The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing.  Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there?s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us. 

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base?s Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base?s Phobos variant and other Phobos samples that have been observed in the wild since 2019.  In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed.  The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity

BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding Diversity, Equity and Inclusion (DE&I) initiatives. Selected Reading BGP attack disrupts Internet service. Pirated Zeppelin ransomware source code for sale in a C2C souk. BreachForums impresario re-arrested. (CyberWire) Hacker hijacks Orange Spain RIPE account to cause BGP havoc (Bleeping Computer) RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Law firm that handles data breaches was hit by data breach (TechCrunch) UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (The Hacker News) EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY (SecurityAffairs) BreachForums administrator detained after violating parole (The Record) Russian hackers wiped thousands of systems in KyivStar attack (Bleeping Computer) US military?s Cyber National Mission Force gets a new chief (The Record) The Hottest New Dating Site: LinkedIn (Business Insider) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant?s social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption.  On today?s Threat Vector segment, David Moulton chats with Garrett Boyd,  senior consultant at Palo Alto Networks Unit 42  about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today?s Threat Vector segment with David Moulton features Garrett Boyd, a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainian cell network (reuters) Museum World Hit by Cyberattack on Widely Used Software (The New York Times) The State of Ransomware in the U.S.: Report and Statistics 2023 (Emsisoft) Nearly 1 million affected by ambulance service data breach (The Record) Mandiant?s account on X hacked to push cryptocurrency scam (Bleeping Computer) Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud (Resecurity) 23andMe tells victims it?s their fault that their data was breached (TechCrunch+) The Curious Case of MD5 (katelynsills) Firmware prank causes LED curtain in Russia to display ?Slava Ukraini? ? police arrest apartment owner (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce from Accenture talking about the Five Families, the trend of hacker collaboration.  Selected Reading Missing Riverdale foreign exchange student found near Brigham City in case of ?cyber kidnapping? (ABC4) What is ?cyber kidnapping? and what can you do to stay safe online? (Deseret News) Hospitals ask courts to force cloud storage firm to return stolen data (BleepingComputer) Homeland Threat Assessment (US Department of Homeland Security)  The Mac Malware of 2023 (Objective-See) SBU blocks webcams that ?flashed? operation of air defense during missile attack on Kyiv on Jan 2 (Interfax-Ukraine) Ukraine says Russia hacked web cameras to spy on targets in Kyiv (The Record)  Akumin radiology and oncology reports ransomware attack and data breach (beyondmachines) Coop supermarket chain hit by ransomware cyberattack (beyondmachines) When ?Everything? Goes Wrong: NPM Dependency-Hell Campaign ? 2024 Edition (Checkmarx) Accounts in danger: Google recommends enhanced safe browsing and extra care (cybernews) The FTC Voice Cloning Challenge (FTC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts? AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers? data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO of Cyberbit, joins us today to share helpful tips to remember those passwords.  Selected Reading 4-year campaign backdoored iPhones using possibly the most advanced exploit ever (Ars Technica)  New malware found in analysis of Russian hacks on Ukraine, Poland (The Record) Russian Military Intelligence Blamed for Blitzkrieg Hacks (GovInfo Security) India targets Apple over its phone hacking notifications (Washington Post) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Cyber attack on Victoria's court system may have exposed recordings of sensitive cases (ABC News)  New Black Basta decryptor exploits ransomware flaw to recover files (Bleeping Computer) Pro-Palestinian operation claims dozens of data breaches against Israeli firms (The Record) Integris Health patients get extortion emails after cyberattack (Bleeping Computer)  AG: Corewell Health reports another data breach; affects 1 million patients (The Oakland Press) LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company (Security Week) Google settles $5 billion consumer privacy lawsuit (Reuters) Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (Security Affairs) U.S. intelligence officials determined the Chinese spy balloon used a U.S. internet provider to communicate (NBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft?s effort to make?the digital world?safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today.    Resources: View Charlie Bell on LinkedIn   View Ann Johnson on LinkedIn     Related Microsoft Podcasts:          Listen to: Uncovering Hidden Risks  Listen to: Security Unlocked   Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network. 

Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us. 

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used. The research can be found here: Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Welcome to the T-Minus Overview Radio Show. In this program we?ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode we?re covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you?ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our first guest is Renee Wynn, former CIO of NASA. Our second guest is Matthieu Bailly, Vice President of Space at CYSEC, a cybersecurity company based in Lausanne, Switzerland. Our third guest speaking to T-Minus Producer Alice Carruth, is Steve Luczynski, Board Chairman of the Aerospace Village. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It?ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public ? and then private again. You'll also learn:  When and how to raise capital, and how to manage meeting the board's expectations.  How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes.  How to view the company's history as a story with chapters and eras, and why it's important to always believe you're at the beginning of the book. 

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek?s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA?s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos? Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek?s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA?s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy?s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos? Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program. Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture, background, and the trajectory of cybersecurity. Thank you to Fortinet for their sponsorship of the Retail & Hospitality ISAC podcast.

On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks (LinkedIn) (Website) Dr. Lynne S. McNeill, Associate Professor at Utah State University (LinkedIn) (Twitter) Dr. John Laudun, Professor at University of Louisiana at Lafayette (LinkedIn) (Twitter) (Website) Lev Gorelov, Research Director at Handshake Consulting (LinkedIn) (Twitter) (Website) Resources Interview with the AI, part one, by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman, by The New York Times The Exciting, Perilous Journey Toward AGI, Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world, by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all..., the Guardian In 2016, Microsoft?s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter?but it also learned values, IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news. Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound. 8Li cover art by Chris Machowski @ https://www.RansomWear.net/. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com

Summary Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the ?Godmother of the Metaverse.? What You?ll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies  Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more ? Episode Notes The web will continue to evolve and change with time, but what?s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations? This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the ?Godmother of the Metaverse?  Resources Featured Resource Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era, Cathy Hackl (Bloomsbury, 2023)  Metaverse Marketing [Cathy?s podcast] *Beginner Resources* What Is the Metaverse, Exactly?, Wired (2022) [Article] Web 3.0 Explained In 5 Minutes, YouTube (2022) [5 min. Video] 12 new tech terms you need to understand the future, R. Gray, BBC (2018) *SpyCasts* How Artificial Intelligence is Changing the Spy Game ? with Mike Susong (2022) Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022) The FBI & Cyber ? with Cyber Division Chief Bryan Vorndran (Part 1 of 2) The FBI & Cyber ? with Cyber Division Chief Bryan Vorndran (Part 2 of 2)  *Wildcard Resource* Watch the world?s first metaverse music video, Snoop Dogg?s ?House I Built,? here!

This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy.

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys.

A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump?s Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K?s Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct)  ?Today FBI Got Him, Tomorrow They Will Get Me?: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express)  Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) First American takes IT systems offline after cyberattack (Bleeping Computer) BidenCash darkweb market gives 1.9 million credit cards for free (Bleeping Computer) BidenCash (Searchlight Cyber) Russia Seizes Ferum, Sky-Fraud, UAS, and Trump?s Dumps?and Signals More Takedowns to Come [Updated] (Flashpoint) Share your feedback.Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don?t expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today?s guest Scott Roberts of Interpres joins N2K?s Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository.  Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world?s most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) ?Get Paid to Like Videos?? This YouTube Scam Leads to Empty Wallets (Hack Read) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Interpol leads cybercrime take downs. ALPHV/Blackcat is in a ?tug of Tor? with the FBI.  The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today?s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K?s certification page.  Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ?unseized? its darkweb domain from the FBI. What?s happening? (The Record) Senate confirms Biden?s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA?s Approach to Cyber Threat Information Sharing (CISA) CryptoGuard: An asymmetric approach to the ransomware battle (Sophos) Notice To Customers of Data Security Incident (Businesswire) Ukraine's Kyivstar says it is fully operational after cyber attack (Reuters) UK and partners form The Tallinn Mechanism for cyber security (Gov.UK) GCHQ Christmas challenge: Agency reveals 2023 codebreaker (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today?s Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, ?Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?? Today?s guest is Lauren Brennan of GuidePoint Security. N2K?s Rick Howard caught up with Lauren recently  at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang?s dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) ?Quishing? you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security?s Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security?s Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann?s full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network.  Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that he had a love for music growing up, and wanted to be a musician, saying music was the catalyst to him becoming interested in the cyber field, saying "I believe the music helped me a bit with my career in cybersecurity." We thank Oren for sharing his story with us.

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign

Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession.  N2K?s Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K?s Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ?pig butchering? scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post)  Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Microsoft takes down the Storm-1152 cybercrime operation. ?GambleForce? is a newly discovered threat actor.  The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules.  In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment with Palo Alto Networks Unit 42?s David Moulton, hear about decoding cyber adversaries. David discusses unveiling intent and behavior in the world of threat hunting with Madeline Sedgwick. Selected Reading Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang (TechCrunch+) New hacker group GambleForce targets government and gambling sites in Asia Pacific using SQL injections (Group-IB) Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (Joint Advisory) Malvertisers zoom in on cryptocurrencies and initial access (MalwareBytes) Russian hacker group claims responsibility for Kyivstar cyberattack (The Kyiv Independent)  New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now (The Hacker News) FCC Adopts Updates to Data Breach Rules, Sets Up Privacy Battle (Bloomberg Law) State Dept.?s Fight Against Disinformation Comes Under Attack (The New York Times) Threat Vector. In this Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a Senior Cyber Research Engineer and Threat Analyst for the Cortex Xpanse team at Palo Alto Networks, shares insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. They discuss the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today?s guest is Tim Starks from the Washington Post?s Cybersecurity 202 with China?s influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today?s guest is Tim Starks from the Washington Post?s Cybersecurity 202. Tim and Dave discuss China?s influence operations in Taiwan, along with a look back at 2023.  Selected Reading UK at high risk of ?catastrophic ransomware attack?, report says (The Guardian) Roll Call Vote 118th Congress - 1st Session  (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren?t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack  (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today?s Industry Voices segment, my conversation with Andre Durand,  CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today?s Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine?s Mobile Operator Kyivstar Facing ?Powerful? Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer?s code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent  a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On today?s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K?s President Simone Petrella about DXC?s ?All in on Cyber? program. And 23andMe's controversial update to its terms and conditions. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today?s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K?s President Simone Petrella about DXC?s ?All in on Cyber? program. Kristie is DXC?s Senior Vice President and Chief Information Officer.  Selected Reading China?s cyber army is invading critical US services (Washington Post)  Hackers hit Erris water in stance over Israel (Western People) FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Post Gazette) White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) EU reaches deal on landmark AI bill, racing ahead of US (Washington Post)  Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (Cisco Talos) Sandman APT | China-Based Adversaries Embrace Lua (SentinelOne) 5Ghoul  : Unleashing Chaos on 5G Edge Devices (Singapore University of Technology and Design) MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF (Fortinet)  ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware (Security Intelligence) 23andMe changes terms of service amid legal fallout from data breach (Axios) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us. 

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research can be found here: Hunting Vulnerable Kernel Drivers

Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Allan Liska, creator of Green Archer Comics, shares the first installment in a new comic book series: "Yours Truly, Johnny Dollar #1." The series follows the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, as he takes on ransomware attacks, insider threats and more. The series is based on a popular radio serial of the same name that ran from 1949 through 1962, now reimagined for the digital age. Selected Reading Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (CISA) The cyberattacks also allegedly took aim at U.S. energy networks and American spies. (Wall Street Journal) Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (The Guardian) U.S. Takes Action to Further Disrupt Russian Cyber Activities (US Department of State) Rewards for Justice (Rewards for Justice) Two Russian Nationals Working with Russia?s Federal Security Service Charged with Global Computer Intrusion Campaign (US Department of Justice) United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (US Department of Treasury) Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover (DarkReading) Obfuscation and AI Content in the Russian Influence Network ?Doppelgänger? Signals Evolving Tactics (Recorded Future) Russian influence and cyber operations adapt for long haul and exploit war fatigue (Microsoft) State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (Veracode) ESG Report Operationalizing Encryption and Key Management (Fortanix) Russian opposition activists use QR codes to spread anti-Putin messages (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our 5 question survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today?s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today?s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan. Todd discusses data resiliency.  In an era where ransomware and malicious attacks are relentless, even the most secure organizations are not immune. These attacks can cripple organizations financially, operationally, and damage their reputation and compliance standing. My guest today is Todd Thorsen, CISO from CrashPlan. In this sponsored Industry Voices segment, we delve into crucial strategies for bolstering data resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/232 Selected Reading Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica)  CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps (CISA)  The Case for Memory Safe Roadmaps (Joint release) HEALTHCARE  SECTOR CYBERSECURITY (US Department of Health and Human Services) HHS releases cybersecurity strategy for health care sector (American Hospital Association) Fake Taylor Swift Quotes Are Being Used to Spread Anti-Ukraine Propaganda (WIRED) Obfuscation and AI Content in the Russian Influence Network ?Doppelgänger? Signals Evolving Tactics (Recorded Future) Britain summons Russian ambassador over years-long FSB cyberespionage campaign (Reuters) NCSC exposes Russian cyber attacks on UK political processes (ComputerWeekly) Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns (NCSC) Defending Democracy (NCSC) The State of Supply Chain Defense: Annual Global Insights Report (BlueVoyant) 2023 Holiday Bad Bot Report (Kasada) Facebook and Messenger to automatically encrypt messages (BBC) Your mobile password manager might be exposing your credentials (TechCrunch) Dieselgate, but for trains ? some heavyweight hardware hacking (BadCyber) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at  Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters)  Obfuscation and AI Content in the Russian Influence Network ?Doppelgänger? Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia?s Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The UK Government's denial of a cyber incident at Sellafield. There?s been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today?s Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today?s Industry Voices segment, we welcome Matt Radolec. Matt is Vice President of Incident Response and Cloud Operations at Varonis. He talks about the  intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) Deputy Prime Minister annual Resilience Statement (GOV.UK)

The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. Tune in to Microsoft Security?s Afternoon Cyber Tea podcast every other Tuesday on the N2K Network. You can hear Ann?s full interview with Lynn here.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/229 Selected Reading IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA) Water and Wastewater Cybersecurity (CISA) P2Pinfect - New Variant Targets MIPS Devices (Cado) New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Palo Alto Networks Unit 42) XDSpy hackers attack military-industrial companies in Russia (The Record) Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) Hijackable Go Module Repositories (VulnCheck)

Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying "I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, "hey, this was a tough day" to, to, into, "all right, uh, this was a tough day because maybe I didn't commit enough time in this area, or maybe I could have had a bit better conversation with this person." We thank Bernard for sharing his story with us.

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can be found here: Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ?European cyber force? with ?offensive capabilities?. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today?s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On today?s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/228 Selected Reading Wyden to block Senate vote on new NSA, Cyber Command lead (Politico) Meaconing, Intrusion, Jamming, and Interference Reporting (Federation of American Scientists) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) GPS Spoofing Traced To Iran (Location Business News) Adversarial Threat Report, Third Quarter 2023 (Meta) EU Council president proposes ?European cyber force? with ?offensive capabilities? (The Record) Microsoft warns of new ransomware campaign by Twisted Spider group (Computing) Staples confirms cyberattack behind service outages, delivery issues (BleepingComputer) Technical Report: Large Language Models can Strategically Deceive their Users when Put Under Pressure (Cornell University) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan?s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war.  On today?s Threat Vector segment, David Moulton of Palo Alto Networks? Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS?ers are looking for volunteers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you?ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On today?s Threat Vector segment, David Moulton of Palo Alto Networks? Unit 42 talks with guest John Huebner, an XSIAM Consultant at Palo Alto Networks. David and John delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  T-Minus commentary on JAXA?s cyber threat.  Dave is joined by T-Minus Space Daily host, Maria Varmazis, to discuss the significant cyber threat faced by Japan?s Aerospace Exploration Agency, known as JAXA. Listen to yesterday?s episode of T-Minus where they covered the incident.  Selected Reading ownCloud vulnerability with maximum 10 severity score comes under ?mass? exploitation (Ars Technica) Associated Press, ESPN, CBS among top sites serving fake virus alerts (Malwarebytes) VIDAR INFOSTEALER STEALS BOOKING.COM CREDENTIALS IN FRAUD SCAM (Secureworks) Japan space agency hit with cyberattack, rocket and satellite info not accessed (Reuters) Okta October breach affected 134 orgs, biz admits (The Register) October Customer Support Security Incident - Update and Recommended Actions (Okta) Okta Hack Update Shows Challenges in Rapid Cyber Disclosures (Wall Street Journal) US seizes Sinbad crypto mixer used by North Korean Lazarus hackers (Bleeping Computer) Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency (US Department of Treasury) Crypto Country:  North Korea?s Targeting of Cryptocurrency (Recorded Future) New SugarGh0st RAT targets Uzbekistan government and South Korea (Cisco Talos) Russian hackers pose ?high? threat level to EU, bloc?s cyber team warns (Politico) NATO Holds Cyber Defense Exercise as Wartime Hacking Threats Rise (Wall Street Journal) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here?s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site.  In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resumé after a breach. CyberWire Guest We have 2 guests today. First, Dave recently spoke with Eric Goldstein, Executive Assistant Director at CISA, about their new Secure by Design Alerts program that launched today.  And, Tim Starks from the Washington Post?s Cybersecurity 202 stopped by to share some insight into some of the latest trending cybersecurity headlines.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/226 Selected Reading Police dismantle ransomware group behind attacks in 71 countries (Bleeping Computer) Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol (Eurojust) Water and Wastewater Cybersecurity (CISA) (TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Water ISAC) Iran hits Pennsylvania water utility. (CyberWire) North Texas water utility serving 2 million hit with cyberattack (The Record)  DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT (Security Affairs) Slovenian power company hit by ransomware (Help Net Security) Qlik Sense Exploited in Cactus Ransomware Campaign (Arctic Wolf) Qlik Sense Enterprise for Windows - New Security Patches Available Now (Qlik) DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters)  Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk (Dark Reading) Use IAM securely (Google) 

Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And there?s discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/225 Giving Tuesday Our team offers up some suggestions for Giving Tuesday should you feel inclined to join us in sharing your time, talents or treasures on this day of giving back.  Arizona Cyber Initiative Association for Women in Science BlackGirlsHack Cyber Guild Exceptional Minds G{Code} Girls Who Code Lurie Children's Hospital NFAR Melwood Tech Kids Unlimited WiCyS Women of Cyberjutsu Selected Reading Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states (CNN)  Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Ardent Health Services Reports Information Technology Security Incident (BusinessWire) Vanderbilt University Medical Center investigating cybersecurity incident (The Record) Criminal hacking group breaches data, including Premier Health (WDTN 2 News) Global Threat Intelligence Report (Blackberry) ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER (Check Point Research) Operation Electric Powder ? Who is targeting Israel Electric Company? (ClearSky Cyber Security) New Rust-based SysJoker backdoor linked to Hamas hackers (Bleeping Computer) WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne)  Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media (The Register)  Ukraine?s Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Cybercriminals can?t agree on GPTs (Sophos)

Iranian hacktivists claim an attack on a Pennsylvania water utility. North Korea's increased attention to supply-chains. Rhysida's action against British and Chinese targets. Sandworm activity puts European power utilities on alert. Neanderthals and the Telekopye bot. Mirai-based botnet activity. Our guest is Chris Betz, the new CISO of AWS Security, with insights on the upcoming AWS re:Invent conference. And just how easy is it to track the comings and goings at Mar-a-Lago? CyberWire Guest Our guest today is Chris Betz, the new CISO of AWS Security giving us some insight into what to expect at the AWS re:Invent conference. You can connect with Chris on LinkedIn and find out more about AWS re:Invent on the event website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/224 Selected Reading Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (KDKA News) Iranian-linked cyber army had partial control of Aliquippa water system (Beaver Countian) Cyber Av3ngers Claim Israeli MEKOROT National Water Company Hack (Cyberwarzone) A hack in hand is worth two in the bush (Securelist by Kaspersky) Diamond Sleet supply chain compromise distributes a modified CyberLink installer (Microsoft) UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains (National Cyber Security Centre) Rhysida (SentinelOne) Rhysida, the new ransomware gang behind British Library cyber-attack (The Guardian) RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK (Security Affairs) #StopRansomware: Rhysida Ransomware (CISA) Russia continuing cyberthreats against NATO countries (Defence Industry Europe) Europe?s grid is under a cyberattack deluge, industry warns (Politico) Telekopye: Chamber of Neanderthals? secrets (ESET) InfectedSlurs Botnet Spreads Mirai via Zero-Days (Akamai) We Spied on Trump?s ?Southern White House? From Our Couches (Rolling Stone)

This week, we invite our very own Chris Hare, N2K's Project Management Specialist Content Developer, to join and discuss her career. Growing up, Chris shares that she wanted to be a veterinarian, which slowly turned into her becoming a writer for the first part of her career. She shares that she started off writing marketing copy for the technology and E-commerce space, writing for everyone from NASA to adopting the written voice of the comedian, Wayne Brady. She shares that she was able to come up into her career after finding three people that were willing to help her when she needed it. She says "I became what I like to think of as a Pied Piper of seeking out three types of people. First, someone who needed help. Second, a person who served as a mechanism for my self improvement through my jealousy of them. And third, a person who gave me the nudge to continuously improve." We thank Chris for sharing her story with us.

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware

This interview from October 20th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, our very own Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Chicago P.D. Rick's clip from the movie: The Imitation Game

CISA issues joint Cybersecurity Advisory on Citrix Bleed. Law enforcement takes down "pig butchering" operations. Altman will return to OpenAI. Israeli honeypots deployed during the war. A renaissance in electronic warfare. And a response in the form of countermeasures. Ihab Shraim, Chief Technology Officer at CSC, shares how the growing popularity of AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world. And online safety during the holidays. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/223 Selected reading. CISA issues joint Cybersecurity Advisory on Citrix Bleed. (CyberWire) Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (U.S. Department of Justice) China Rounds Up 31,000 Suspects in Sweeping ?Pig-Butchering? Crackdown (Wall Street Journal) OpenAI Says Sam Altman to Return as CEO (Wall Street Journal) Altman Agrees to Internal Investigation Upon Return to OpenAI (Information) Sam Altman, OpenAI Board Open Talks to Negotiate His Possible Return (Bloomberg) Before Altman?s Ouster, OpenAI?s Board Was Divided and Feuding (New York Times) Altman Argued With OpenAI Board Member Toner Before Ouster (Information) The Invisible War in Ukraine Being Fought Over Radio Waves (New York Times) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) Shopping securely on Black Friday (and beyond). (CyberWire)

OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/222 Selected reading. Company that created ChatGPT is thrown into turmoil after Microsoft hires its ousted CEO (AP News) The Doomed Mission Behind Sam Altman?s Shock Ouster From OpenAI (Bloomberg) Briefing: OpenAI Execs to Continue Discussions With Altman, Board: Memo (The Information) OpenAI in ?Intense Discussions? to Quell Potential Staff Mutiny (Bloomberg) Microsoft Wants to Work With Altman, No Matter What, Says CEO (Bloomberg) Briefing: Microsoft CEO Nadella Says Altman Could End Up at Microsoft or OpenAI; Board Governance Should Change (The Information) Sam Altman's AI 'mission continues' at Microsoft, future of OpenAI and ChatGPT uncertain (ZDNET) OpenAI?s Customers Consider Defecting to Anthropic, Microsoft, Google (The Information) OpenAI?s Board Approached Anthropic About Merger (The Information) The Vast Majority of OpenAI Employees Ask the Board to Resign (The Information) Konni Campaign Distributed Via Malicious Document (Fortinet Blog)  Ukraine sacks top cyber defence officials amid graft probe (Reuters) Two top Ukrainian cyber officials dismissed amid embezzlement probe (Record) Ukraine fires top cybersecurity officials (TechCrunch) Ukraine-Russia war: Ukraine sacks 'corrupt' cyber defence chiefs (The Telegraph) Kronos Research halts trading amid $25M API key hack investigation (Cointelegraph) Kronos Research Loses $26 Million in Unauthorized API Access Incident (Bitcoin News) Canadian government discloses data breach after contractor hacks (BleepingComputer) Idaho National Laboratory experiences massive data breach; employee information leaked online (East Idaho News) Detailed data on employees of U.S. national security lab leak online (CyberScoop)