1,999 episodes

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily CyberWire, Inc.

    • Technology
    • 4.8 • 879 Ratings

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

    Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.

    Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.

    Joint advisory warns of remote monitoring and management software abuse. Iranian threat actors reported active against a range of targets. UK's NCSC warns of increased risk of Russian and Iranian social engineering attacks. A look at trends, as seen by CIOs. Carole Theriault ponders health versus privacy with former BBC guru Rory Cellan Jones. Kyle McNulty, host of the Secure Ventures podcast shares lessons from the cybersecurity startup community. And the DRAGONBRIDGE spam network is disrupted.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/12/17

    Selected reading.
    CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software (CISA)
    Protecting Against Malicious Use of Remote Monitoring and Management Software (CISA)
    CISA: Federal agencies hacked using legitimate remote desktop tools (BleepingComputer)
    'Malicious' cyber attacks launched by groups connected to Iran's regime (ABC) 
    Abraham's Ax Likely Linked to Moses Staff (Secureworks)
    SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest (NCSC)
    NCSC: Russian and Iranian hackers targeting UK politicians, journalists (Computing)
    State of the CIO Study 2023: CIOs cement leadership role (Foundry)
    U.S. says it 'hacked the hackers' to bring down ransomware gang, helping 300 victims (Reuters)
    Over 50,000 instances of DRAGONBRIDGE activity disrupted in 2022 (Google TAG)

    • 28 min
    CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software

    CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software

    CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management software. 
    AA23-025A Alert, Technical Details, and Mitigations
    For a downloadable copy of IOCs, see AA23-025.stix
    Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfee, Norton, and Paypal domains
    No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.
    See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure.
    U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov 
    To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

    • 2 min
    TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.

    TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.

    How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shouldn't get cocky. DevSecOps survey results show tension between innovation and security. Russian hacktivist auxiliaries hit German targets. Tim Starks from the Washington Post Cyber 202 shares insights from his interview with Senator Warner. Our guest is Keith McCammon of Red Canary to discuss cyber accessibility. And Private sector support for Ukraine's cyber defense.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/12/16

    Selected reading.
    TA444: The APT Startup Aimed at Acquisition (of Your Funds) (Proofpoint)
    Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI (Akamai) 
    Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection (Securonix)
    BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute (BlackBerry)
    Global CIO Report Reveals Growing Urgency for Observability and Security to Converge (Dynatrace)
    Russian 'hacktivists' briefly knock German websites offline (Reuters)
    How Microsoft is helping Ukraine’s cyberwar against Russia (Computerworld)
    CISA Releases Two Industrial Control Systems Advisories (CISA) 

    • 30 min
    Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]

    Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]

    At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry.
    Listen in as the panel discusses:

    What works and doesn’t work in getting a security executive’s attention.

    Message trust, message fatigue, and what you can do about it.

    Trusted information sources and how security executives use them.

    Positioning and messaging that is actually meaningful to decision makers.

    The security executive’s purchasing behavior and why skepticism is the driving force.


    Stay tuned until the end to hear us answer some additional bonus questions submitted by attendees.

    • 1 hr
    Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.

    Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.

    DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/12/15

    Selected reading.
    DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne)
    Technical Advisory: Proxy*Hell Exploit Chains in the Wild  (Bitdefender)
    Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)
    CISA Adds One Known Exploited Vulnerability to Catalog (CISA) 
     2023 Data Privacy Benchmark Study (Cicso)
    Hacktivism Is a Risky Career Path (WIRED)
    Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney’s Office, District of Columbia) 
    Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney’s Office, Southern District of New York)
    Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)

    • 29 min
    Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.

    Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.

    The FAA attributes its January NOTAM outage. Malicious OneNote attachments are appearing in phishing campaigns. The Vastflux ad campaign has been disrupted. Ukraine moves toward closer cybersecurity collaboration with NATO. Rick Howard considers the best of 2022. Deepen Desai from Zscaler looks at VPN Risk. And, finally, we’re betting you want alerts for sports book customers and online gamers.

    For links to all of today's stories check out our CyberWire daily news briefing:
    https://thecyberwire.com/newsletters/daily-briefing/12/14

    Selected reading.
    FAA Says Contractor Unintentionally Caused Outage That Disrupted Flights (Wall Street Journal)
    Not a cyberattack, but an IT failure: the FAA's NOTAM outage. (CyberWire)
    Hackers now use Microsoft OneNote attachments to spread malware (BleepingComputer)
    Traffic signals: The VASTFLUX Takedown (HUMAN Security)
    Ukraine signs agreement to join NATO cyber defense center (The Record from Recorded Future News) 
    FanDuels warns of data breach after customer info stolen in vendor hack (BleepingComputer)
    Industry looks at the MailChimp data incident. (CyberWire)
    PSA: Don’t play GTA Online on PC right now (Video Games)
    You might not want to play GTA Online right now due to security vulnerabilities (RockPaperShotgun)
    Riot Games hacked, delays game patches after security breach (BleepingComputer)
    Riot hit by ‘social engineering attack’ that will affect patch cadence for multiple titles (Dot Esports)

    • 26 min

Customer Reviews

4.8 out of 5
879 Ratings

879 Ratings

ASobering ,

Such a wealth of knowledge! 🧠

This is one of the most entertaining and insightful podcasts that I have ever come across! Dave does such a great job of sharing his wisdom and I love how he leads meaningful conversations with guests who bring so much experience to the table. Every episode is simply jam-packed with timely and relevant news and information so it’s always an enjoyable listen. Highly recommend checking this show out - you won’t be disappointed!

5eanT ,

Can no longer listen and unsubscribed.

As a security professional who has listened to this show since it’s inception I have gained a wealth of knowledge and news insight. That said, the podcast’s security content has continuously lowered over the years in its level of expertise and detail. Additionally, the podcast’s time is saturated with sponsored interviews which was not the case prior. Finally,and this is just being honest, when you added Rick Howard with his cringe voice box and typical c suite ignorant swagger captain obvious talking points that most security professionals roll their eyes at …well I should have stopped listening right then and there.

jdtangney ,

Come back, Dave!

These cyberwire podcasts used to be great, but this new cadre of readers are not. They don’t seem to understand the words coming out of their own mouths. Listeners have to reassemble the words and mentally play it back with Dave’s voice to understand the nuance — and humor. These new readers are little better than Siri.
Come back, Dave Bittner, all is forgiven!

Top Podcasts In Technology

Lex Fridman
The Cut & The Verge
Jason Calacanis
The New York Times
The Wall Street Journal
NPR

You Might Also Like

CyberWire Inc.
CISO Series
ITWC
Cybereason
Johannes B. Ullrich
Graham Cluley & Carole Theriault