CyberWire Daily The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
- Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]by CyberWire, Inc. on January 16, 2022 at 8:00 am
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting “try to find other social engineers to mingle. It’s in the name. We are social creatures.” We thank Marina for sharing her story with us.
- Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]by CyberWire, Inc. on January 15, 2022 at 8:00 am
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries. In her Money 20/20 keynote presentation entitled “Scorched Earth: Hacking Bank APIs”. In her presentation, Alissa revealed that she was able to gain access to 55 different banks and change PIN codes and move money in and out of accounts. Three lessons learned include: API security vulnerabilities affect all enterprises, API security needs to be operationalized across the enterprise, and API security requires posture management, runtime security, and active testing. Details can be found here: White paper: Hacking Banks and Cryptocurrency Exchanges Through Their APIs Blog post: 3 API Security Lessons from “Scorched Earth: Hacking Bank APIs” Press release: New Research Shows Vulnerabilities in Banking, Cryptocurrency Exchange, and FinTech APIs Allow Unauthorized Transactions and PIN Code Changes of Customers Alissa’s presentation at Money 20/20.
- Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.by CyberWire, Inc. on January 14, 2022 at 9:15 pm
A large-scale cyberattack against Ukrainian websites looks like an influence operation, and Russian intelligence services are the prime suspects. The FSB raids REvil. The White House Open Source Software Security Summit looks toward software bills of materials. MuddyWater exploits Log4shell. The DPRK is working to steal cryptocurrency. Caleb Barlow shares the consequences of the 3G network shutdown. Our guest is John Lehmann from Intellectual Point with programs that help military veterans transition to the cybersecurity industry. Honor among thieves, and spies. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/10
- A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.by CyberWire, Inc. on January 13, 2022 at 9:15 pm
A White House government-industry summit today addresses open-source software security. The US officially makes its second attribution of the week to a nation-state: it calls out Iran as the operator of the MuddyWater threat group. Israel arrests five on charges related to spying for Iran (they’re thought to have been recruited through catphishing). Citizen Lab finds Pegasus in Salvadoran phones. Ukraine arrests a ransomware gang. Thomas Etheridge from CrowdStrike on the importance of threat hunting for zero days. Our guest is Dr. David Bader of New Jersey Institute of Technology discussing the challenges of securing massive-scale analytics. And ransomware hits US state and local governments. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/9
- The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.by CyberWire, Inc. on January 12, 2022 at 9:15 pm
The US issues an alert over the prospect of Russian cyberattacks, and the EU begins a series of stress tests, both in apparent response to concerns over the prospect of a Russian attack on Ukraine. NIST updates its guidance on Engineering Trustworthy Secure Systems. NIght Sky ransomware exploits Log4shell. Phishing afflicts a hotel chain. Carole Theriault examines international efforts to stop digital fraud. Ben Yelin fon Seattle Police Faking Radio Chatter. And we’re shocked, shocked, to learn of fraud and piracy on a social media platform. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/8
- Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.by CyberWire, Inc. on January 11, 2022 at 9:15 pm
Log4shell as an instance of a more general software supply chain issue. An APT apparently mistakenly infects itself with its own RAT. A new backdoor, SysJoker, is in use in the wild. A warning on commercial surveillance software. A leak investigation continues in Denmark. Joe Carrigan explains bogus QR codes. Our guest is Casey Allen of Concentric on cyber vulnerabilities in automobiles. And, Europol is told it has a year to clear its databases of information on people not involved in crime. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/7
- CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.by CyberWire, Inc. on January 10, 2022 at 9:15 pm
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7’s BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on their report – The Government Called, Are You Ready to Answer? Chris Novak from Verizon on PCI 4.0. And Russo-American talks open in Geneva. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/6
- Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]by CyberWire, Inc. on January 9, 2022 at 8:00 am
Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a professional musician, Julian found it more practical to take some technology classes and practice his saxophone when he had time. His first tech job was at Texaco where he worked on early networks and moved into systems engineering at Compaq. Julian notes his ADD made coding less attractive than talking with others to solve problems and Compaq provided him with opportunities to pivot. Searching out diversity, Julian moved to DC, and had his first taste of startups. He now describes himself as a serial entrepreneur. We thank Julian for sharing his story with us.
- The rise of Karakurt Hacking Team.by CyberWire, Inc. on January 8, 2022 at 8:00 am
Guest Rob Boyce, Accenture’s Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss their research “Karakurt rises from its lair.” Accenture Security has identified a new threat group, the self-proclaimed Karakurt Hacking Team, that has impacted over 40 victims across multiple geographies. The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game hunting approach. Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment. In addition, Accenture Security assesses with moderate-to-high confidence that the threat group’s extortion approach includes steps to avoid, as much as possible, drawing attention to its activities. The research can be found here: Karakurt rises from its lair
- Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.by CyberWire, Inc. on January 7, 2022 at 9:15 pm
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). The UK’s NHS warns of unknown threat actors exploiting Log4j bugs in unpatched VMware Horizon servers. In the US, CISA continues to assist Federal agencies with Log4j remediation, and observers call for more Government support of open-source software security. A major provider of school websites is hit with ransomware. Our guest is John Belizaire of Soluna Computing with a new approach to data center efficiency. Thomas Etheridge from CrowdStrike on supply chain risks. And the US extends the deadline to apply for grants in support of rip-and-replace. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/5
- Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.by CyberWire, Inc. on January 6, 2022 at 9:15 pm
ICS vendors address Log4j vulnerabilities. Regulators and legislators think about addressing issues in the software supply chain. Ransomware gangs were quick to exploit Log4shell. An old, and patched, Windows vulnerability is being exploited by the Malsmoke gang. Social engineering of Google Docs users is up. Mr. Klyshin pleads not guilty. Robert M. Lee from Dragos makes the case for salary transparency. Our guest is George Gerchow from Sumo Logic with new approaches for the modern threat landscape. And call spoofing is making robocalls moderately more plausible. For links to all of today’s stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/4
- CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.by CyberWire, Inc. on January 5, 2022 at 9:45 pm
CISA says US Federal agencies are now largely in compliance with Log4j risk mitigation guidance. The FTC issues advice and a warning on Log4j to US businesses. A skimmer is installed through cloud-delivered video. The Vice Society’s ransomware is meddling with supermarket operations in the UK. The Atlantic Council offers advice on strategy for the grey zone. Hacktivists are expected to punish greenwashing in 2022. Caleb Barlow on recent FBI PIN about how ransomware operators are looking for material non-public information to improve their chances of being paid. Our guest is Helen Patton from Cisco on her book, Navigating the Cybersecurity Career Path. And James Pond is the CEO of hybrid war! For links to all of today’s stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/11/3
- Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.by CyberWire, Inc. on January 4, 2022 at 9:15 pm
It’s going to take time, vigilance, and attention to detail to manage the Log4j risks. A North Korean APT is trying to install the Konni RAT into Russian diplomats’ devices. More hacktivist-looking incidents follow the anniversary of Iranian General Soleimani’s death. Other, self-inflicted, software supply chain incidents. The Kremlin is said to be worried about what Mr. Klyushin might tell the Americans who’ve got him in jail. Ben Yelin on the tension between ephemeral messaging apps and the public’s right to know. Mr Security Answer Person John Pescatore joins our show. And the Show-Me state needs to rethink all that showin’. For links to all of today’s stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/11/2
- Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.by CyberWire, Inc. on January 3, 2022 at 9:50 pm
Aquatic Panda has been found working Log4shell exploits against an academic institution. Apache fixes new Log4j issues reported last week, and Microsoft also updates Windows Defender to address Log4j risks. Cyberattacks, criminal or hacktivist in motivation, hit news outlets around the new year. Microsoft works on fixing a Y2K22 bug in on-premise Exchange Server. Andrea Little Limbago from Interos on technology spheres of influence. Our guest is Mark Dehus from Lumen’s Black Lotus Labs with DDoS insights. And CISA issues some ICS security advisories. For links to all of today’s stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/11/1
- Cybersecurity predictions for 2022. [CyberWire-X]by CyberWire, Inc. on January 2, 2022 at 8:00 am
Industry experts discuss their cybersecurity predictions for 2022, what trends and attacks will be most prevalent in the year ahead, and how organizations should be preparing for the new year. In this show, we cover what they think the industry might see in 2022 (and some we probably won’t see). The CyberWire’s Rick Howard speaks with Hash Table member Kevin Magee, Chief Security Officer at Microsoft Canada, and show sponsor Keeper Security’s CTO & Co-Founder Craig Lurey joins The CyberWire’s Dave Bittner on this CyberWire-X and shares his insights on the topic.
- Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]by CyberWire, Inc. on January 2, 2022 at 8:00 am
Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route “looks really clean, but actually it was a bit more Jeremy Bearimy.” While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then “just get into the game.” We thank Rois for sharing her story.
- Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]by CyberWire, Inc. on January 1, 2022 at 8:00 am
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42’s work on “Ransomware Groups to Watch: Emerging Threats.” As part of Unit 42’s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0) with Dave. The research can be found here: Ransomware Groups to Watch: Emerging Threats
- CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.by CyberWire, Inc. on December 31, 2021 at 9:00 pm
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Jaclyn Miller from NTT, Ltd. on diversity, inclusion and remote access security. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
- CyberWire Pro Interview Selects: Sir David Omand.by CyberWire, Inc. on December 30, 2021 at 9:00 pm
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Sir David Omand, former GCHQ Director, on his book, How Spies Think: Ten Lessons in Intelligence.. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
- CyberWire Pro Interview Selects: Zan Vautrinot on boards.by CyberWire, Inc. on December 29, 2021 at 9:00 pm
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Zan Vautrinot about boards. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.