1999 episodios

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily CyberWire, Inc.

    • Tecnología
    • 4,2 • 5 valoraciones

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

    The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]

    The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]

    On this episode of CyberWire-X, we dive into the essential role of open-source intelligence in identifying cyber and physical threats and reducing risk across your organization. The CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table members Dr. Georgianna Shea, CCTI and TCIL Chief Technologist at the Foundation for Defense of Democracies, and Bob Turner, Field CISO – Education at Fortinet. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor risk intelligence firm Flashpoint's Chief Intelligence Officer Tom Hofmann. They explore the foundational importance of open source intelligence, which includes social media platforms and geospatial data and insights. Plus, they explore real-life examples of how organizations, from governments to commercial enterprises, are leveraging open source intelligence and technology every day to protect their people, places, assets, and critical infrastructure.

    • 28 min
    Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

    Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

    Kayla Williams, CISO of Devo, sits down to share her story, from graduating with a finance degree to rising to where she is now. She quickly learned that finance was not for her and changed paths, working towards gaining an information security certificate. From there she was able to excel and was offered the opportunity to move to England which changed her life. Working in her new role, she really enjoys thriving with her team. She says "We really try to be the department of no problem versus the department of no." She mentions how her and her team work on a day to day basis together solving issues and yet she says not everything related to cybersecurity needs to be a fire drill. She would rather her and her team build bridges in the face of adversity and in the face of people who may be naysayers. We thank Kayla for sharing her story.

    • 10 min
    Targeting your browser bookmarks? [Research Saturday]

    Targeting your browser bookmarks? [Research Saturday]

    David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltrates data via a browser's built-in bookmark sync. David goes on to describe how this research will "describe how the ability to synchronize bookmarks across devices introduces a novel vector for data exfiltration and other misuses."
    In the research, he shares how he tested his said hypothesis and goes on to describe how the interesting find was tested on multiple browsers including Chrome, Edge, Brave and Opera. In his research, he found that bookmarks are able to keep data and synchronize it, making it easier to infiltrate and extract data from. David shares the rest of his findings, as well as what organizations and browser developers can do to work on this new threat.
    The research can be found here:
    Bookmark Bruggling: Novel Data Exfiltration with Brugglemark

    • 22 min
    Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.

    Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.

    North Korean operators "weaponize" open-source software. The SolarMarker info-stealer returns. A quick review of Fast Company's WordPress hijacking incident. Deepfakes, and their evolution into an underworld and influence ops tool. Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace. Chris Novak from Verizon with a mid-year check in. Our guest is MK Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse, skilled workforce. And the US arrests three in two alleged spying cases.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/11/189

    Selected reading.
    ZINC weaponizing open-source software (Microsoft Security Threat Intelligence | LinkedIn Threat Prevention and Defense)
    Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns (Decipher)
    North Korea weaponizes open-source software. (CyberWire)
    Info-Stealing Malware, SolarMarker, is Using Watering Hole Attacks… (eSentire) 
    Fast Company hack causes obscene Apple News notifications. (CyberWire) 
    The Future of Deepfakes. (CyberWire)
    Fourth Nord Stream Leak Spotted, NATO Sees 'Sabotage' - The Moscow Times (The Moscow Times)
    Russian spy chief: West was behind sabotage of Nord Stream (Reuters)
    NATO Formally Blames Sabotage for Nord Stream Pipeline Damage (Wall Street Journal) 
    NATO: Nord Stream pipeline leaks result of "sabotage" (Axios)
    Pentagon chief: Too soon to say who might be behind Nord Stream pipeline attack (www.euractiv.com)
    First on CNN: European security officials observed Russian Navy ships in vicinity of Nord Stream pipeline leaks (CNN)
    Mysterious Blasts and Gas Leaks: What We Know About the Pipeline Breaks in Europe (New York Times)
    NATO issues 'sabotage' warning after gas pipeline explosions (NBC News) 
    Russia’s Purported Sabotage Of The Nord Stream Pipeline Marks A Point Of No Return (Forbes)
    Nach Angriff auf Nord Stream 1 und 2: Ist Deutschland vor russischen Hackern sicher? (WirtschaftsWoche)
    'We all have to be worried': War in Ukraine boosts energy cyberattack risks, says Petrobras executive (Upstream Online)
    Finnish intelligence warns Russia ‘highly likely’ to turn to cyber in winter (The Record by Recorded Future)
    Ukraine War Goes Hybrid (Energy Intelligence) 
    New Warnings from Ukraine About Looming Russian Cyberattacks (VOA)a
    Russian Cyber Efforts in Ukraine See Muted Results, Says Panel (USNI News)
    Ukraine-Russia Conflict: Ukraine Alerts Energy Enterprises to Possible Cyberattack Escalation (Security Boulevard)
    Ukraine is Winning the Cyber War (CEPA)
    Hitachi Energy MicroSCADA Pro X SYS600 (CISA)
    Hitachi Energy MicroSCADA Pro X SYS600 (CISA)
    Baxter Sigma Spectrum Infusion Pump (CISA)
    ARC Informatique PcVue (Update A) (CISA)
    Delta Electronics DOPSoft (CISA)
    Delta Electronics DOPSoft (Update B) (CISA) 
    Former NSA Employee Arrested on Espionage-Related Charges (US Department of Justice) 
    Major in the United States Army and a Maryland Doctor Facing Federal Indictment for Allegedly Providing Confidential Health Information to a Purported Russian Representative to Assist Russia Related to the Conflict In Ukraine (US Department of Justice)

    • 35 min
    Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

    Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

    Gray-hat support for Iranian dissidents. Selling access wholesale in the C2C market. Novel malware’s discovered targeting VMware hypervisors. The Witchetty espionage group uses an updated toolkit. Deepen Desai from Zscaler has a Technical Analysis of Industrial Spy Ransomware. Ann Johnson of Afternoon Cyber Tea speaks with Michal Braverman-Blumenstyk, CTO for Microsoft Security, about Israel's cyber innovation. And Russian troops phone call revelations.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/11/188

    Selected reading.
    Hacker Groups take to Telegram, Signal and Darkweb to assist Protestors in Iran (Check Point Software)
    Hackers Use Telegram and Signal to Assist Protestors in Iran (Infosecurity Magazine)
    Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (The Hacker News)
    Hackers seek to help — and profit from — Iran protests (The Record by Recorded Future)
    Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit (Cybersixgill)
    Selling access wholesale in the C2C market. (CyberWire) 
    Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors (Mandiant)
    Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors (Mandiant) 
    Mandiant has identified new malware that targets VMware ESXi, Linux vCenter servers, and Windows virtual machines. (CyberWire)
    Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors (Securonix)
    Steep#Maverick cyberespionage campaign. (CyberWire)
    Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East (Symantec)
    Witchetty espionage group uses updated toolkit. (CyberWire)
    ‘Putin Is a Fool’: Intercepted Calls Reveal Russian Army in Disarray (New York Times) 
    Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows (SecurityWeek)
    Russian hackers' lack of success against Ukraine shows that strong cyber defences work, says cybersecurity chief (ZDNET)
    Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC (ComputerWeekly)

    • 28 min
    DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.

    DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.

    DDoS remains the most characteristic mode of cyber ops in Russia's hybrid war against Ukraine. A leaked LockBit 3.0 builder is being used in ransomware attacks. Meta takes down Russian disinformation networks. Lazarus Group is spearphishing with bogus job offers. Joe Carrigan looks at SNAP benefit scams. Our guest is Crane Hassold of Abnormal Security with the latest in advanced email attack trends. And the cloud…is complicated.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/11/187

    Selected reading.
    Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods According to 1H2022 NETSCOUT DDoS Threat Intelligence Report (NETSCOUT) 
    Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (BleepingComputer) 
    Removing Coordinated Inauthentic Behavior From China and Russia (Meta)
    Russia is spoofing mainstream media to smear Ukraine, Meta says (Protocol)
    Operation In(ter)ception: social engineering by the Lazarus Group. (CyberWire)
    How cloud complexity affects security. (CyberWire)

    • 34 min

Reseñas de clientes

4,2 de 5
5 valoraciones

5 valoraciones

User56780 ,

Statists

Too political. The purged Facebook accounts Cop Block, Police the Police, and Free Thought Project (amongst others) were NOT Iranian-run.

Top podcasts de Tecnología

Victor Abarca
Applesfera
Emilcar
Applesfera
Applelianos
Lex Fridman

Quizá también te guste

CyberWire Inc.
ITWC
CISO Series
Cybereason
Johannes B. Ullrich
Graham Cluley & Carole Theriault