1,765 episodes

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

The CyberWire Daily CyberWire, Inc.

    • Technology
    • 4.8 • 809 Ratings

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

    An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

    An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

    Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.
    The research can be found here:
    Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

    • 24 min
    Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.

    Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.

    Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas. Politics ain’t beanbag, Russian edition. An indictment emerges from the US investigation into possible misconduct during the 2016 elections. The costs of coin-mining. Josh Ray from Accenture on protecting critical infrastructure. Our guest is Tony Pepper from Egress with a look at Insider Data Breaches. And don’t mix investment advice with matters of the heart.
    For links to all of today's stories check out our CyberWire daily news briefing:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/180

    • 27 min
    A CSO's 9/11 Story: CSO Perspectives Bonus.

    A CSO's 9/11 Story: CSO Perspectives Bonus.

    For the 20th anniversary of 9/11, Rick Howard, the Cyberwire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center.

    • 28 min
    Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

    Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

    Denial-of-service at a German election agency, as Federal prosecutors investigate GhostWriter. More nation-states get into election meddling. South Africa works to recover from a ransomware attack against government networks. A cryptojacking botnet moves from Linux to Windows. A ransomware gang threatens to burn your data if you bring in third-party help. Ransomware cyberinsurance claims rise. Rick Howard checks in with Tom Ayres from Lead Up Strategies on Cyber Piracy. Caleb Barlow shares insights on CMMC. And it’s a really good week to patch.
    For links to all of today's stories check out our CyberWire daily news briefing:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/179

    • 27 min
    No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

    No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

    That Russian crackdown on ransomware gangs people thought they were seeing? Hasn’t happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenka’s government in Belarus. Operation Harvest is complicated and long-running. Phishing with a promise of infrastructure funding. The criminal market for bogus vaccine cards. Johannes Ullrich from SANS on dealing with image uploads - vulnerabilities in conversion libraries. Our UK correspondent Carole Theriault on Deepfakes - what you need to know now. And a deferred prosecution agreement in a “cyber mercenary” case.
    For links to all of today's stories check out our CyberWire daily news briefing:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/178

    • 25 min
    NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.

    NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.

    Citizen Lab finds, and Apple patches, a zero-day used for zero-click installation of Pegasus spyware. A Cobalt Strike beacon has been turned to cyberespionage use against Linux targets. The Russian government could, it seems, take action against cybercrime, but its will-to-enforcement seems to be inconsistent. Ben Yelin from UMD CHHS with more on Apple's CSAM controversy, our guest is Mel Shakir from Dreamit Ventures on selling to CISOs, and their customer sprints. REvil makes nice with grumpy affiliates. And criminals’ commitment to the common good seems weak. That’s not a surprise, is it?
    For links to all of today's stories check out our CyberWire daily news briefing:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/177

    • 22 min

Customer Reviews

4.8 out of 5
809 Ratings

809 Ratings

Copeland CD ,

Military-grade information

Great mix of serious information and tongue-in-cheek humor. Vital discussions for those working in or trying to understand contemporary cyber-security issues.

chasememan ,

Listen and learn

Amazing security podcast. Thank you!

Dusk2014 ,

Too many ads

Too many sponsor spots and too long spots

Top Podcasts In Technology

Listeners Also Subscribed To