300 episodes

More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

The CyberWire The CyberWire

    • Tech News

More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

    Twofold snooping venture.

    Twofold snooping venture.

    Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected.
    Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai. 
    The research can be found here: 
    A Brief History of a Rootable Docker Image
    Thanks to our sponsor, Reservoir Labs. 

    • 18 min
    Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.

    Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.

    NSA warns that the GRU’s Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and Michigan State University sustains a ransomware attack. Ben Yelin unpacks the President’s executive order aimed at social media companies. Our guest is Vik Arora of the Hospital for Special Surgery on protecting health care organizations during COVID-19.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/9/104

    • 25 min
    Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.

    Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.

    Hackers-for-hire find criminal work during the pandemic. The US Department of Energy is said to have taken possession of a Chinese-manufactured transformer. US President Trump may be considering an Executive Order about the legal status of social media. Contact-tracing apps in France and the UK are scrutinized for privacy. Ben Yelin from with the latest iPhone cracking case between the FBI and Apple. Our guest is retired CIA master of disguise Jonna Mendez on her book The Moscow Rules. Canada’s Centre for Cyber Security assesses current risks, and Huawei’s CFO loses a round in a Vancouver court.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/9/103

    • 21 min
    Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.

    Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.

    Berserk Bear is back, and snuffling around Germany’s infrastructure. Two new Android issues surface. India opens up the source code for its COVID-19 contact-tracing app as such technological adjuncts to public health continue to arouse privacy concerns. [F]Unicorn poses as Italy’s Immuni app. An alleged FIN7 gangster is arrested. Australia’s Data61 urges companies not to scrimp on R&D. Joe Carrigan on Android mobile malware getting new features. Our guest is Frederick “Flee” Lee from Gusto on CCPA. And does your underwear come with a Faraday cage? We thought it might.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/9/102

    • 20 min
    The evolution of malware, both criminal and state-run.

    The evolution of malware, both criminal and state-run.

    Turla tunes its tools. The commodity Trojan AnarchyGrabber is now stealing passwords. A new iOS jailbreak has been released. The UK reconsiders its decision to allow Huawei into its 5G networks. A tech group lobbies the US House against warrantless inspection of searches. Remote work’s regulatory risk. COVID-19 conspiracy theories. Hackers say they’re vigilantes. Our own Rick Howard on intrusion kill chains, his latest episode of CSO Perspectives. Our guest is Nico Fischbach from Forcepoint on deepfakes expanding outside of disinformation campaigns to the enterprise. And too many remote workers appear to have too much time on their hands.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/9/101

    • 20 min
    Naming and shaming is the worst thing we can do.

    Naming and shaming is the worst thing we can do.

    In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims' networks before they deployed the ransomware. Secureworks Counter Threat Unit (CTU) researchers have observed several ransomware operators following suit.
    Joining us in this week's Research Saturday is Alex Tilley of SecureWorks' Counter Threat Unit. 
    The CyberWire's Research Saturday is presented by Juniper Networks.
    Thanks to our sponsor Enveil, closing the last gap in data security.

    • 23 min

Top Podcasts In Tech News

Listeners Also Subscribed To