The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is…out there still?
Notes on today’s Russo-America summit. Microsoft seizes websites used by the Chinese threat actor Nickel. Google takes technical and legal action against a Russian botnet. Ben Yelin unpacks Australia’s aim to...
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Group’s...
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as...
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats,...
Getting in and getting out with SnapMC. [Research Saturday]
Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. Forget ransomware, too expensive and too much hassle. Randomly enter...
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO...
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
An APT is exploiting Internet-facing instances of ServiceDesk Plus. Meta releases its end-of-year Adversarial Threat Report, and adds “Brigading” and “Mass Reporting” to “Coordinated Inauthentic Behavior” as activities that will get...
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.
RTF template injection is newly favored by APTs. Malware hides in February 31st. Milords and miladies, the Principality of Sealand hath been hacked. Finland's National Cyber Security Center warns of a...
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
Today, it’s all crime all the time. Cybercrime, the C2C underground market, and the expansive holiday shopping season. Rebranding in gangland. How crooks exclude targets on the basis of language or...
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
A reply-chain incident is reported at a major international furniture and housewares retailer. North Korean operators are phishing for South Korean marks using bogus Samsung recruiting emails as phishbait. Fancy Bear...
Anisha Patel: Right along with them. [Program management] [Career Notes]
Associate Director at Raytheon Intelligence and Space in the Cyber Protection Services Division Anisha Patel always loved math and it defined her career journey. As a first-generation American from an Asian...
CyberWire Pro Research Briefing from 11/23/2021
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off recovering from our Thanksgiving feasts. This is the spoken edition of our weekly Research Briefing, focused on threats,...
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Our team decided to extend our Thanksgiving holiday and thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of...
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by...
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.
An apparent cyberespionage campaign targets the Iranian diaspora. Babadeda is an emerging crypter seeing use against alt-coin and NFt speculators. RATDispenser is out in the wild, a malware-as-a-service operation. Proofs-of-concept published...
Virgin Media fined £50,000 after spamming 451,000 who didn’t want marketing emails
Data watchdog shows it's keeping its PECR up British telco Virgin Media is facing a £50k financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf.…
Canadian Man Faces Charges in Canada, U.S. for Ransomware Attacks
A Canadian national is facing cybercrime-related charges in the United States and Canada, with authorities saying that he was involved in ransomware attacks.
read more
Cybersecurity: Organizations face key obstacles in adopting zero trust
Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.
5 Tips to Stay on the Offensive and Safeguard Your Attack Surface
New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
