capital’s death seem much exaggerated. Quantum technology, adapted to the meanest understanding.
May 11, 2016 • 9 min
Daily: Reports of venture capital’s death seem much exaggerated. Quantum technology, adapted to the meanest understanding.
Daily: Ransomware evolves (and gets brutal). Dataminr blocks IC—bad Gov-industry blood?
May 10, 2016 • 12 min
Daily: Ransomware evolves (and gets brutal). Dataminr blocks IC—bad Gov-industry blood?
Daily: Panama Papers updates, info ops, pro- & anti-ISIS, market jitters.
May 9, 2016 • 9 min
Daily: Panama Papers updates, info ops, pro- & anti-ISIS, market jitters.
Daily & Week in Review: Responsible disclosure & why the cool miscreants are on Twitter.
May 6, 2016 • 17 min
Daily & Week in Review: Responsible disclosure & why the cool miscreants are on Twitter.
Daily: World Password Day, OpIcarus
May 5, 2016 • 9 min
Daily: World Password Day, OpIcarus
Daily: Hey, padawans: Supreme Leader Snope hints he’s got your back!
May 4, 2016 • 9 min
Daily: Hey, padawans: Supreme Leader Snope hints he’s got your back!
Daily: Anonymous hits Bank of Greece. I am Satoshi!
May 3, 2016 • 9 min
Daily: Anonymous hits Bank of Greece. I am Satoshi!
Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?
May 2, 2016 • 10 min
Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?
Daily & Week in Review: Backdoors or legit apps? Serpents in walled gardens. Verizon’s Data Breach Report.
Apr 29, 2016 • 18 min
Daily & Week in Review: Backdoors or legit apps? Serpents in walled gardens. Verizon’s Data Breach Report.
Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who’s Aquaman?
Apr 28, 2016 • 10 min
Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who’s Aquaman?
Daily: Paranoia -as-a-service? Cyber con jobs.
Apr 27, 2016 • 10 min
Daily: Paranoia -as-a-service? Cyber con jobs.
Daily: Snowden advanced crypto by 7 years.” Proofread your way to security.
Apr 26, 2016 • 9 min
Daily: Snowden advanced crypto by 7 years.” Proofread your way to security.
Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)
Apr 25, 2016 • 9 min
Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)
Daily & Week in Review: Voter dbase compromises. How not to sell security.
Apr 22, 2016 • 17 min
Daily & Week in Review: Voter dbase compromises. How not to sell security.
Daily: Australia’s new cyber strategy, Dorkbot’s old; CryptXXX is new.
Apr 21, 2016 • 10 min
Daily: Australia’s new cyber strategy, Dorkbot’s old; CryptXXX is new.
Daily: Industry news, and some plaintiffs may wish to reconsider.
Apr 20, 2016 • 9 min
Daily: Industry news, and some plaintiffs may wish to reconsider.
Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.
Apr 19, 2016 • 9 min
Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.
Daily: Confidence building. Offensive cyber ops. M&A notes.
Apr 18, 2016 • 9 min
Daily: Confidence building. Offensive cyber ops. M&A notes.
Daily & Week in Review: Industry notes, including a look at labor markets. Cyber gangland and its neighborhoods.
Apr 15, 2016 • 17 min
Daily & Week in Review: Industry notes, including a look at labor markets. Cyber gangland and its neighborhoods.
Daily: Info ops for and against ISIS. Industry notes.
Apr 14, 2016 • 9 min
Daily: Info ops for and against ISIS. Industry notes.
Daily: Dogs still not barking in Panama. (But ransomware bites.)
Apr 13, 2016 • 9 min
Daily: Dogs still not barking in Panama. (But ransomware bites.)
Daily: State hacking, state messaging. Crimeware evolution.
Apr 12, 2016 • 10 min
Daily: State hacking, state messaging. Crimeware evolution.
Daily: Ukraine’s PM resigns, in part over Panama Papers controversy. Patch news.
Apr 11, 2016 • 9 min
Daily: Ukraine’s PM resigns, in part over Panama Papers controversy. Patch news.
Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.
Apr 8, 2016 • 15 min
Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.
Special Edition: In Their Own Words — The 2016 Women in Cybersecurity Conference
Apr 7, 2016 • 29 min
Special Edition: In Their Own Words — The 2016 Women in Cybersecurity Conference
Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.
Apr 7, 2016 • 9 min
Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.
Daily: Panama Papers count coup. Trojanized Android apps found.
Apr 6, 2016 • 8 min
Daily: Panama Papers count coup. Trojanized Android apps found.
Daily: Governments nervously investigate Panama Papers. Industry sees layoffs & an IPO.
Apr 5, 2016 • 9 min
Daily: Governments nervously investigate Panama Papers. Industry sees layoffs & an IPO.
Daily: MedStar recovers. More on ransomware, and one weird trick to hiding $2B.
Apr 4, 2016 • 9 min
Daily: MedStar recovers. More on ransomware, and one weird trick to hiding $2B.
Daily & Week in Review: Ransomware, state actors, the current state of the crypto wars.
Apr 1, 2016 • 18 min
Daily & Week in Review: Ransomware, state actors, the current state of the crypto wars.
Daily: DDoS, business email threats remain. How to set up your new machine.
Mar 31, 2016 • 8 min
Daily: DDoS, business email threats remain. How to set up your new machine.
Daily: Hospital hack, ransomware evolution, the FBI, and Scotland Yard.
Mar 30, 2016 • 10 min
Daily: Hospital hack, ransomware evolution, the FBI, and Scotland Yard.
Daily: Healthcare cyber risks. Jihadi’s iPhone accessed. Working with MSSPs.
Mar 29, 2016 • 9 min
Daily: Healthcare cyber risks. Jihadi’s iPhone accessed. Working with MSSPs.
Daily: Ransomware and hospitals. Why random numbers matter. Stolen certificates.
Mar 28, 2016 • 10 min
Daily: Ransomware and hospitals. Why random numbers matter. Stolen certificates.
Week in Review: Inspiring gangsters & cyber riots? Operation Dust Storm. ISIS seeks gangsters; EU seeks intelligence capability. Verizon breached. New ransomware out. Google & Oracle patch.
Mar 25, 2016 • 19 min
Week in Review: Inspiring gangsters & cyber riots? Operation Dust Storm. ISIS seeks gangsters; EU seeks intelligence capability. Verizon breached. New ransomware out. Google & Oracle patch.
Daily: ISIS info ops target gangsta demo. Snakes in walled gardens. US indicts Iranians.
Mar 25, 2016 • 9 min
Daily: ISIS info ops target gangsta demo. Snakes in walled gardens. US indicts Iranians.
Daily: Collection outstrips analysis & dissemination. When an air-gap…isn’t.
Mar 24, 2016 • 9 min
Daily: Collection outstrips analysis & dissemination. When an air-gap…isn’t.
Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.
Mar 23, 2016 • 9 min
Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.
Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.
Mar 22, 2016 • 9 min
Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.
Daily: Elves vs. trolls in the Baltic. Updates on Bangladesh bank heist, DoJ vs. Apple.
Mar 21, 2016 • 9 min
Daily: Elves vs. trolls in the Baltic. Updates on Bangladesh bank heist, DoJ vs. Apple.
Week in Review: ISIS messaging & countermessaging. Cryptowar updates. Notes on the cyber sector.
Mar 18, 2016 • 19 min
Week in Review: ISIS messaging & countermessaging. Cryptowar updates. Notes on the cyber sector.
Daily: Buhtrap raked in the rubles. Dridex is back. So are Stagefright and Rowhammer.
Mar 18, 2016 • 9 min
Daily: Buhtrap raked in the rubles. Dridex is back. So are Stagefright and Rowhammer.
Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread.
Mar 17, 2016 • 10 min
Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread.
Daily: Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign.
Mar 16, 2016 • 10 min
Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign.
Daily: Naming & shaming Iran’s hackers? Palo Alto spots “Digital Quartermaster.” Team Apple bigger than Team DoJ.
Mar 15, 2016 • 9 min
Daily: Naming & shaming Iran’s hackers? Palo Alto spots “Digital Quartermaster.” Team Apple bigger than Team DoJ.
Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars.
Mar 14, 2016 • 9 min
Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars.
Week in Review: Apple vs DOJ heats up. Ransomware and DDoS. Patching gets out of hand?
Mar 11, 2016 • 15 min
Week in Review: Apple vs DOJ heats up. Ransomware and DDoS. Patching gets out of hand?
Daily: US to indict Iranians for Rye hack? ISIS loses HR records. Apple vs. FBI gets nastier.
Mar 11, 2016 • 9 min
Daily: US to indict Iranians for Rye hack? ISIS loses HR records. Apple vs. FBI gets nastier.
RSA Special: Trade and Investment
Mar 10, 2016 • 15 min
RSA Special: Trade and Investment
Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.
Mar 10, 2016 • 9 min
Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.
RSA Special: Emerging Technologies
Mar 9, 2016 • 19 min
RSA Special: Emerging Technologies
Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues.
Mar 9, 2016 • 10 min
Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues.
RSA Special: Threat Intelligence
Mar 8, 2016 • 18 min
RSA Special: Threat Intelligence
Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.
Mar 8, 2016 • 9 min
Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.
Daily: Looking back at RSA. “Transparent Tribe” and “Pawn Storm” expand target sets. Mac ransomware found, blocked. Apple’s amici.
Mar 7, 2016 • 10 min
Daily: Looking back at RSA. “Transparent Tribe” and “Pawn Storm” expand target sets. Mac ransomware found, blocked. Apple’s amici.
Week in Review: RSA wraps up. Much debate over Apple vs FBI. US DoD steps up offensive against ISIS. Angler still out there.
Mar 4, 2016 • 17 min
Week in Review: RSA wraps up. Much debate over Apple vs FBI. US DoD steps up offensive against ISIS. Angler still out there.
Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.
Mar 4, 2016 • 9 min
Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.
Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.
Mar 3, 2016 • 10 min
Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.
Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.
Mar 2, 2016 • 9 min
Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.
Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?
Mar 2, 2016 • 9 min
Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?
Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Feb 29, 2016 • 9 min
Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Week in Review: Utilities advised to isolate control systems. Crimeware industrialized. Operation Blockbuster. Operation Dust Storm. US Gov looks to foster cyber exports. Apple vs FBI.
Feb 26, 2016 • 19 min
Week in Review: Utilities advised to isolate control systems. Crimeware industrialized. Operation Blockbuster. Operation Dust Storm. US Gov looks to foster cyber exports. Apple vs FBI.
Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. “Government OS.”
Feb 26, 2016 • 10 min
Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. “Government OS.”
Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare’s cyber threat model. Apple takes the 5th?
Feb 25, 2016 • 9 min
Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare’s cyber threat model. Apple takes the 5th?
Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Venture capital gets tight.
Feb 24, 2016 • 9 min
Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Venture capital gets tight.
Daily: Anonymous hits Belgium & Cincinnati. Twitter vs. jihad? MouseJack. Apple, FBI dispute updates.
Feb 23, 2016 • 9 min
Anonymous hits Belgium & Cincinnati. Twitter vs. jihad? MouseJack. Apple, FBI dispute updates.
Daily: Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department.
Feb 22, 2016 • 9 min
Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department.
Week-in-Review: Apple hangs tough. Ransomware gets paid. Online bomb threats. Ukraine’s grid hack. US asks Hollywood for anti-ISIS help.
Feb 19, 2016 • 17 min
Ransomware gets paid. Old exploits still work. A quick look back at Ukraine’s grid hack. Police close in on the Crackas with Attitude. ISIS reality gets in the way of ISIS messaging, and the US seeks to enlist Hollywood in ant-ISIS information operations.
Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.
Feb 19, 2016 • 9 min
Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Feb 18, 2016 • 9 min
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
Feb 17, 2016 • 9 min
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
The CyberWire - 2.16.2016 - Daily cyber security news brief.
Feb 16, 2016 • 10 min
Ukraine grid hack investigation. Malware descriptions: Fysbis, Corkow. Ransomware news. UK police vs. Crackas.
The CyberWire Week in Review 2.12.16
Feb 12, 2016 • 17 min
In this podcast, we discuss how the FBI may have been socially engineered, learn something about an alleged Cracka with Attitude, hear about new developments in crimeware, look at a tumultuous week in the stock market, and follow developments in law and p
The CyberWire Daily Podcast 2.12.16
Feb 12, 2016 • 10 min
In today’s podcast, we hear about the possibility that Russian hackers prepared for attacks on Ukraine’s power grid with earlier incursions into mining and railroad networks. We consider hacktivists’ motives, and relay some news on the arrest of an allege
The CyberWire Daily Podcast 2.11.16
Feb 11, 2016 • 10 min
In today’s podcast, we look at a variety of threats to taxpayers during the run-up to April 15. Ransomware continues its spread, now with UmbreCrypt, a CrypBoss variant. Cisco and SAP both issue significant patches. Anonymous refines its target list, and
The CyberWire Daily Podcast 2.10.16
Feb 10, 2016 • 9 min
In today’s podcast, we consider a possible shift in China’s cyber espionage interests. Ransomware continues to spread indiscriminately. Analysts look at cyber company stock prices, and VCs continue to invest in the sector. The US President’s budget is out
The CyberWire Daily Podcast 2.9.16
Feb 8, 2016 • 7 min
In today’s podcast, we continue to follow cyber crime’s adoption of espionage tools. ISIS announces its priority targets. The UN and many member governments grapple with the challenge of developing counter-terror intelligence from online sources. Companie
The CyberWire Daily Podcast 2.8.16
Feb 8, 2016 • 10 min
In today’s podcast, we discuss reports that hacktivists have released personal information gleaned from Justice Department and Department of Homeland Security databases. Anonymous engages a grab-bag of targets. Cyber stocks experience a sell-off. Governme
The CyberWire Week in Review 2.5.16
Feb 5, 2016 • 20 min
DDoS and ransomware top the cyber criminal charts. New malware gets more evasive. Global threat trends feature state actors. Analysts look at threat intelligence and data sharing. Privacy Shield replaces Safe Harbor. We review security merger and acquisit
The CyberWire Daily Podcast 2.5.16
Feb 5, 2016 • 10 min
In today’s podcast, we hear some small signals that the ISIS narrative may be faltering. European governments struggle to accommodate privacy while addressing security. Malware gets more evasive, and ransomware retains its popularity among crooks. And fin
The CyberWire Daily Podcast 2.4.16
Feb 4, 2016 • 9 min
The Emissary Trojan evolves. An active campaign hits WordPress sites with the Nuclear exploit kit. A patch for Chromodo is coming. A former Norse insider disputes negative accounts of the company’s business. Studies of trends in cyber conflict. Google mov
The CyberWire 2.3.16
Feb 3, 2016 • 9 min
SCADA security developments. Security company’s fixing product flaws. Retail breaches. Safe Harbor’s now Privacy Shield.
The CyberWire 2.2.16
Feb 2, 2016 • 9 min
Germany looks at Russia in Bundestag hack. Costs of attacks. M&A news. Norse updates. How little crime pays.
The CyberWire 2.1.16
Feb 1, 2016 • 7 min
Farewell to Norse Corp.? Safe Harbor ave atque vale. DDoS rising.
The CyberWire Week in Review 1.29.16
Jan 29, 2016 • 19 min
Utility hacks, ransomware and DDoS. Don’t be like Bill.
The CyberWire 1.29.16
Jan 29, 2016 • 9 min
Surveillance of allies & adversaries. LG fixes phones. Cisco, OpenSSL patch. Einstein troubles. No Safe Harbor?
The CyberWire 1.28.16
Jan 28, 2016 • 9 min
Updates on Israel, Ukraine utility cyber attacks. New ransomware. Holes in Apple’s walled garden? Congress looks into ScreenOS backdoor.
The CyberWire 1.27.16
Jan 27, 2016 • 9 min
Attempt on Israeli grid. Codoso newly active. BEC scam nets millions.
The CyberWire 1.26.16
Jan 26, 2016 • 8 min
Bogus ISIS crypto. Patch news. Crackas vs. Miami PD. Peer competitors in cyberspace.
The CyberWire 1.25.16
Jan 25, 2016 • 9 min
Scarlet Mimic surveillance group. Irish DDoS campaign. Developments in cyber insurance, liability.
The CyberWire Week in Review 1.22.16
Jan 22, 2016 • 19 min
Crypto War updates. NSA stakes out a pro-encryption position. Digital assets in estate planning.
The CyberWire 1.22.16
Jan 22, 2016 • 8 min
Aerospace company cyber-robbed. Trusted partner betrays trust. Backdoor reinstalled in patch. Pro-crypto stance from NSA.
The CyberWire 1.21.16
Jan 21, 2016 • 9 min
More grid hacking. Crimeware evolution updates. Cisco, Intel patch. FireEye buys iSIGHT; ForeScout joins the unicorns.
The CyberWire 1.20.16
Jan 20, 2016 • 8 min
Update on Ukraine hacks. Key escrow controversy in UK. Dridex evolves. Apple, Oracle, others patch.
The CyberWire 1.19.16
Jan 19, 2016 • 9 min
Kiev airport hacked. Liability, litigation, regulation, & standards of care.
The CyberWire Week in Review 1.15.16
Jan 15, 2016 • 30 min
Ukraine’s power grid hack. ISIS info ops. Crypto wars, export wars, and Crackas with Attitude.
The CyberWire 1.15.16
Jan 15, 2016 • 9 min
Ukraine grid hack updates. DDos trends. Mac Gatekeeper patch questions. Chaum’s PrivaTegrity considered.
The CyberWire 1.14.16
Jan 14, 2016 • 7 min
Anonymous continues to find easier targets in the civilized world than it has in ISIS: the hacktivist collective protests whaling with an attack on Icelandic government sites.
The CyberWire 1.13.16
Jan 13, 2016 • 8 min
Anonymous vs. Iceland. Implications of Ukraine grid hack. 2FA defeat. Patch Tuesday. Cyber M&A news.
The CyberWire 1.12.16
Jan 12, 2016 • 9 min
State attacks on Southeast Asian NGOs? Post mortems on the Ukrainian grid’s cyber attack. Technical and messaging responses to ISIS. Wassenaar receives US Congressional scrutiny.
The CyberWire 1.11.16
Jan 11, 2016 • 11 min
Consensus emerges on Ukraine power grid hack. Technical fixes for information operations? Patch news.
The CyberWire Week in Review 1.8.16
Jan 8, 2016 • 6 min
SandWorm and BlackEnergy—an attack on Ukraine’s power grid. Enemies of ISIS continue their search for counter-messaging and actionable intelligence. DDoS as misdirection. Compromised certificates used to spread malware, and something new: ransomware-as-
The CyberWire 1.8.16
Jan 8, 2016 • 6 min
Cyberspace as intelligence domain. Exploits kits, IoT issues, and Brain Test’s return.
The CyberWire 1.7.16
Jan 7, 2016 • 8 min
Bracing for infrastructure hacks. Malware distributed with compromised certs. Monetizing identity theft.
The CyberWire 1.6.16
Jan 6, 2016 • 8 min
Intelligence services link Russia to the cyber attack on Ukraine’s power grid. Iran, Saudi Arabia, and ISIS ramp up their mutually antagonistic postures in cyberspace. Ransomware-as-a-service tool “Ransom32.” And we talk with the CyberWire’s editor about
The CyberWire 1.5.16
Jan 5, 2016 • 7 min
Mounting evidence of a Russian cyber attack on Ukraine’s power grid, the hunt for “Jihadi John,” hacktivist response to recent Saudi executions, and we talk with the CyberWire’s editor about the latest in power-grid hacking.
The CyberWire 1.4.16
Jan 4, 2016 • 9 min
ISIS remains undeterred and defiant in cyberspace. Anti-ISIS hacktivists strike BBC and Trump’s campaign. Turkish hacktivists vs. Russia. Russian cyber operators vs. Ukraine’s power grid. Intelligence services seek to improve cooperation against terrorist
The CyberWire Week in Review 12.30.15
Dec 30, 2015 • 12 min
Turkey sustains a denial-of-service campaign from Anonymous. A look at the ISIS online, its aspirations and remaining limitations. community. Flash Player issues. National cyber laws and policies considered, with a particular look at surveillance and encr
The CyberWire 12.30.15
Dec 30, 2015 • 7 min
A look at the ISIS online community. Possibilities and limitations of social media as sources of intelligence. Microsoft addresses Flash Player issues in IE and Edge. National cyber laws and policies considered. And industry analysts forecast a very big 2
The CyberWire 12.29.15
Dec 29, 2015 • 9 min
South Asian Islamists announce anti-Indian cyber attack cell. ISIS aspirational cyber offensive capabilities. Flash gets patched. New payment fraud patterns emerging. And Chinese and US cyber laws are reviewed.
The CyberWire 12.28.15
Dec 28, 2015 • 7 min
Anonymous claims Turkish DDoS. Opponents mull responses to ISIS in cyberspace. Governments’ involvement in Juniper backdoor? Iranian group claims hack of downstate NY dam.
The CyberWire Week in Review 12.23.15
Dec 23, 2015 • 18 min
Information operations reach the gaming world. Possible cyber reconnaissance of US infrastructure. Backdoor in Juniper system. Cyber regulations advance worldwide. US presidential campaign hacking. Holiday cyber discontents and their remedies.
The CyberWire 12.23.15
Dec 23, 2015 • 5 min
“Call of Jihad.” Rye surprise. Juniper investigation points to RNG. Cyber regulations. Holiday sense.
The CyberWire 12.22.15
Dec 22, 2015 • 7 min
Iran vs. US infrastructure. Juniper’s backdoor. Surveillance policy proposals and debates.
The CyberWire 12.21.15
Dec 21, 2015 • 5 min
Anonymous vs. Turkey. Cyber-rioting in the Caucasus. Countering Daesh info ops. Reactions to US cyber law.