CyberWire 팟 캐스트

A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of new Lazarus Group activity. CISA releases eight ICS security advisories. Carole Theriault looks at scammers and cryptocurrencies. Our guest…

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, …

Microsoft identifies and disrupts Russian cyberespionage activity. An update on RedAlpha. An evil PLC proof-of-concept shows how programmable logic controllers could be "weaponized." Ben Yelin has an update on right to repair. Our guest is Arthur Lozinski of Oomnitza with a look at attack surface management maturity. And the Cl0p gang hits an Engli…

Shuckworm maintains its focus on Ukrainian targets. Killnet's DDoS and dubious proof-of-work. Iron Tiger's supply chain campaign. TikTok and national security. Dinah Davis from Arctic Wolf shares insights on Dark Utilities. Rick Howard digs into identity management. And an arrest in the case of the Tornado Cash crypto mixer. For links to all of tod…

Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasn’t sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started wo…

Cybercriminals are motivated by one simple incentive - money. Their favorite tools are bots to leverage sophistication, scalability, and ease of use. The effect is the creation of the underground bot ecosystem. This community allows threat actors to work together and continually improve their tactics. They sell bypasses for rule-based anti-bot solu…

Ashley Taylor from SANS.edu, joins Dave to discuss fake job ads and methods to proactively detect these scams. The research shares how job seekers are under attack, with scammers posing as fake job recruiters to steal information from people who are interested in the job posting. The brands being impersonated as are at risk of losing credibility to…

The optempo of the war's cyber phase, and Ukraine’s response. Organizing and equipping hacktivists. Joint warning on Zeppelin ransomware. Update on the DoNot Team, APT-C-35. Rewards for Justice offers $10 million for information on Conti operators. Rob Boyce from Accenture shares insights from BlackHat. Caleb Barlow ponders closing the skills gap w…

Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deplo…

KillMilk says his crew downed Lockheed Martin's website. Industroyer2, and what became of it. CISA releases its election cybersecurity toolkit. Post-incident disruption at Britain’s NHS. Carl Wright of AttackIQ shares strategies for CISOs to successfully prepare for the next attack. Dr. Christopher Pierson from Blackcloak joins us from Black Hat. A…

Patch notes, and the risks associated with failure to patch. Finland's parliament comes under cyberattack. Killnet says there will be blood, but they may just be grandstanding for the home crowd. Cyberattacks against a UK firm that's criticized Russia's war. We’re joined by FBI Cyber Division AD Bryan Vorndran and Adam Hickey, deputy assistant atto…

Tracking apparent Chinese industrial cyberespionage. Tornado Cash sanctions. Twilio discloses a breach. Social engineering exposes data at Klaviyo. Microsoft’s Ann Johnson previews the latest season of Afternoon Cyber Tea. Joe Carrigan tracks the growth in cryptojacking. And what might the Mounties be monitoring? For links to all of today's stories…

In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport–uni…

Shifting cyber threats during Russia's war against Ukraine. A Twitter exploit may have compromised more than 5 million accounts. A Cyberattack disrupts NHS 111. Developments in the C2C market. An alleged Russian cryptocurrency exchange operator is extradited to the US. Rick Howard looks at FinTech. Andrea Little Limbago from Interos on Industrial p…

Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some a…

Deepen Desai from Zscaler's ThreatLabz joins Dave to discuss how APTs, like Lyceum Group, create tactics and malware to carry out attacks against their targets. The Lyceum group has been active since 2017 and is a state-sponsored Iranian APT group. This group targets Middle Eastern organizations most notably in the energy and telecommunication sect…

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. Andy Robbins of SpecterOps to discuss Attack Paths in Azure. Denis O'Shea of Mobile Mentor talking on the intersection of endpoint security and employee experience. CISA and ACSC issue a joint advisory on top ma…