1,608 episodes

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

The CyberWire Daily CyberWire, Inc.

    • Technology

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

    Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.

    Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.

    Another supply chain incident surfaces. The Natanz sabotage seems to have landed a punch, but not a knock-out blow against Iran’s nuclear program (and it appears to have been a bomb). China’s “big data” gangs and their place in the criminal economy. Tolerating (and protecting?) ransomware gangs in Russia? Betsy Carmelite looks at the intersection of 5G and zero trust. Rick Howard is focusing on finance and fraud in the latest season of CSO Perspectives. Russia’s counterretaliation for US sanctions in the SolarWinds affair. 
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/74

    • 24 min
    Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

    Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

    CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us.

    • 4 min
    Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]

    Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]

    Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are often used as social engineering schemes by threat actors.
    MINEBRIDGE buries itself into the vulnerable remote desktop software TeamViewer, enabling the threat actor to take a wide array of remote follow-on actions such as spying on users or deploying additional malware.The use of social engineering tactics targeting security teams appears to be on an upward trend.
    The research can be found here:
    Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

    • 18 min
    International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.

    International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.

    The European Union expresses solidarity with the US over the SolarWinds incident. The UK joins the US in attributing the incident to Russia. Russia objects to US sanctions and hints strongly that it intends to retaliate. IBM discloses new cyber threats to the COVID-19 vaccine cold chain. Iran says Natanz is back in business. Kevin Magee from Microsoft looks at the security of startups. Our guest is Brad Ree of ioXt Alliance with results from their Mobile IoT Benchmark report. And data breaches hit people who park and people who read.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/73

    • 25 min
    Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.

    Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.

    The US announces a broad range of retaliatory actions designed to “impose costs” on Russia for its recent actions in cyberspace, prominently including both the SolarWinds supply chain compromise and attempts to influence elections. More reports on the Natanz incident suggest that a buried bomb was remotely detonated. David Dufour from Webroot has a wakeup call on digital privacy. Our guest is Ganesh Pai from Uptycs on Mitre ATT&CK Evaluations. And IcedID is taking Emotet’s place in the criminal ecosystem.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/72

    • 26 min
    The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.

    The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.

    Updates on Natanz, where the nature of the sabotage remains unclear--it happened, but there are conflicting explanations of how. Electrical utilities on alert for cyberattack, especially after the SolarWinds incident. The US Government takes extraordinary steps to fix the Microsoft Exchange Server compromise. Joe Carrigan analyses effective phishing campaigns. Our guest is the FBI’s Herb Stapleton on their recent IC3 report. And the US Intelligence Community’s Annual Threat Assessment points, in order of diminishing rsk, to China, Russia, Iran, and North Korea.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/71

    • 27 min

Top Podcasts In Technology

Listeners Also Subscribed To