App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

This week, we are pleased to be joined by ⁠George Glass⁠, Associate Managing Director of ⁠Kroll⁠'s Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group’s industry-by-industry approach and what that means for defenders across sectors.

George and Dave discuss the group’s history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus.

Complete our annual ⁠⁠audience survey⁠⁠ before August 31.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Creeping like a spider. [Research Saturday]

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst.

References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate.
Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire.
Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant.
Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The current state of Cyber Threat Intelligence.

Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection. 
The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses.
The research can be found here: 
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader

Learn more about your ad choices. Visit megaphone.fm/adchoices

The JPHP loader breaking away from the pack. [Research Saturday]

In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel "Digital Mindhunters." 

Book Overview
In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the very foundations of U.S. democracy. In a world where lies are a weapon and trust is a luxury, she navigates the treacherous worlds of arms dealers, hackers, and spies to protect her country.

About the author
Dr. Bilyana Lilly is a cybersecurity and information warfare expert. She advises senior executives in the private and public sector on how to mitigate cybersecurity risk across their enterprises. Dr. Lilly serves on the Advisory Boards of the venture capital firm Night Dragon and the cybersecurity firm RunSafe Security. She chairs the Democratic Resilience Track of the Warsaw Security Forum and is an adjunct senior advisor for critical infrastructure and resilience at the Institute for Security and Technology. Her previous roles include a manager at Deloitte's Financial Cybersecurity Practice and a fellow at the RAND Corporation. Dr. Lilly holds a PhD in policy analysis and cyber security, and three master's degrees, including an honors degree from Oxford University. Her book "Russian Information Warfare" became a bestseller and is on display at the Pentagon. Dr. Lilly is a mentor and a speaker at RSA, DefCon, CyCon, and the Executive Women's Forum. She has been denounced by Russia's Ministry of Foreign Affairs and called cyber expert by Tom Hanks.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. 

Selected Reading
I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek)
Romania’s top court annuls presidential election result (CNN)
MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes)
QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer)
Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek)
Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek)
Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer)
Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer)
Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News)
Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov)
Robot Rodents: How AI Learned To Squeak And Play (Hackaday)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Router security in jeopardy.

Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Check out Cobalt’s GigaOm Radar Report for PTaaS 2024 to learn more. 

Selected Reading
ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket (Hackread)
Dell Power Manager Vulnerability Let Attackers Execute Malicious Code (Cyber Security News)
TikTok Asks Court To Suspend Ban Ahead of Supreme Court Appeal (The Information)
Radiant links $50 million crypto heist to North Korean hackers (Bleeping Computer)
US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware (The Record)
WhatsApp View Once Vulnerability Let Attackers Bypass The Privacy Feature (Cyber Security News)
SpyLoan Malware: A Growing Threat to Android Users (Security Boulevard)
Romanian energy supplier Electrica hit by ransomware attack (Bleeping Computer)
OpenWrt Sysupgrade flaw let hackers push malicious firmware images (Bleeping Computer)
Homeland Security veteran to be interviewed for Trump administration cyber role (The Record)
Google claims ‘breakthrough’ with new quantum chip (Silicon Republic)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Buckets of trouble.

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo’s managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program.

Selected Reading
New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes)
Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine)
Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek)
Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News)
ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek)
Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine)
AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard)
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register)
Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread)
New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer) 
US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine)
Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop)
Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When exploits go wild and patches race the clock.

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Today, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned. 

Selected Reading
ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News)
Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC)
Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record)
Apache issues patches for critical Struts 2 RCE bug (The Register)
Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek)
Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News)
Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines)
Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek)
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine)
Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer)
Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When AI goes offline.

The U.S. dismantles the Rydox criminal marketplace. File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article.

Selected Reading
Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek)
Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record)
Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record)
Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread)
Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek)
Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine)
Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems (Cyber Security News)
14 North Korean IT Workers Charged, US to Offer $5 Million Rewards for Info (Cyber Security News)
Texas adds data broker specializing in driver behavior to list of alleged privacy law violators (The Record)
UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts (Infosecurity Magazine)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers in handcuffs.

CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities.
AA23-061A Alert, Technical Details, and Mitigations
AA23-061A STIX XML
Royal Rumble: Analysis of Royal Ransomware (cybereason.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au
See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts.
No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.
See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure.
U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov 
To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA23-061A – #StopRansomware: Royal ransomware.

Lyt når som helst, hvor som helst

Other podcasts you might like ...