Bra podd

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

6 juli | 11 min

Botnet’s back, tell a friend. [Research Saturday]

5 juli | 23 min

Turning data into decisions. [Deep Space]

4 juli | 51 min

Secure Your Summer: Top Cyber Myths, Busted [Threat Vector]

4 juli | 38 min

The bug that let anyone in.

3 juli | 33 min

Houken blends stealth and chaos.

2 juli | 39 min

North Korea’s covert coders caught.

1 juli | 31 min

U.S. braces for Iranian cyber intrusions.

30 juni | 40 min

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

29 juni | 8 min

A tale of two botnets. [Research Saturday]

28 juni | 25 min

Turbulence in the cloud.

27 juni | 37 min

No panic—just patch.

26 juni | 36 min

Open-source, open season.

25 juni | 32 min

Iran’s digital threat after U.S. strikes.

24 juni | 32 min

Iran’s digital retaliation looms.

23 juni | 37 min

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

22 juni | 10 min

Signed, sealed, exploitable. [Research Saturday]

21 juni | 19 min

A blast from the breached past.

20 juni | 32 min

Juneteenth: Reflecting, belonging, and owning your seat at the table. [Special Edition]

19 juni | 35 min

Typhoon on the line.

18 juni | 29 min

Can’t DOGE the inquiry.

17 juni | 33 min

Darknet drug marketplace closed for business.

16 juni | 37 min

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]

15 juni | 9 min

Hiding in plain sight with vibe coding.

14 juni | 22 min

Cloudflare’s cloudy day resolved.

13 juni | 29 min

Scam operations disrupted across Asia.

12 juni | 34 min

Ghost students “haunting” online colleges.

11 juni | 37 min

Jedai tricks, human risks.

10 juni | 34 min

White House reboots cybersecurity priorities.

9 juni | 36 min

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

8 juni | 10 min

A new stealer hiding behind AI hype. [Research Saturday]

7 juni | 25 min

Beware of BADBOX.

6 juni | 33 min

China’s largest data leak exposes billions.

5 juni | 34 min

Appetite for tracking: A feast on private data.

4 juni | 37 min

Zero-day déjà vu.

3 juni | 43 min

AVCheck goes dark in Operation Endgame.

2 juni | 29 min

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

1 juni | 11 min

Triofox and the key to disaster. [Research Saturday]

31 maj | 22 min

All systems not go.

30 maj | 37 min

When "out of the box" becomes "out of control."

29 maj | 32 min

Fingers point east.

28 maj | 35 min

BEAR-ly washed and dangerous.

27 maj | 36 min

AWS in Orbit: Automated Satellite Management. [T-Minus Space]

26 maj | 23 min

Hugh Thompson on Building the RSA Conference [Afternoon Cyber Tea]

26 maj | 38 min

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

25 maj | 9 min

Purple teaming in the modern enterprise. [CyberWire-X]

25 maj | 27 min

Pandas with a purpose. [Research Saturday]

24 maj | 20 min

When malware masters meet their match.

23 maj | 40 min

Lights out for Lumma.

22 maj | 32 min

Bear in the network.

21 maj | 41 min

The Take It Down Act walks a fine line.

20 maj | 35 min

Redacted realities: Inside the MoJ hack.

19 maj | 33 min

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

18 maj | 11 min

Leveling up their credential phishing tactics. [Research Saturday]

17 maj | 21 min

Preparing for the cyber battlespace.

16 maj | 40 min

Bypassing Bitlocker encryption.

15 maj | 39 min

Get to patching: Patch Tuesday updates.

14 maj | 38 min

Jamming in a ban on state AI regulation.

13 maj | 33 min

No quick fix for a ClickFix attack.

12 maj | 32 min

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

11 maj | 8 min

Beyond cyber: Securing the next horizon. [Special Edition]

11 maj | 63 min

Hijacking wallets with malicious patches. [Research Saturday]

10 maj | 20 min

Scrutinizing the security of messaging apps continues.

9 maj | 32 min

Targeting schools is not cool.

8 maj | 37 min

AWS in Orbit: Empowering exploration on the Moon, Mars, and more.

8 maj | 27 min

When spyware backfires.

7 maj | 34 min

No hocus pocus—MagicINFO flaw is the real threat.

6 maj | 37 min

Hardcoded credentials and hard lessons.

5 maj | 30 min

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

4 maj | 7 min

When AI gets a to-do list. [Research Saturday]

3 maj | 24 min

Wired, but not fired.

2 maj | 36 min

AI on the offensive.

1 maj | 33 min

How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives]

1 maj | 42 min

Less CISA, more private sector power?

30 april | 36 min

Trends shaping the future at RSAC.

29 april | 33 min

Lights out, lines down.

28 april | 31 min

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

27 april | 8 min

Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]

27 april | 75 min

China’s new cyber arsenal revealed. [Research Saturday]

26 april | 26 min

Pentagon hits fast-forward on software certs.

25 april | 33 min

Lessons from the latest breach reports.

24 april | 29 min

Are we a trade or a profession? [CISO Perspectives]

24 april | 47 min

States struggle with cyber shift.

23 april | 35 min

Proton66’s malware highway.

22 april | 43 min

When fake fixes hide real attacks.

21 april | 32 min

Rich Hale: Understanding the data. [CTO] [Career Notes]

20 april | 8 min

Crafting malware with modern metals. [Research Saturday]

19 april | 20 min

SSH-attered trust.

18 april | 33 min

Microsoft squashes windows server bug.

17 april | 36 min

Is the cyber talent ecosystem broken? [CISO Perspectives]

17 april | 42 min

CVE program gets last-minute lifeline.

16 april | 34 min

OCC breach jolts financial sector.

15 april | 39 min

AI ambitions clash with cyber caution.

14 april | 34 min

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

13 april | 9 min

The new malware on the block. [OMITB]

12 april | 35 min

CISA shrinks while threats grow.

11 april | 32 min

Former cybersecurity officials lose clearances.

10 april | 33 min

Major breach at the US Treasury’s OCC.

9 april | 29 min

Using AI to sniff out opposition.

8 april | 37 min

UK Apple showdown gonna be public.

7 april | 29 min

Rick Howard: Give people resources. [CSO] [Career Notes]

6 april | 9 min

Bybit’s $1.4B breach. [Research Saturday]

5 april | 36 min

A leadership shift.

4 april | 36 min

The invisible force fueling cyber chaos.

3 april | 31 min

Chrome & Firefox squash the latest flaws.

2 april | 30 min

Hackers beware, fines are in the air.

1 april | 31 min

Ransom demands and medical data for sale.

31 mars | 36 min

Alyssa Miller: We have to elevate others. [BISO] [Career Notes]

30 mars | 9 min

Breaking barriers, one byte at a time. [Research Saturday]

29 mars | 22 min

New sandbox escape looks awfully familiar.

28 mars | 35 min

FamousSparrow’s sneaky resurgence.

27 mars | 36 min

No click, all tricks.

26 mars | 31 min

The nightmare you can’t ignore.

25 mars | 31 min

Scammers celebrate with a bang.

24 mars | 41 min

Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

23 mars | 8 min

Excel-lerating cyberattacks. [Research Saturday]

22 mars | 27 min

Brute force and broken trust.

21 mars | 31 min

Can’t escape RCE flaws.

20 mars | 30 min

Remote hijacking at your fingertips.

19 mars | 32 min

Tomcat got your server?

18 mars | 31 min

A reel disaster for GitHub.

17 mars | 30 min

Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]

16 mars | 8 min

Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge [Threat Vector]

16 mars | 30 min

The ransomware clones of HellCat & Morpheus. [Research Saturday]

15 mars | 22 min

Balancing budget cuts and cybersecurity.

14 mars | 33 min

FCC draws the line on Chinese tech threats.

13 mars | 35 min

Will Plankey lead CISA to victory?

12 mars | 32 min

X marks the hack.

11 mars | 36 min

PHP flaw sparks global attack wave.

10 mars | 37 min

Peter Baumann: Adding value to data. [CEO] [Career Notes]

9 mars | 8 min

Botnet’s back, tell a friend. [Research Saturday]

8 mars | 23 min

The end of the line for Garantex.

7 mars | 30 min

From China with love (and Malware).

6 mars | 34 min

US Treasury targets darknet kingpin.

5 mars | 30 min

CISA keeps watch on Russia.

4 mars | 35 min

Is it cyber peace or just a buffer?

3 mars | 25 min

Taree Reardon: A voice for women in cyber. [Career Notes]

2 mars | 8 min

Caught in the contagious interview. [Research Saturday]

1 mars | 29 min

Pay the ransom or risk data carnage.

28 februari | 31 min

The masterminds behind a $1.5 billion heist.

27 februari | 33 min

Live from Orlando, it's Hacking Humans! [Hacking Humans]

27 februari | 31 min

Hacked in plain sight.

26 februari | 31 min

Orange you glad you didn't fall for this?

25 februari | 33 min

Can the U.S. keep up in cyberspace?

24 februari | 36 min

Dwayne Price: Sharing information. [Project Management] [Career Notes]

23 februari | 8 min

From small-time scams to billion-dollar threats. [Research Saturday]

22 februari | 27 min

The political shake-up at the FBI.

21 februari | 34 min

No rest for the patched.

20 februari | 34 min

Pennies for access.

19 februari | 35 min

PAN-ic mode: The race to secure PAN-OS.

18 februari | 35 min

LIVE! From Philly [Threat Vector]

17 februari | 25 min

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

16 februari | 9 min

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

15 februari | 35 min

AI’s blind spots need human eyes.

14 februari | 34 min

Salt in the wound.

13 februari | 35 min

DOGEgeddon: The cyber crisis hiding in plain sight.

12 februari | 35 min

Apple’s race to secure your iPhone.

11 februari | 35 min

Read all about it—or maybe not.

10 februari | 31 min

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

9 februari | 8 min

Cleo’s trojan horse. [Research Saturday]

8 februari | 22 min

DOGE-eat-DOGE world.

7 februari | 37 min

FCC around and find out.

6 februari | 44 min

DOGE days numbered?

5 februari | 33 min

A wolf in DOGE’s clothing?

4 februari | 33 min

Federal agencies in power struggle crossfire.

3 februari | 32 min

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

2 februari | 7 min

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

1 februari | 27 min

The end of a cybercrime empire.

31 januari | 37 min

Cracked and Nulled taken down.

30 januari | 39 min

Cats and RATS are all the rage.

29 januari | 33 min

It was DDoS, not us.

28 januari | 34 min

China's chatbot sends tech stocks into tailspin.

27 januari | 36 min

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

26 januari | 8 min

LightSpy's dark evolution. [Research Saturday]

25 januari | 26 min

The end of warrantless searches?

24 januari | 35 min

A warning from the cloud.

23 januari | 40 min

The uncertain future of cyber safety oversight.

22 januari | 36 min

Trump’s opening moves.

21 januari | 44 min

AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]

20 januari | 28 min

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

19 januari | 8 min

A cute cover for a dangerous vulnerability. [Research Saturday]

18 januari | 25 min

Hacking the bureau.

17 januari | 40 min

Bolstering the digital shield.

16 januari | 35 min

Massive malware cleanup.

15 januari | 36 min

National security in the digital age.

14 januari | 35 min

Multi-factor frustration.

13 januari | 35 min

The hidden cost of data hoarding. [Research Saturday]

11 januari | 35 min

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

11 januari | 7 min

When retaliation turns digital.

10 januari | 33 min

Biden’s final cyber order tackles digital weaknesses.

9 januari | 31 min

A new Mirai-based botnet.

8 januari | 32 min

U.S. sanctions spark cyber showdown with China.

7 januari | 33 min

China’s shadow over U.S. telecom networks.

6 januari | 33 min

Crypto client or cyber trap? [Research Saturday]

4 januari | 24 min

Dominique West: Security found me. [Strategy] [Career Notes]

4 januari | 8 min

AI-powered propaganda.

3 januari | 37 min

A breach in the U.S. Treasury.

2 januari | 36 min

Scotland’s position to lead cyber and space. [Deep Space]

1 januari | 30 min

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

1 januari | 39 min

Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. [Special Edition]

31 december 2024 | 23 min

Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]

30 december 2024 | 54 min

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.

30 december 2024 | 39 min

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

29 december 2024 | 8 min

On the prowl for mobile malware. [Research Saturday]

28 december 2024 | 27 min

A cyber carol.

27 december 2024 | 50 min

Putting a dent in the cybersecurity workforce gap.

26 december 2024 | 30 min

The CyberWire: The 12 Days of Malware. [Special edition]

25 december 2024 | 6 min

A social engineering carol.

25 december 2024 | 8 min

Lessons from the Viasat cybersecurity attack. [T-Minus]

24 december 2024 | 29 min

Decoding XDR: Allie Mellen on What’s Next [Threat Vector]

24 december 2024 | 40 min

Court puts the ‘spy’ in spyware.

23 december 2024 | 36 min

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

22 december 2024 | 8 min

Quishing for trouble. [Research Saturday]

21 december 2024 | 17 min

Ukraine’s fight to restore critical data.

20 december 2024 | 39 min

Breached but not broken.

19 december 2024 | 35 min

Hacking allegations and antitrust heat.

18 december 2024 | 32 min

The cost of peeking at U.S. traffic.

17 december 2024 | 34 min

Rhode Island cyberattack exposes sensitive data.

16 december 2024 | 38 min

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

15 december 2024 | 8 min

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

14 december 2024 | 21 min

Hackers in handcuffs.

13 december 2024 | 32 min

When AI goes offline.

12 december 2024 | 33 min

When exploits go wild and patches race the clock.

11 december 2024 | 32 min

Buckets of trouble.

10 december 2024 | 37 min

Router security in jeopardy.

9 december 2024 | 34 min

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

8 december 2024 | 5 min

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

8 december 2024 | 46 min

The JPHP loader breaking away from the pack. [Research Saturday]

7 december 2024 | 26 min

The NTLM bug that sees and steals.

6 december 2024 | 34 min

Dismantling the Manson cybercrime market.

5 december 2024 | 36 min

The end of MATRIX.

4 december 2024 | 34 min

Nam3l3ss but not harmless.

3 december 2024 | 34 min

The international effort making digital spaces safer.

2 december 2024 | 33 min

Debra Danielson: Be fearless. [CTO] [Career Notes]

1 december 2024 | 8 min

Leaking your AWS API keys, on purpose? [Research Saturday]

30 november 2024 | 27 min

Science fiction meets reality with Ronald D. Moore. [T-Minus Deep Space]

29 november 2024 | 49 min

Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]

28 november 2024 | 33 min

Grappling with a ransomware attack.

27 november 2024 | 34 min

Taking aim at cybercrime.

26 november 2024 | 32 min

Novel attacks and creative phishing angles.

25 november 2024 | 33 min

So you want to write a book about AI and cybersecurity? [CSO Perspectives]

25 november 2024 | 19 min

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

24 november 2024 | 7 min

Exposing AI's Achilles heel. [Research Saturday]

23 november 2024 | 27 min

A not so BASIC farewell.

22 november 2024 | 34 min

No more spinach for PopeyeTools.

21 november 2024 | 37 min

When location data becomes a weapon.

20 november 2024 | 32 min

Biden vs. Trump: A tale of two cybersecurity strategies.

19 november 2024 | 34 min

A new era for CISA under Trump?

18 november 2024 | 32 min

Cyber-entrepreneurship in the age of CyberAI. [CSO Perspectives]

18 november 2024 | 22 min

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

17 november 2024 | 7 min

Credential harvesters in the cloud. [Research Saturday]

16 november 2024 | 19 min

One tap, total access: Pegasus exploits unveiled.

15 november 2024 | 42 min

Eavesdropping on America’s eyes and ears.

14 november 2024 | 33 min

‘Bitcoin Jesus’ and Sheboygan face problems.

13 november 2024 | 32 min

Ransomware as a public health crisis.

12 november 2024 | 35 min

Veterans Day Special. [CSO Perspectives]

11 november 2024 | 15 min

Solution Spotlight: Rebuilding trust in the wake of tech calamities. [Special Edition]

10 november 2024 | 26 min

Kevin Magee: Focus on the archer. [CSO] [Career Notes]

10 november 2024 | 7 min

A firewall wake up call. [Research Saturday]

9 november 2024 | 23 min

CISA issues urgent warning.

8 november 2024 | 31 min

Canada cuts TikTok ties.

7 november 2024 | 37 min

That’s a wrap on election day.

6 november 2024 | 34 min

Confidence on election day.

5 november 2024 | 34 min

FBI fights fake news.

4 november 2024 | 38 min

State of security automation. [CSO Perspectives]

4 november 2024 | 22 min

Dinah Davis: Building your network. [R&D] [Career Notes]

3 november 2024 | 8 min

Velvet Ant's silent invasion. [Research Saturday]

2 november 2024 | 22 min

A push to debunk election disinformation.

1 november 2024 | 31 min

Guarding the Vote

31 oktober 2024 | 34 min

The Malware Mash

31 oktober 2024 | 5 min

Password snafu sparks election security questions.

30 oktober 2024 | 33 min

Securing democracy.

29 oktober 2024 | 35 min

Solution Spotlight: Cultivating cybersecurity culture. [Special Edition]

29 oktober 2024 | 35 min

Operation Magnus strikes back.

28 oktober 2024 | 34 min

How to turn tech insights into real advantages. [CSO Perspectives]

28 oktober 2024 | 10 min

Mission possible? Navigating tech adoption in the DoD. [Special Edition]

27 oktober 2024 | 33 min

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

27 oktober 2024 | 8 min

LLM security 101. [Research Saturday]

26 oktober 2024 | 21 min

UnitedHealth breach numbers confirmed.

25 oktober 2024 | 27 min

A giant FortiJump for cybercriminals.

24 oktober 2024 | 38 min

NotLockBit takes a bite out of macOS.

23 oktober 2024 | 37 min

Zero-day exploited in the wild.

22 oktober 2024 | 33 min

On the run, caught on arrival.

21 oktober 2024 | 38 min

Identity 3.0. [CSO Perspectives]

21 oktober 2024 | 17 min

Aarti Borkar: Make your own choices. [Product] [Career Notes]

20 oktober 2024 | 7 min

New targets, new tools, same threat. [Research Saturday]

19 oktober 2024 | 27 min

No more “cyber Snorlax” naps.

18 oktober 2024 | 35 min

Authorities bring down another hacker.

17 oktober 2024 | 34 min

Sri Lanka says ‘no more’ to financial fakers!

16 oktober 2024 | 31 min

Election Propaganda: Part 3: Efforts to reduce the impact of future elections.

16 oktober 2024 | 46 min

A “must patch” list in the making.

15 oktober 2024 | 36 min

Solution Spotlight: A first look at ISC2's 2024 Cybersecurity Workforce Study. [Special Edition]

14 oktober 2024 | 30 min

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

13 oktober 2024 | 7 min

Ransomware on repeat. [Research Saturday]

12 oktober 2024 | 29 min

Patient portals down, ransomware up.

11 oktober 2024 | 36 min

Hacked, attacked, and sued.

10 oktober 2024 | 34 min

Attacks amidst anniversaries.

9 oktober 2024 | 36 min

Election Propaganda: Part 2: Modern propaganda efforts.

9 oktober 2024 | 50 min

Key player unmasked in global ransomware takedown.

8 oktober 2024 | 34 min

Tapped and trapped.

7 oktober 2024 | 34 min

Making security decisions around AI use. [CSO Perspectives]

7 oktober 2024 | 17 min

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

6 oktober 2024 | 8 min

Podcast bait, malware switch. [Research Saturday]

5 oktober 2024 | 23 min

Caught red-handed.

4 oktober 2024 | 39 min

The Global Race for the 21st Century

3 oktober 2024 | 41 min

Election Propaganda Part 1: How does election propaganda work?

2 oktober 2024 | 33 min

Breaking news blocked.

1 oktober 2024 | 36 min

Escape from GPU island.

30 september 2024 | 31 min

Security remediation automation. [CSO Perspectives]

30 september 2024 | 18 min

Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) [Special Edition]

29 september 2024 | 36 min

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

28 september 2024 | 7 min

Beyond the permissions wall. [Research Saturday]

28 september 2024 | 18 min

Darknet dollars exposed.

27 september 2024 | 35 min

Salt Typhoon’s cyber storm.

26 september 2024 | 34 min

Blue screen blues.

25 september 2024 | 31 min

PIVOTT Act drafts the next wave of digital defenders.

24 september 2024 | 34 min

Can connected cars jeopardize national security?

23 september 2024 | 37 min

Resilience. (CSO Perspectives)

23 september 2024 | 25 min

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

22 september 2024 | 7 min

Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)

22 september 2024 | 39 min

Hook, line, and sinker. [Research Saturday]

21 september 2024 | 23 min

They really are watching what we watch.

20 september 2024 | 34 min

Derailing the Raptor Train botnet.

19 september 2024 | 38 min

High-stakes sabotage.

18 september 2024 | 30 min

One small step for scammers.

17 september 2024 | 31 min

Agencies warn of voter data deception.

16 september 2024 | 38 min

Breaking the information sharing barrier.

16 september 2024 | 24 min

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

15 september 2024 | 7 min

Spamageddon: Xeon Sender’s cloudy SMS attack revealed! [Research Saturday]

14 september 2024 | 19 min

Mini-breach, mega-hype.

13 september 2024 | 32 min

UK’s newest cybersecurity MVPs.

12 september 2024 | 34 min

A Patch Tuesday overload.

11 september 2024 | 29 min

A CSO's 9/11 Story: CSO Perspectives Bonus.

11 september 2024 | 30 min

Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, on building a cybersecurity team.

11 september 2024 | 28 min

Stealth, command, exfiltrate: The three-headed cyber dragon of Crimson Palace.

10 september 2024 | 31 min

A ticking clock to exploitation.

9 september 2024 | 33 min

Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

8 september 2024 | 7 min

The playbook for outpacing China. [Research Saturday]

7 september 2024 | 27 min

Blizzard warning: Russia’s GRU unleashes new cyber saboteurs.

6 september 2024 | 45 min

U.S. rains on Russia’s fake news parade.

5 september 2024 | 30 min

From secure to clone-tastic.

4 september 2024 | 31 min

Brazil nixes Twitter’s successor.

3 september 2024 | 34 min

AWS in Orbit: Building Opportunity with Axiom Space. [AWS in Orbit]

2 september 2024 | 40 min

Tom Gorup: Fail fast and fail forward. [Operations]

1 september 2024 | 7 min

The impact of CISO Circles and cultivating a security culture.

1 september 2024 | 24 min

Pop goes the developer. [Research Saturday]

31 augusti 2024 | 23 min

High stakes for high tech: California's AI safety regulations take center stage.

30 augusti 2024 | 33 min

Crime, compliance, and controversy.

29 augusti 2024 | 34 min

From screen share to spyware.

28 augusti 2024 | 34 min

Cyber revolt or just digital ruckus?

27 augusti 2024 | 31 min

From secret chats to public spats.

26 augusti 2024 | 32 min

Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]

25 augusti 2024 | 8 min

Quantum-proof and ready: NIST unveils the future of encryption. [Special Edition]

25 augusti 2024 | 31 min

MaaS infrastructure exposed. [Research Saturday]

24 augusti 2024 | 26 min

Hackers strike LiteSpeed cache again.

23 augusti 2024 | 30 min

Almost letting hackers rule the web.

22 augusti 2024 | 32 min

Cyberattack cripples major American chipmaker.

21 augusti 2024 | 34 min

Cybersecurity on the ballot.

20 augusti 2024 | 35 min

Mic, camera, and more at risk.

19 augusti 2024 | 30 min

Robert Lee: Keeping the lights on. [ICS] [Career Notes]

18 augusti 2024 | 8 min

Essential tools with critical security challenges. [Research Saturday]

17 augusti 2024 | 24 min

Demo-lition derby: iVerify and Google clash over pixel app pitfalls.

16 augusti 2024 | 32 min

Weeding out 'worms' for Window's users.

15 augusti 2024 | 33 min

A health bot’s security slip-up.

14 augusti 2024 | 31 min

From dispossessor to disposed.

13 augusti 2024 | 38 min

Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]

13 augusti 2024 | 33 min

Confidential or compromised?

12 augusti 2024 | 31 min

What does materiality mean exactly?

12 augusti 2024 | 12 min

Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science]

11 augusti 2024 | 8 min

Prompts gone rogue. [Research Saturday]

10 augusti 2024 | 26 min

The 18-year stowaway.

9 augusti 2024 | 29 min

Cybersecurity leaders gear up for the ultimate test.

8 augusti 2024 | 33 min

When updates attack.

7 augusti 2024 | 31 min

Cyberattack calls for an early dismissal.

6 augusti 2024 | 32 min

TikTok in the hot seat...again.

5 augusti 2024 | 40 min

Cybersecurity is radically asymmetrically distributed.

5 augusti 2024 | 18 min

Spinning the web of tangled tactics. [Research Saturday]

3 augusti 2024 | 25 min

Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]

3 augusti 2024 | 8 min

A high-stakes swap.

2 augusti 2024 | 41 min

Ransomware strikes a nerve.

1 augusti 2024 | 31 min

When DDoS and defense collide.

31 juli 2024 | 35 min

Breaking Bad (records).

30 juli 2024 | 32 min

Are North Korean hackers going 'Seoul' searching?

29 juli 2024 | 39 min

The current state of the zero trust.

29 juli 2024 | 18 min

Encore: Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]

28 juli 2024 | 8 min

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli. [Special Edition]

28 juli 2024 | 39 min

The Black Basta ransomware riddle. [Research Saturday]

27 juli 2024 | 19 min

FBI and DOJ thwart North Korean cyber scheme.

26 juli 2024 | 36 min

Playing doctor with cyberattacks.

25 juli 2024 | 33 min

Ghost accounts haunt GitHub.

24 juli 2024 | 39 min

Don't mess with the NCA.

23 juli 2024 | 37 min

CrowdStrike and Microsoft battle blue screens across the globe.

22 juli 2024 | 40 min

The current state of Cyber Threat Intelligence.

22 juli 2024 | 17 min

Encore: James Hadley: Spend time on what interests you. [CEO] [Career Notes]

21 juli 2024 | 7 min

Olympic scammers go for gold. [Research Saturday]

20 juli 2024 | 24 min

Cybersecurity snow day.

19 juli 2024 | 38 min

SSM On-Prem Flaw is a 10/10 disaster.

18 juli 2024 | 33 min

Criminal networks crumble.

17 juli 2024 | 36 min

Squarespace's square off with hijacked domains.

16 juli 2024 | 37 min

Conspiracy theories in politics.

15 juli 2024 | 32 min

The current state of MITRE ATT&CK.

15 juli 2024 | 18 min

On the prowl for mobile malware. [Research Saturday]

13 juli 2024 | 27 min

Encore: Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]

13 juli 2024 | 6 min

AT&T's not so LOL hack.

12 juli 2024 | 37 min

Inside the crypto scam empire.

11 juli 2024 | 32 min

Old school, new threat.

10 juli 2024 | 35 min

Uniting against APT40.

9 juli 2024 | 36 min

The age old battle between iPhone and Android.

8 juli 2024 | 34 min

Encore: Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]

7 juli 2024 | 7 min

Encore: Welcome to New York, it's been waitin' for you. [Research Saturday]

6 juli 2024 | 21 min

Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]

5 juli 2024 | 43 min

Encore: The curious case of the missing IcedID. [Only Malware in the Building]

4 juli 2024 | 23 min

The Supreme Court is bringing a judicial shakeup.

3 juli 2024 | 33 min

Take a trip down regreSSHion lane.

2 juli 2024 | 35 min

A swift fix for a serious router bug.

1 juli 2024 | 28 min

The current state of IAM: A Rick-the-toolman episode.

1 juli 2024 | 16 min

Encore: Carole Theriault: Constantly learning new things. [Media] [Career Notes]

30 juni 2024 | 8 min

APT36's cyber blitz on India. [Research Saturday]

29 juni 2024 | 21 min

TeamViewer and APT29 go toe to toe.

28 juni 2024 | 29 min

Solution Spotlight: Progress on the National Cyber Workforce and Education Strategy. [Special Edition]

28 juni 2024 | 35 min

E-commerce or E-spying?

27 juni 2024 | 30 min

2024 Cyber Talent Study by N2K and WiCyS. [Special Edition]

27 juni 2024 | 43 min

LockBit picks a brawl with banks.

26 juni 2024 | 34 min

U.S. and China dance the telecom tango.

25 juni 2024 | 34 min

The claim heard ‘round the world.

24 juni 2024 | 36 min

Encore: Sal Aurigemma: How things work. [Education] [Career Notes]

23 juni 2024 | 8 min

Piercing the through the fog. [Research Saturday]

22 juni 2024 | 19 min

U.S. tightens the cybersecurity belt.

21 juni 2024 | 35 min

Cyberattack leaves dealerships feeling stuck in neutral.

20 juni 2024 | 31 min

T-Minus Overview- Our Moon [T-Minus Radio Program]

19 juni 2024 | 30 min

Servers seized, terrorists teased.

18 juni 2024 | 36 min

Scattered Spider hacker snagged in Spain.

17 juni 2024 | 37 min

The current state of XDR: A Rick-the-toolman episode.

17 juni 2024 | 19 min

Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes]

16 juni 2024 | 7 min

Exploring the mechanics of Infostealer malware. [Research Saturday]

15 juni 2024 | 29 min

A hacking keeps you humble.

14 juni 2024 | 39 min

Whistleblower warns of profit over protection.

13 juni 2024 | 34 min

COATHANGER isn’t hanging up just quite yet.

12 juni 2024 | 31 min

Hijacking your heritage.

11 juni 2024 | 34 min

Rethinking recalls.

10 juni 2024 | 37 min

Encore: Geoff White: Suddenly all of the pieces start to line up. [Journalism] [Career Notes]

9 juni 2024 | 8 min

Riding the hype for new Arc browser. [Rsearch Saturday]

8 juni 2024 | 28 min

A snapshot of security woes.

7 juni 2024 | 32 min

CISA's calls for a JCDC makeover.

6 juni 2024 | 30 min

Opening up on hidden secrets.

5 juni 2024 | 32 min

Ransomware hit causes pathology paralysis.

4 juni 2024 | 34 min

Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.

3 juni 2024 | 29 min

Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition]

3 juni 2024 | 25 min

SolarWinds and the SEC.

3 juni 2024 | 20 min

Solution Spotlight on the 2024 NICE Conference: Business Roundtable.

2 juni 2024 | 30 min

Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]

1 juni 2024 | 8 min

1700 IPs and counting. [Research Saturday]

1 juni 2024 | 18 min

New cybersecurity bill aims to untangle federal regulations.

31 maj 2024 | 36 min

Operation Endgame: Hackers' hideouts exposed.

30 maj 2024 | 39 min

Alleged leaked files expose a dirty secret.

29 maj 2024 | 43 min

FBI untangles the web that is Scattered Spider.

28 maj 2024 | 39 min

Memorial Day special.

27 maj 2024 | 19 min

Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]

26 maj 2024 | 8 min

International effort dismantles LockBit. [Research Saturday]

25 maj 2024 | 31 min

Cybercriminals target London drugs.

24 maj 2024 | 30 min

Checkmate at check in.

23 maj 2024 | 40 min

Privacy nightmare or useful tool?

22 maj 2024 | 32 min

The secrets of a dark web drug lord.

21 maj 2024 | 40 min

Double key encryption debate.

20 maj 2024 | 45 min

Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]

19 maj 2024 | 8 min

From secret images to encryption keys. [Research Saturday]

18 maj 2024 | 22 min

10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]

18 maj 2024 | 44 min

MediSecure data breach hits Aussie healthcare.

17 maj 2024 | 34 min

FBI strikes against a cybercrime syndicate.

16 maj 2024 | 31 min

A bipartisan blueprint for American leadership.

15 maj 2024 | 42 min

Google strikes back.

14 maj 2024 | 34 min

A battle for digital sovereignty.

13 maj 2024 | 34 min

Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]

12 maj 2024 | 7 min

The double-edged sword of cyber espionage. [Research Saturday]

11 maj 2024 | 20 min

Treasury's offensive in financial defense.

10 maj 2024 | 46 min

Healthcare in the crosshairs.

9 maj 2024 | 48 min

The takedown of a ransomware ringleader.

8 maj 2024 | 41 min

Hack-proofing the future to shape cyberspace.

7 maj 2024 | 32 min

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP]

7 maj 2024 | 15 min

Charting the course: Biden's blueprint for global cybersecurity.

6 maj 2024 | 33 min

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]

6 maj 2024 | 17 min

Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]

5 maj 2024 | 7 min

Geopolitical tensions rise with China. [Research Saturday]

4 maj 2024 | 35 min

Ransomware attack turns legal attack.

3 maj 2024 | 40 min

Dropbox sign breach exposes secrets.

2 maj 2024 | 41 min

Retirement plan breach shakes financial giant.

1 maj 2024 | 40 min

Ransomware is just a prescription for chaos.

30 april 2024 | 31 min

An unprecedented surge in credential stuffing.

29 april 2024 | 32 min

Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]

28 april 2024 | 8 min

Cerber ransomware strikes Linux. [Research Saturday]

27 april 2024 | 16 min

Kaiser Permanente's privacy predicament.

26 april 2024 | 29 min

Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]

26 april 2024 | 55 min

The shadowy adversary in Cisco's crosshairs.

25 april 2024 | 30 min

Iran's covert cyber operations exposed.

24 april 2024 | 42 min

Visa crackdown against spyware swindlers.

23 april 2024 | 36 min

Renewed surveillance sparks controversy.

22 april 2024 | 36 min

Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]

21 april 2024 | 7 min

Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]

21 april 2024 | 18 min

The art of information gathering. [Research Saturday]

20 april 2024 | 32 min

Swift responses to cyberattacks.

19 april 2024 | 31 min

Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]

19 april 2024 | 53 min

From phishing to felony.

18 april 2024 | 34 min

The rebirth of Russia's cyber warfare.

17 april 2024 | 32 min

Weathering the phishing front.

16 april 2024 | 36 min

Hunting vulnerabilities.

15 april 2024 | 32 min

AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]

15 april 2024 | 25 min

Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]

14 april 2024 | 6 min

AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]

14 april 2024 | 22 min

Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]

13 april 2024 | 16 min

Privacy, power, and the path forward.

12 april 2024 | 31 min

Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]

12 april 2024 | 44 min

Apple's worldwide warning on mercenary attacks.

11 april 2024 | 43 min

From deadlock to debate on a revised Section 702 bill.

10 april 2024 | 30 min

Unraveling a healthcare ransomware web.

9 april 2024 | 30 min

A possible breakthrough in data privacy legislation.

8 april 2024 | 32 min

Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]

7 april 2024 | 8 min

Leaking your AWS API keys, on purpose? [Research Saturday]

6 april 2024 | 27 min

Deciphering the Acuity cybersecurity incident.

5 april 2024 | 34 min

Securing secrets: The State Department's cyber hunt.

4 april 2024 | 39 min

Biden administration brings down the hammer.

3 april 2024 | 33 min

From lawsuit to logoff: Google's incognito mode makeover.

2 april 2024 | 37 min

Unmasking the xzploitation.

1 april 2024 | 35 min

Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]

31 mars 2024 | 10 min

The supply chain in disarray. [Research Saturday]

30 mars 2024 | 20 min

Pentagon’s cybersecurity roadmap.

29 mars 2024 | 39 min

AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]

29 mars 2024 | 39 min

A battle against malware.

28 mars 2024 | 33 min

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

28 mars 2024 | 8 min

If there's something strange in your neighborhood, don't call Facebook.

27 mars 2024 | 38 min

Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]

27 mars 2024 | 8 min

The great firewall breached: China's covert cyber assault on America exposed.

26 mars 2024 | 35 min

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

26 mars 2024 | 8 min

Python developers under attack.

25 mars 2024 | 35 min

Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

24 mars 2024 | 8 min

HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]

23 mars 2024 | 24 min

When it rains, it pours.

22 mars 2024 | 34 min

A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]

22 mars 2024 | 70 min

Safeguarding American data from foreign hands.

21 mars 2024 | 43 min

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

21 mars 2024 | 8 min

Biden's cyber splash in protecting the nation's water systems.

20 mars 2024 | 30 min

The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]

20 mars 2024 | 27 min

SIM swap scammer pleads guilty.

19 mars 2024 | 33 min

Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]

19 mars 2024 | 7 min

The hot pursuit of Volt Typhoon.

18 mars 2024 | 31 min

Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

17 mars 2024 | 10 min

Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]

17 mars 2024 | 48 min

Inside SendGrid's phishy business. [Research Saturday]

16 mars 2024 | 32 min

Flight fiasco: UK Defence Minister's jet faces GPS jamming.

15 mars 2024 | 37 min

A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]

15 mars 2024 | 74 min

TikTok showdown: U.S. lawmakers target privacy and security.

14 mars 2024 | 34 min

Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]

14 mars 2024 | 7 min

The usual suspects are up to their usual tricks.

13 mars 2024 | 31 min

Biden's budget boost for cybersecurity.

12 mars 2024 | 27 min

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

12 mars 2024 | 6 min

CISA’s news trifecta.

11 mars 2024 | 36 min

Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

10 mars 2024 | 11 min

Setting better cyber job expectations to attract and retain talent. [Special Edition]

10 mars 2024 | 21 min

Understanding the multi-tiered impact of ransomware. [Research Saturday]

9 mars 2024 | 23 min

From breach to battle: The escalating threat of Midnight Blizzard.

8 mars 2024 | 38 min

Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]

8 mars 2024 | 51 min

A secret scheme resulting in stolen secrets.

7 mars 2024 | 33 min

Encore: Dinah Davis: Building your network. [R&D] [Career Notes]

7 mars 2024 | 8 min

No cyber blues on Super Tuesday.

6 mars 2024 | 38 min

From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]

5 mars 2024 | 8 min

Change Healthcare hackers cash in $22 million ransom.

5 mars 2024 | 28 min

Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]

5 mars 2024 | 8 min

Cyberattack causes a code red on US healthcare.

4 mars 2024 | 30 min

Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

3 mars 2024 | 9 min

The return of a malware menace. [Research Saturday]

2 mars 2024 | 21 min

WhatsApp's legal triumph cracks the spyware vault.

1 mars 2024 | 36 min

Iran's cyber quest in Middle Eastern aerospace.

29 februari 2024 | 32 min

Protecting American data.

28 februari 2024 | 37 min

Out with the old, in with the new.

27 februari 2024 | 27 min

LockBit reloaded: Unveiling the next chapter in cybercrime.

26 februari 2024 | 29 min

Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]

25 februari 2024 | 6 min

Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]

24 februari 2024 | 24 min

Crackdown on privacy leads to a multi-million dollar fine.

23 februari 2024 | 30 min

AT&T outage leaves major cities offline.

22 februari 2024 | 30 min

Anchoring security for US ports.

21 februari 2024 | 37 min

The reign of digital terror ends.

20 februari 2024 | 30 min

AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]

19 februari 2024 | 42 min

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

19 februari 2024 | 32 min

Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]

18 februari 2024 | 7 min

Hackers come hopping back. [Research Saturday]

17 februari 2024 | 20 min

FBI initiates router revolution.

16 februari 2024 | 35 min

An AI arms race.

15 februari 2024 | 31 min

It’s always DNS, but that may just be FUD.

14 februari 2024 | 29 min

Phishing threats unleashed.

13 februari 2024 | 36 min

DOJ strikes justice.

12 februari 2024 | 37 min

Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]

11 februari 2024 | 6 min

Ransomware is coming. [Research Saturday]

10 februari 2024 | 31 min

Imitation game: LastPass vs LassPass.

9 februari 2024 | 35 min

Volt Typhoon’s stealthy threat to US critical infrastructure.

8 februari 2024 | 33 min

Taking a bite out of Apple.

7 februari 2024 | 38 min

Cracking down on spyware.

6 februari 2024 | 34 min

A serious breach showdown.

5 februari 2024 | 36 min

Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]

4 februari 2024 | 6 min

Weathering the internet storm. [Research Saturday]

3 februari 2024 | 26 min

A digital leaker gets 40 years behind bars.

2 februari 2024 | 33 min

Defending America against China's ominous onslaught.

1 februari 2024 | 36 min

VPN compromise causes concerns.

31 januari 2024 | 34 min

A Typhoon counter.

30 januari 2024 | 29 min

Seeking dismissal of SEC allegations.

29 januari 2024 | 31 min

Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]

28 januari 2024 | 8 min

What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]

28 januari 2024 | 32 min

Hooked on pirated macOS applications. [Research Saturday]

27 januari 2024 | 23 min

A new purchase is cause for a call out.

26 januari 2024 | 32 min

Another day, another Blizzard attack.

25 januari 2024 | 36 min

The fight against exploiting Americans.

24 januari 2024 | 38 min

The mother of all data breaches.

23 januari 2024 | 32 min

Midnight Blizzard brings the storm.

22 januari 2024 | 30 min

Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]

21 januari 2024 | 6 min

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

21 januari 2024 | 35 min

A firewall wake up call. [Research Saturday]

20 januari 2024 | 23 min

New malware, new threats.

19 januari 2024 | 33 min

A credential dump hits the online underground.

18 januari 2024 | 31 min

Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]

18 januari 2024 | 30 min

Maximum severity vulnerability needs critical updates.

17 januari 2024 | 36 min

Vulnerabilities and security risks.

16 januari 2024 | 33 min

Putting a dent in the cybersecurity workforce gap. [Special Edition]

15 januari 2024 | 31 min

Encore: Examining the current state of security orchestration. [CyberWire-X]

15 januari 2024 | 32 min

Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]

14 januari 2024 | 5 min

Dual Russian cyber gangs hit 23 companies. [Research Saturday]

13 januari 2024 | 19 min

Casting a wider hiring net.

12 januari 2024 | 35 min

Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.

11 januari 2024 | 33 min

A pivotal global menace.

10 januari 2024 | 33 min

Swatting on the rise.

9 januari 2024 | 31 min

A conclusion on the xDedic Marketplace investigation.

8 januari 2024 | 30 min

Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]

7 januari 2024 | 6 min

Diving deep into Phobos ransomware. [Research Saturday]

6 januari 2024 | 24 min

Disruptions to the internet.

5 januari 2024 | 31 min

Russian hackers hide in Ukraine telecoms for months.

4 januari 2024 | 32 min

A digital disappearance in Utah.

3 januari 2024 | 30 min

Apple's clickless exploit.

2 januari 2024 | 32 min

Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]

1 januari 2024 | 28 min

Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]

31 december 2023 | 5 min

Encore: What malicious campaign is lurking under the surface? [Research Saturday]

30 december 2023 | 24 min

T-Minus Overview- Space Cybersecurity. [t-minus]

29 december 2023 | 21 min

Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]

28 december 2023 | 44 min

Encore: Active visibility into OT systems. [Control Loop]

27 december 2023 | 43 min

NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]

27 december 2023 | 68 min

Artificial Intelligence: Insights & Oddities [8th Layer Insights]

26 december 2023 | 68 min

“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]

26 december 2023 | 62 min

Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]

25 december 2023 | 20 min

The CyberWire: The 12 Days of Malware. [Special Edition]

23 december 2023 | 7 min

Sentenced to hospital detention.

22 december 2023 | 30 min

Kingdom come, kingdom fall.

21 december 2023 | 28 min

Leading the charge in cybercrime take downs.

20 december 2023 | 34 min

A dark web take down.

19 december 2023 | 35 min

14 million customers and stolen data.

18 december 2023 | 29 min

Oren Koren: Crossing music and cybersecurity. [Career Notes]

17 december 2023 | 8 min

Shedding light on fighting Ursa. [Research Saturday]

16 december 2023 | 22 min

Remapping privacy.

15 december 2023 | 30 min

Taking down the storm.

14 december 2023 | 31 min

The United Kingdom's catastrophic ransomware attack.

13 december 2023 | 31 min

An internet blackout.

12 december 2023 | 32 min

China sets sights on US critical infrastructure.

11 december 2023 | 36 min

Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]

10 december 2023 | 4 min

AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]

9 december 2023 | 39 min

On the hunt for popping up kernel drives. [Research Saturday]

9 december 2023 | 15 min

Russia here, Russia there, Russia everywhere.

8 december 2023 | 32 min

New vulnerability packs a punch.

7 december 2023 | 34 min

Push notifications pushing surveillance.

6 december 2023 | 26 min

Sleeper malware denied at Sellafield nuclear site.

5 december 2023 | 23 min

Iran behind attacks on PLCs.

4 december 2023 | 19 min

Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]

3 december 2023 | 9 min

Exploits and vulnerabilities. [Research Saturday]

2 december 2023 | 19 min

Wyden blocks the senate vote.

1 december 2023 | 22 min

Widespread exploitation of severe vulnerability in ownCloud.

30 november 2023 | 27 min

Major crackdown on international cybersecurity.

29 november 2023 | 29 min

Hospitals on the hotplate after ransomware attacks.

28 november 2023 | 24 min

Hacktivists assemble to attack Pennsylvania water utility.

27 november 2023 | 21 min

Chris Hare: Find just three people. [Development] [Career Notes]

26 november 2023 | 8 min

Encore: Another infection with new malware. [Research Saturday]

25 november 2023 | 19 min

Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]

24 november 2023 | 24 min

Cops in the catfish game. [Hacking Humans Goes to the Movies]

23 november 2023 | 29 min

On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.

22 november 2023 | 23 min

Threat actors with mixed motives: from the political to the financial.

21 november 2023 | 23 min

Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.

20 november 2023 | 19 min

Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]

19 november 2023 | 9 min

Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]

19 november 2023 | 51 min

The malicious YoroTrooper in disguise. [Research Saturday]

18 november 2023 | 17 min

AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]

18 november 2023 | 33 min

Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.

17 november 2023 | 31 min

Shopping during wartime? Focus, people.

16 november 2023 | 30 min

Examining the current state of security orchestration. [CyberWire-X]

16 november 2023 | 32 min

A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.

15 november 2023 | 30 min

The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.

14 november 2023 | 29 min

Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.

13 november 2023 | 28 min

Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]

12 november 2023 | 9 min

CSO Perspectives Bonus: Veterans Day special.

10 november 2023 | 18 min

Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.

9 november 2023 | 34 min

No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.

8 november 2023 | 27 min

Cybercriminals at the service of the state, and an array of new underworld tools.

7 november 2023 | 28 min

Precautions, preparations, and resilience against cybercrime and hacktivism.

6 november 2023 | 31 min

CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]

5 november 2023 | 44 min

Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]

5 november 2023 | 9 min

Sandman doesn't slow malware down. [Research Saturday]

4 november 2023 | 23 min

In the offense-defense see-saw, the defense seems to be rising.

3 november 2023 | 33 min

The beginning of an international consensus on AI governance may be emerging from Bletchley Park.

2 november 2023 | 31 min

Hacktivism in two hybrid wars (with an excursus on gastropods).

1 november 2023 | 28 min

What would it take to get you kids into a nice, late-model malware mealkit?

31 oktober 2023 | 26 min

Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)

30 oktober 2023 | 28 min

The Malware Mash! [Bonus]

30 oktober 2023 | 3 min

Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]

29 oktober 2023 | 9 min

No rest for the wicked HiatusRAT. [Research Saturday]

28 oktober 2023 | 23 min

Social engineering as a blunt instrument–almost like swatting without the middleman.

27 oktober 2023 | 28 min

Some intelligence services understand the value of being underestimated.

26 oktober 2023 | 30 min

AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.

25 oktober 2023 | 30 min

Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.

24 oktober 2023 | 28 min

How people get over on the content moderators.

23 oktober 2023 | 30 min

Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]

22 oktober 2023 | 8 min

AMBERSQUID hides in the depths. [Research Saturday]

21 oktober 2023 | 18 min

Disinformation and its often overlooked potential for denial-of-services.

20 oktober 2023 | 32 min

Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.

19 oktober 2023 | 32 min

Hacktivist discipline is inversely correlated with sincerity of commitment.

18 oktober 2023 | 35 min

Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.

17 oktober 2023 | 30 min

Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.

16 oktober 2023 | 31 min

Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]

15 oktober 2023 | 8 min

Unwanted guests harvest your information. [Research Saturday]

14 oktober 2023 | 17 min

Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.

13 oktober 2023 | 29 min

Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.

12 oktober 2023 | 33 min

Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.

11 oktober 2023 | 28 min

The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.

10 oktober 2023 | 32 min

Solution spotlight: Paths to cybersecurity. [Interview Select]

9 oktober 2023 | 21 min

Susie Squier: You're never alone. [President] [Career Notes]

8 oktober 2023 | 8 min

Targets from DuckTail. [Research Saturday]

7 oktober 2023 | 15 min

Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.

6 oktober 2023 | 30 min

Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.

5 oktober 2023 | 25 min

A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.

4 oktober 2023 | 26 min

Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.

3 oktober 2023 | 26 min

Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.

2 oktober 2023 | 28 min

Ted Wagner: Get that hands on experience. [CISO] [Career Notes]

1 oktober 2023 | 9 min

Downloading cracked software. [Research Saturday]

30 september 2023 | 17 min

Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.

29 september 2023 | 27 min

Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.

28 september 2023 | 29 min

What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.

27 september 2023 | 33 min

Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.

26 september 2023 | 23 min

Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.

25 september 2023 | 31 min

Threat intelligence discussion with Chris Krebs. [Special Edition]

25 september 2023 | 16 min

Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]

24 september 2023 | 7 min

Behind the Google shopping ad masks. [Research Saturday]

23 september 2023 | 15 min

Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.

22 september 2023 | 32 min

Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.

21 september 2023 | 31 min

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.

20 september 2023 | 32 min

Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.

19 september 2023 | 27 min

A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.

18 september 2023 | 27 min

Karl Mattson: Defer gratification. (CISO) [Career Notes]

17 september 2023 | 8 min

A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]

16 september 2023 | 40 min

Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.

15 september 2023 | 31 min

Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.

14 september 2023 | 26 min

How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.

13 september 2023 | 26 min

Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”

12 september 2023 | 32 min

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..

11 september 2023 | 31 min

Caroline Wong: A passion for teaching. [CSO] [Career Notes]

10 september 2023 | 8 min

No honor in being a criminal. [Research Saturday]

9 september 2023 | 17 min

Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.

8 september 2023 | 31 min

Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.

7 september 2023 | 27 min

Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.

6 september 2023 | 31 min

In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.

5 september 2023 | 29 min

Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]

4 september 2023 | 12 min

Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]

3 september 2023 | 8 min

Thwarting Muddled Libra. [Research Saturday]

2 september 2023 | 30 min

DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.

1 september 2023 | 32 min

GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.

31 augusti 2023 | 27 min

An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.

30 augusti 2023 | 30 min

A joint advisory on post-quantum readiness. [Special Edition]

30 augusti 2023 | 23 min

Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.

29 augusti 2023 | 26 min

DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.

28 augusti 2023 | 28 min

Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]

27 augusti 2023 | 8 min

Google's not being ghosted from vulnerabilities. [Research Saturday]

26 augusti 2023 | 17 min

Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.

25 augusti 2023 | 27 min

Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.

24 augusti 2023 | 27 min

A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.

23 augusti 2023 | 29 min

A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.

22 augusti 2023 | 30 min

DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.

21 augusti 2023 | 23 min

Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]

20 augusti 2023 | 7 min

Politicians targeted by RomCom. [Research Saturday]

19 augusti 2023 | 23 min

Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.

18 augusti 2023 | 30 min

A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.

17 augusti 2023 | 31 min

China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.

16 augusti 2023 | 31 min

Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.

15 augusti 2023 | 28 min

Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.

14 augusti 2023 | 27 min

Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]

13 augusti 2023 | 10 min

It's raining credentials. [Research Saturday]

12 augusti 2023 | 18 min

Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.

11 augusti 2023 | 31 min

A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.

10 augusti 2023 | 31 min

Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.

9 augusti 2023 | 30 min

Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.

8 augusti 2023 | 29 min

Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.

7 augusti 2023 | 28 min

Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]

6 augusti 2023 | 7 min

Who is that stealing my credentials? [Research Saturday]

5 augusti 2023 | 16 min

2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.

4 augusti 2023 | 27 min

Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.

3 augusti 2023 | 29 min

An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.

2 augusti 2023 | 25 min

Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.

1 augusti 2023 | 29 min

The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.

31 juli 2023 | 27 min

Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]

30 juli 2023 | 7 min

Phishing for leeches. [Research Saturday]

29 juli 2023 | 20 min

A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.

28 juli 2023 | 31 min

Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites

27 juli 2023 | 29 min

A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.

26 juli 2023 | 27 min

Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.

25 juli 2023 | 26 min

DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.

24 juli 2023 | 25 min

Don Welch: Being a good leader. [CIO] [Career Notes]

23 juli 2023 | 9 min

Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]

23 juli 2023 | 31 min

Welcome to New York, it's been waitin' for you. [Research Saturday]

22 juli 2023 | 19 min

Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).

21 juli 2023 | 23 min

Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.

20 juli 2023 | 29 min

Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.

19 juli 2023 | 29 min

Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).

18 juli 2023 | 30 min

Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.

17 juli 2023 | 25 min

Jennifer Addie: Finding creative solutions. [COO] [Career Notes]

16 juli 2023 | 8 min

SCARLETEEL zaps back again. [Research Saturday]

15 juli 2023 | 17 min

Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.

14 juli 2023 | 31 min

Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.

13 juli 2023 | 32 min

Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.

12 juli 2023 | 33 min

Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.

11 juli 2023 | 27 min

New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.

10 juli 2023 | 31 min

Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]

9 juli 2023 | 10 min

Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]

9 juli 2023 | 33 min

Creating PANDA-monium. [Research Saturday]

8 juli 2023 | 17 min

Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.

7 juli 2023 | 30 min

The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.

6 juli 2023 | 27 min

Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.

5 juli 2023 | 25 min

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

4 juli 2023 | 35 min

Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.

3 juli 2023 | 27 min

Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]

2 juli 2023 | 8 min

The power behind artificial intelligence. [Research Saturday]

1 juli 2023 | 19 min

CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.

30 juni 2023 | 32 min

Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.

29 juni 2023 | 29 min

Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.

28 juni 2023 | 28 min

Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.

27 juni 2023 | 28 min

Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.

26 juni 2023 | 31 min

Slavik Markovich: Time is of the essence. [CEO] [Career Notes]

25 juni 2023 | 6 min

Unleashing the crypto gold rush. [Research Saturday]

24 juni 2023 | 24 min

Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.

23 juni 2023 | 34 min

Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.

22 juni 2023 | 32 min

A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.

21 juni 2023 | 28 min

Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.

20 juni 2023 | 29 min

Lorna Mahlock: Build bridges. [Combat support] [Career Notes]

18 juni 2023 | 8 min

Managing machine learning risks. [Research Saturday]

17 juni 2023 | 19 min

The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.

16 juni 2023 | 31 min

Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.

15 juni 2023 | 29 min

CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.

15 juni 2023 | 3 min

A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.

14 juni 2023 | 23 min

CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.

13 juni 2023 | 30 min

Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.

12 juni 2023 | 28 min

Nadir Izrael: Play to your strengths. [CTO] [Career Notes]

11 juni 2023 | 8 min

A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]

10 juni 2023 | 19 min

“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.

9 juni 2023 | 30 min

CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

9 juni 2023 | 3 min

ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.

8 juni 2023 | 28 min

PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.

7 juni 2023 | 26 min

Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.

6 juni 2023 | 30 min

Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.

5 juni 2023 | 25 min

Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]

4 juni 2023 | 8 min

Lancefly screams bloody Merdoor.

3 juni 2023 | 17 min

Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.

2 juni 2023 | 30 min

Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.

1 juni 2023 | 26 min

Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.

31 maj 2023 | 26 min

Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.

30 maj 2023 | 25 min

Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]

28 maj 2023 | 8 min

8 GoAnywhere MFT breaches and counting. [Research Saturday]

27 maj 2023 | 18 min

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.

26 maj 2023 | 27 min

Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.

25 maj 2023 | 33 min

CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]

25 maj 2023 | 3 min

Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.

24 maj 2023 | 26 min

BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.

23 maj 2023 | 30 min

Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.

22 maj 2023 | 27 min

Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]

22 maj 2023 | 40 min

Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

21 maj 2023 | 8 min

Dangerous vulnerabilities in H.264 decoders. [Research Saturday]

20 maj 2023 | 24 min

Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.

19 maj 2023 | 28 min

BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.

18 maj 2023 | 26 min

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]

18 maj 2023 | 3 min

A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.

17 maj 2023 | 28 min

What is data centric security and why should anyone care? [CyberWire-X]

17 maj 2023 | 33 min

DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.

16 maj 2023 | 26 min

Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.

15 maj 2023 | 32 min

Steve Benton: Mixing like a DJ. [VP] [Career Notes]

14 maj 2023 | 8 min

Running away from operation Tainted Love. [Research Saturday]

13 maj 2023 | 23 min

CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.

12 maj 2023 | 3 min

Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.

12 maj 2023 | 28 min

Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.

11 maj 2023 | 25 min

CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.

11 maj 2023 | 3 min

Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.

10 maj 2023 | 28 min

State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.

9 maj 2023 | 26 min

Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.

8 maj 2023 | 27 min

Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]

7 maj 2023 | 8 min

Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]

6 maj 2023 | 21 min

DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.

5 maj 2023 | 37 min

Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.

4 maj 2023 | 31 min

Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.

3 maj 2023 | 33 min

From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)

2 maj 2023 | 31 min

FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.

1 maj 2023 | 35 min

Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]

30 april 2023 | 9 min

HinataBot focuses on DDoS attack. [Research Saturday]

29 april 2023 | 27 min

What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?

28 april 2023 | 29 min

Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)

27 april 2023 | 29 min

BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.

26 april 2023 | 29 min

BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.

25 april 2023 | 31 min

Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

24 april 2023 | 27 min

Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.

23 april 2023 | 23 min

Maria Varmazis: Combining cyber and space. [Space] [Career Notes]

23 april 2023 | 7 min

Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]

22 april 2023 | 19 min

Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.

21 april 2023 | 30 min

Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.

20 april 2023 | 28 min

CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.

20 april 2023 | 3 min

Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”

19 april 2023 | 29 min

A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]

19 april 2023 | 26 min

Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.

18 april 2023 | 28 min

Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?

17 april 2023 | 30 min

Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]

16 april 2023 | 9 min

New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]

15 april 2023 | 14 min

"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.

14 april 2023 | 29 min

Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.

13 april 2023 | 31 min

Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.

12 april 2023 | 29 min

IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.

11 april 2023 | 28 min

A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.

10 april 2023 | 28 min

Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]

9 april 2023 | 9 min

A dark side to LLMs. [Research Saturday]

8 april 2023 | 18 min

Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.

7 april 2023 | 30 min

New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.

6 april 2023 | 28 min

Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.

5 april 2023 | 25 min

Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.

4 april 2023 | 29 min

"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.

3 april 2023 | 31 min

Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]

2 april 2023 | 7 min

Blackfly flies back again. [Research Saturday]

1 april 2023 | 14 min

A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.

31 mars 2023 | 28 min

A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.

30 mars 2023 | 28 min

Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.

29 mars 2023 | 24 min

Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.

28 mars 2023 | 24 min

Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.

27 mars 2023 | 30 min

An introduction to the National Cryptologic Museum. [Special Edition]

27 mars 2023 | 27 min

Two viewpoints on the National Cybersecurity Strategy. [Special Edition]

26 mars 2023 | 35 min

Tanya Janca: Find a community who supports you. [CEO] [Career Notes]

26 mars 2023 | 8 min

Popunders are not the good kind of ads. [Research Saturday]

25 mars 2023 | 25 min

Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.

24 mars 2023 | 28 min

Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.

23 mars 2023 | 26 min

Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.

22 mars 2023 | 27 min

Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.

21 mars 2023 | 27 min

Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.

20 mars 2023 | 27 min

Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]

19 mars 2023 | 8 min

CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.

18 mars 2023 | 3 min

ChatGPT grants malicious wishes? [Research Saturday]

18 mars 2023 | 16 min

Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.

17 mars 2023 | 30 min

CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.

16 mars 2023 | 29 min

CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]

16 mars 2023 | 3 min

Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).

15 mars 2023 | 27 min

Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.

14 mars 2023 | 26 min

Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.

13 mars 2023 | 29 min

Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]

12 mars 2023 | 8 min

Files stolen from a sneaky SymStealer. [Research Saturday]

11 mars 2023 | 14 min

Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.

10 mars 2023 | 25 min

PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.

9 mars 2023 | 27 min

Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.

8 mars 2023 | 27 min

A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.

7 mars 2023 | 28 min

That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.

6 mars 2023 | 29 min

Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]

5 mars 2023 | 8 min

New exploits are tricking Chrome. [Research Saturday]

4 mars 2023 | 16 min

More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.

3 mars 2023 | 25 min

CISA Alert AA23-061A – #StopRansomware: Royal ransomware.

3 mars 2023 | 3 min

CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]

3 mars 2023 | 3 min

CyberWire commentary: Ukraine one year on. [Special Edition]

3 mars 2023 | 25 min

The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.

2 mars 2023 | 25 min

How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.

1 mars 2023 | 24 min

Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.

28 februari 2023 | 27 min

Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.

27 februari 2023 | 26 min

Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]

26 februari 2023 | 8 min

The next hot AI scam. [Research Saturday]

25 februari 2023 | 25 min

A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.

24 februari 2023 | 31 min

Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.

23 februari 2023 | 29 min

Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.

22 februari 2023 | 29 min

GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?

21 februari 2023 | 28 min

Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]

20 februari 2023 | 21 min

Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]

19 februari 2023 | 8 min

Implementing and achieving security resilience. [Research Saturday]

18 februari 2023 | 20 min

FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.

17 februari 2023 | 32 min

APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.

16 februari 2023 | 25 min

A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.

15 februari 2023 | 29 min

Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.

14 februari 2023 | 27 min

Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.

13 februari 2023 | 25 min

Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]

12 februari 2023 | 8 min

Knocking down the legs of the industrial security triad. [Research Saturday]

11 februari 2023 | 20 min

US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)

10 februari 2023 | 29 min

CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]

10 februari 2023 | 3 min

Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.

9 februari 2023 | 29 min

CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]

9 februari 2023 | 3 min

An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.

8 februari 2023 | 30 min

Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.

7 februari 2023 | 27 min

Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.

6 februari 2023 | 24 min

Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]

5 februari 2023 | 9 min

“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]

5 februari 2023 | 27 min

Can ransomware turn machines against us? [Research Saturday]

4 februari 2023 | 19 min

Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.

3 februari 2023 | 29 min

Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.

2 februari 2023 | 30 min

How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.

1 februari 2023 | 32 min

The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.

31 januari 2023 | 30 min

Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?

30 januari 2023 | 25 min

Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[

29 januari 2023 | 8 min

Interview with the AI, part one. [Special Editions]

29 januari 2023 | 27 min

Flagging firmware vulnerabilities. [Research Saturday]

28 januari 2023 | 16 min

An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.

27 januari 2023 | 26 min

Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.

26 januari 2023 | 28 min

CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]

26 januari 2023 | 3 min

TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.

25 januari 2023 | 30 min

Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]

25 januari 2023 | 61 min

Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.

24 januari 2023 | 29 min

Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.

23 januari 2023 | 26 min

Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]

22 januari 2023 | 8 min

The power of web data in cybersecurity. [CyberWire-X]

22 januari 2023 | 29 min

Billbug infests government agencies. [Research Saturday]

21 januari 2023 | 14 min

Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.

20 januari 2023 | 28 min

Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.

19 januari 2023 | 28 min

ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.

18 januari 2023 | 31 min

Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”

17 januari 2023 | 24 min

Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]

16 januari 2023 | 38 min

Gene Fay: Lead from the front. [CEO] [Career Notes]

15 januari 2023 | 8 min

DUCKTAIL waddles back again. [Research Saturday]

14 januari 2023 | 22 min

Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.

13 januari 2023 | 28 min

Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.

12 januari 2023 | 24 min

Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.

11 januari 2023 | 31 min

Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.

10 januari 2023 | 27 min

Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”

9 januari 2023 | 29 min

Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]

8 januari 2023 | 7 min

Stealer malware from Russia. [Research Saturday]

7 januari 2023 | 18 min

CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.

6 januari 2023 | 30 min

PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.

5 januari 2023 | 28 min

Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.

4 januari 2023 | 26 min

DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.

3 januari 2023 | 28 min

Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]

3 januari 2023 | 43 min

Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]

2 januari 2023 | 47 min

Encore: LemonDucks evading detection.

31 december 2022 | 15 min

Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.

30 december 2022 | 11 min

Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]

29 december 2022 | 34 min

Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.

28 december 2022 | 8 min

Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.

27 december 2022 | 15 min

Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.

26 december 2022 | 7 min

The CyberWire: The 12 Days of Malware.[Special Editions]

25 december 2022 | 7 min

Encore: Vulnerabilities in IoT devices.

24 december 2022 | 22 min

PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.

23 december 2022 | 30 min

Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.

22 december 2022 | 28 min

Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.

21 december 2022 | 27 min

Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.

20 december 2022 | 25 min

BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.

19 december 2022 | 27 min

Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]

18 december 2022 | 8 min

Strategies to get the most out of your toolsets. [CyberWire-X]

18 december 2022 | 39 min

Hijacking holiday spirit with phishing scams. [Research Saturday]

17 december 2022 | 20 min

Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.

16 december 2022 | 29 min

Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.

15 december 2022 | 29 min

InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.

14 december 2022 | 29 min

Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.

13 december 2022 | 25 min

Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.

12 december 2022 | 27 min

Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]

11 december 2022 | 33 min

Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]

11 december 2022 | 10 min

Cybersecurity during the World Cup. [Research Saturday]

10 december 2022 | 25 min

Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.

9 december 2022 | 30 min

The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.

8 december 2022 | 27 min

Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..

7 december 2022 | 27 min

CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]

7 december 2022 | 3 min

Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.

6 december 2022 | 29 min

Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.

5 december 2022 | 24 min

Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]

4 december 2022 | 8 min

Old malware returns in a new way. [Research Saturday]

3 december 2022 | 24 min

Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.

2 december 2022 | 26 min

Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.

1 december 2022 | 30 min

LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.

30 november 2022 | 25 min

DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.

29 november 2022 | 24 min

Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”

28 november 2022 | 29 min

Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]

27 november 2022 | 7 min

Encore: The secrets behind Docker.

26 november 2022 | 21 min

Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]

25 november 2022 | 16 min

Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]

24 november 2022 | 6 min

Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.

23 november 2022 | 24 min

Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

22 november 2022 | 21 min

Callback phishing offers to solve your problem (it won’t). Mustang Panda’s recent activities. DEV0569’s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.

21 november 2022 | 25 min

Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]

20 november 2022 | 8 min

Another infection with new malware. [Research Saturday]

19 november 2022 | 19 min

Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.

18 november 2022 | 27 min

CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. [CISA Cybersecurity Alerts]

18 november 2022 | 3 min

Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.

17 november 2022 | 26 min

Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022

16 november 2022 | 25 min

CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. [CISA Cybersecurity Alerts]

16 november 2022 | 3 min

An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.

15 november 2022 | 25 min

Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).

14 november 2022 | 28 min

Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]

13 november 2022 | 8 min

An in-depth look on the Crytox ransomware family. [Research Saturday]

12 november 2022 | 14 min

CSO Perspectives Bonus: Veterans Day special.

11 november 2022 | 18 min

US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.

10 november 2022 | 32 min

A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.

9 november 2022 | 22 min

Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.

8 november 2022 | 27 min

Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.

7 november 2022 | 26 min

Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]

6 november 2022 | 9 min

Over-the-air 0-day vulnerabilities. [Research Saturday]

5 november 2022 | 21 min

Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.

4 november 2022 | 25 min

“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?

3 november 2022 | 27 min

OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.

2 november 2022 | 29 min

OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.

1 november 2022 | 26 min

Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australia’s ForceNet. Threat trends.

31 oktober 2022 | 26 min

Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]

30 oktober 2022 | 9 min

Bugs and working from home. [Research Saturday]

29 oktober 2022 | 27 min

Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.

28 oktober 2022 | 30 min

The Malware Mash! [Bonus]

28 oktober 2022 | 3 min

CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.

27 oktober 2022 | 29 min

Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.

26 oktober 2022 | 26 min

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.

25 oktober 2022 | 21 min

US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Iran’s nuclear agency discloses hack. Hybrid war and threats to infrastructure.

24 oktober 2022 | 27 min

CISA Alert AA22-294A – #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]

24 oktober 2022 | 3 min

Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]

23 oktober 2022 | 9 min

New tools target governments in Middle East? [Research Saturday]

22 oktober 2022 | 17 min

Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.

21 oktober 2022 | 29 min

Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.

20 oktober 2022 | 29 min

Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.

19 oktober 2022 | 25 min

Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.

18 oktober 2022 | 29 min

Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russia’s hybrid war.

17 oktober 2022 | 29 min

Cyber confidence: Knowing what you have and where it is. [CyberWire-X]

16 oktober 2022 | 30 min

Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]

16 oktober 2022 | 9 min

Noberus ransomware: evolving tactics. [Research Saturday]

15 oktober 2022 | 21 min

Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraine’s Starlink. Killnet’s potential. The gamer’s attack surface.

14 oktober 2022 | 28 min

What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russia’s hybrid war.

13 oktober 2022 | 23 min

Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.

12 oktober 2022 | 25 min

An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.

11 oktober 2022 | 27 min

CyberWire’s space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]

10 oktober 2022 | 20 min

Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]

10 oktober 2022 | 33 min

Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]

9 oktober 2022 | 36 min

Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]

9 oktober 2022 | 9 min

Google Drive used for malware? [Research Saturday]

8 oktober 2022 | 23 min

A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.

7 oktober 2022 | 28 min

CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.

7 oktober 2022 | 3 min

Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.

6 oktober 2022 | 26 min

Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.

5 oktober 2022 | 28 min

CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.

4 oktober 2022 | 3 min

CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.

4 oktober 2022 | 33 min

Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.

3 oktober 2022 | 30 min

The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]

2 oktober 2022 | 28 min

Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

2 oktober 2022 | 9 min

Targeting your browser bookmarks? [Research Saturday]

1 oktober 2022 | 18 min

Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.

30 september 2022 | 31 min

Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

29 september 2022 | 24 min

DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.

28 september 2022 | 30 min

Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.

27 september 2022 | 23 min

Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.

26 september 2022 | 25 min

Adam Marrè: Learning to be a leader. [CISO] [Career Notes]

25 september 2022 | 10 min

Keeping an eye on RDS vulnerabilities. [Research Saturday]

24 september 2022 | 16 min

Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.

23 september 2022 | 29 min

GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.

22 september 2022 | 30 min

CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]

22 september 2022 | 3 min

CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]

22 september 2022 | 3 min

A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.

21 september 2022 | 28 min

An overview of Russian cyber operations. The IT Army of Ukraine says it’s doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.

20 september 2022 | 27 min

An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.

19 september 2022 | 24 min

Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]

18 september 2022 | 9 min

An increase in bypassing bot management? [Research Saturday]

17 september 2022 | 15 min

Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.

16 september 2022 | 29 min

CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]

15 september 2022 | 3 min

Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.

15 september 2022 | 30 min

Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).

14 september 2022 | 31 min

A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]

13 september 2022 | 23 min

Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPad’s return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kitten’s social engineering.

13 september 2022 | 30 min

Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.

12 september 2022 | 26 min

Mark Logan: March towards your goals. [CEO] [Career Notes]

11 september 2022 | 9 min

A CSO's 9/11 Story: CSO Perspectives Bonus.

11 september 2022 | 29 min

Evilnum APT returns with new targets. [Research Saturday]

10 september 2022 | 22 min

Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.

9 september 2022 | 32 min

Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.

8 september 2022 | 27 min

Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.

7 september 2022 | 25 min

CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]

6 september 2022 | 3 min

Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.

6 september 2022 | 30 min

New CISO responsibilities: supply chain. [CSO Perspectives]

5 september 2022 | 26 min

Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]

4 september 2022 | 9 min

LockBit's contradiction on encryption speed. [Research Saturday]

3 september 2022 | 20 min

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.

2 september 2022 | 29 min

News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.

1 september 2022 | 31 min

Securing multi-cloud identity with orchestration. [CyberWire-X]

1 september 2022 | 32 min

Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. “Cosplaying” hardware.

31 augusti 2022 | 25 min

Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russia’s hybrid war. And the LockBit gang looks beyond double extortion.

30 augusti 2022 | 25 min

How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.

29 augusti 2022 | 23 min

David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]

28 augusti 2022 | 7 min

How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]

27 augusti 2022 | 24 min

A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.

26 augusti 2022 | 26 min

Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.

25 augusti 2022 | 27 min

Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.

24 augusti 2022 | 27 min

Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.

23 augusti 2022 | 28 min

Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.

22 augusti 2022 | 21 min

Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]

21 augusti 2022 | 10 min

Clipminer: Making millions off of malware. [Research Saturday]

20 augusti 2022 | 16 min

Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.

19 augusti 2022 | 30 min

BlackByte’s back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russia’s hybrid war. Cyber war clauses coming to cyber insurance policies.

18 augusti 2022 | 29 min

Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.

17 augusti 2022 | 26 min

CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}

17 augusti 2022 | 3 min

Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.

16 augusti 2022 | 26 min

Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.

15 augusti 2022 | 25 min

Christian Lees: it's not always textbook. [CTO] [Career Notes]

14 augusti 2022 | 8 min

Red teamer's perspective on demotivating attackers. [CyberWire-X]

14 augusti 2022 | 26 min

Fake job ads and how to spot them. [Research Saturday]

13 augusti 2022 | 18 min

The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.

12 augusti 2022 | 27 min

CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}

11 augusti 2022 | 3 min

Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.

11 augusti 2022 | 27 min

Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russia’s hybrid war.

10 augusti 2022 | 33 min

Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.

9 augusti 2022 | 28 min

Cybersecurity is a team sport. [CyberWire-X]

9 augusti 2022 | 33 min

Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.

8 augusti 2022 | 26 min

Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]

7 augusti 2022 | 9 min

Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]

6 augusti 2022 | 16 min

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.

5 augusti 2022 | 28 min

Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.

4 augusti 2022 | 27 min

CISA Alert AA22-216A – 2021 top malware strains. [CISA Cybersecurity Alerts]

4 augusti 2022 | 3 min

Tories delay leadership vote over security concerns. Cyber phases of Russia’s hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.

3 augusti 2022 | 30 min

Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putin’s long table?

2 augusti 2022 | 28 min

KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.

1 augusti 2022 | 28 min

Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]

31 juli 2022 | 8 min

What malicious campaign is lurking under the surface? [Research Saturday]

30 juli 2022 | 22 min

Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.

29 juli 2022 | 27 min

SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.

28 juli 2022 | 24 min

The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.

27 juli 2022 | 25 min

LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.

26 juli 2022 | 26 min

The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.

25 juli 2022 | 27 min

Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]

24 juli 2022 | 7 min

The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]

24 juli 2022 | 27 min

Has GOLD SOUTHFIELD resumed operations? [Research Saturday]

23 juli 2022 | 21 min

Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in “pig-butchering.”

22 juli 2022 | 28 min

Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.

21 juli 2022 | 29 min

Cyber phases of Russia’s hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.

20 juli 2022 | 31 min

Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.

19 juli 2022 | 29 min

Ukraine’s security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attaché office in London.

18 juli 2022 | 24 min

Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]

17 juli 2022 | 6 min

Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]

17 juli 2022 | 29 min

A record breaking DDoS attack. [Research Saturday]

16 juli 2022 | 25 min

Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.

15 juli 2022 | 35 min

A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]

15 juli 2022 | 35 min

Ukraine evaluates Russia’s cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.

14 juli 2022 | 30 min

AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.

13 juli 2022 | 27 min

High-end and low-end extortion. Push to start–wait, not you… Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.

12 juli 2022 | 28 min

DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.

11 juli 2022 | 26 min

Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]

10 juli 2022 | 7 min

Information operations during a war. [Research Saturday]

9 juli 2022 | 19 min

An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.

8 juli 2022 | 27 min

Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.

7 juli 2022 | 32 min

CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]

6 juli 2022 | 3 min

Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.

6 juli 2022 | 30 min

Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.

5 juli 2022 | 30 min

Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]

4 juli 2022 | 60 min

Could REvil have a copycat? [Research Saturday]

2 juli 2022 | 15 min

Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBI’s Ten Most Wanted.

1 juli 2022 | 29 min

CISA Alert AA22-181A – #StopRansomware: MedusaLocker. [CISA Cybersecurity Alerts]

30 juni 2022 | 3 min

Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.

30 juni 2022 | 30 min

Article 5? It’s complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.

29 juni 2022 | 29 min

DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?

28 juni 2022 | 28 min

Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.

27 juni 2022 | 24 min

Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]

26 juni 2022 | 8 min

Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]

25 juni 2022 | 21 min

Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection

24 juni 2022 | 28 min

CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]

24 juni 2022 | 3 min

Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.

23 juni 2022 | 28 min

A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain’t so, Dmitry.

22 juni 2022 | 29 min

Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia’ hybrid war. A conviction in the Capital One hacking case.

21 juni 2022 | 29 min

Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.

20 juni 2022 | 16 min

Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]

19 juni 2022 | 7 min

Dissecting the Spring4Shell vulnerability. [Research Saturday]

18 juni 2022 | 22 min

Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.

17 juni 2022 | 30 min

Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.

16 juni 2022 | 28 min

Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.

15 juni 2022 | 29 min

Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war’s effect on the underworld.

14 juni 2022 | 26 min

A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.

13 juni 2022 | 26 min

Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]

12 juni 2022 | 8 min

New developments in the WSL attack. [Research Saturday]

11 juni 2022 | 22 min

The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.

10 juni 2022 | 31 min

Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.

9 juni 2022 | 28 min

Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its “plumbing.” CISA adds Known Exploited Vulnerabilities. News from Jersey.

8 juni 2022 | 29 min

CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]

8 juni 2022 | 4 min

Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus

7 juni 2022 | 26 min

Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."

6 juni 2022 | 27 min

Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]

5 juni 2022 | 8 min

Defining the intruder’s dilemma. [CyberWire-X]

5 juni 2022 | 34 min

LemonDucks evading detection. [Research Saturday]

4 juni 2022 | 15 min

Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.

3 juni 2022 | 26 min

Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.

2 juni 2022 | 23 min

CISA Alert AA22-152A – Karakurt data extortion group. [CISA Cybersecurity Alerts]

1 juni 2022 | 3 min

Costa Rica hit with another round of ransomware. Cyber phases of Russia’s hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!

1 juni 2022 | 24 min

Potential cyber threats to agriculture. Cyber phases of Russia’s hybrid war. REvil prosecution at a stand (and it’s the Americans’ fault, say Russian sources). Microsoft mitigates Follima.

31 maj 2022 | 27 min

Michael Scott: A team of humble intellects. [Information security] [Career Notes]

29 maj 2022 | 8 min

Compromised military tech? [Research Saturday]

28 maj 2022 | 20 min

Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.

27 maj 2022 | 23 min

"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.

26 maj 2022 | 25 min

More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.

25 maj 2022 | 26 min

Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoader’s phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?

24 maj 2022 | 28 min

A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti’s toxic branding. Happy birthday, US Cyber Command.

23 maj 2022 | 23 min

Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]

22 maj 2022 | 8 min

AutoWarp bug leads to Automation headaches. [Research Saturday]

21 maj 2022 | 18 min

Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.

20 maj 2022 | 30 min

CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]

20 maj 2022 | 3 min

Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.

19 maj 2022 | 30 min

CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]

19 maj 2022 | 3 min

Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.

18 maj 2022 | 25 min

CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]

17 maj 2022 | 3 min

Russian cyber threats and NATO’s Article 5. Conti says it’s going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.

17 maj 2022 | 28 min

Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.

16 maj 2022 | 24 min

Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]

15 maj 2022 | 7 min

The current state of zero trust. [CyberWire-X]

15 maj 2022 | 32 min

Vulnerabilities in IoT devices. [Research Saturday]

14 maj 2022 | 22 min

War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.

13 maj 2022 | 24 min

Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.

12 maj 2022 | 25 min

CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]

12 maj 2022 | 3 min

Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.

11 maj 2022 | 25 min

Notes on cyber phases of Russia’s hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spain’s spyware scandal claims an intelligence chief.

10 maj 2022 | 29 min

Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia’s hybrid war. That apology? The Kremlin takes it back.

9 maj 2022 | 25 min

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

8 maj 2022 | 8 min

Attacking where vulnerable. [Research Saturday]

7 maj 2022 | 16 min

Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mother’s Day (and stay safe online).

6 maj 2022 | 20 min

Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.

5 maj 2022 | 23 min

More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks.

4 maj 2022 | 28 min

Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.

3 maj 2022 | 23 min

The future of security validation – what next? [CyberWire-X]

3 maj 2022 | 29 min

Cyber sabotage and cyberespionage. Updates on Russia’s hybrid war against Ukraine. REvil seems to have returned.

2 maj 2022 | 24 min

Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

1 maj 2022 | 8 min

DevSecOps and securing the container. [CyberWire-X]

1 maj 2022 | 32 min

Attackers coming in from the Backdoor? [Research Saturday]

30 april 2022 | 21 min

Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.

29 april 2022 | 25 min

Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Name that mascot.

28 april 2022 | 23 min

Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.

27 april 2022 | 22 min

Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.

26 april 2022 | 27 min

Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. No farms, no future. Locked Shields wraps up.

25 april 2022 | 22 min

Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]

24 april 2022 | 8 min

BABYSHARK is swimming again! [Research Saturday]

23 april 2022 | 36 min

The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Conti’s fortunes. More_eggs resurfaces. BlackCat ransomware warning.

22 april 2022 | 29 min

Renewed Five Eyes’ warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.

21 april 2022 | 21 min

Updates on Russia’s hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.

20 april 2022 | 25 min

In a hybrid war, it’s about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.

19 april 2022 | 23 min

Nuisance-level cyber ops in a hybrid war. “CatalanGate.” Industrial Spy caters to victims’ competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.

18 april 2022 | 24 min

CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]

17 april 2022 | 40 min

Satya Gupta: Rising to your contribution. [CTO] [Career Notes]

17 april 2022 | 8 min

A fight to defend Taiwan financial institutions. [Research Saturday]

16 april 2022 | 18 min

Further developments in Russia’s hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.

15 april 2022 | 23 min

A nation-state threat actor targets industrial systems. It’s hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.

14 april 2022 | 22 min

Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.

13 april 2022 | 25 min

Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.

12 april 2022 | 26 min

Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC official’s device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.

11 april 2022 | 24 min

SolarWinds through a first principle lens. [CSO Perspectives]

11 april 2022 | 23 min

Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]

10 april 2022 | 10 min

The secrets behind Docker. [Research Saturday]

9 april 2022 | 21 min

Disinformation in Russia’s war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.

8 april 2022 | 23 min

Blocking and tackling in the cyber phases of Russia’s hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.

7 april 2022 | 27 min

Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA

6 april 2022 | 25 min

Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.

5 april 2022 | 22 min

Doxing, trolling, and censorship in a hybrid war. Borat RAT. State’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.

4 april 2022 | 29 min

Living security: the current state of XDR. [CyberWire-X]

3 april 2022 | 30 min

Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]

3 april 2022 | 6 min

A popular malware scheme and pay-per-install services. [Research Saturday]

2 april 2022 | 19 min

Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And we’re not joking.

1 april 2022 | 25 min

Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.

31 mars 2022 | 22 min

Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.

30 mars 2022 | 23 min

Cyber phases of a hybrid war continue at a nuisance level. IcedID’s distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.

29 mars 2022 | 28 min

Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.

28 mars 2022 | 24 min

The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]

26 mars 2022 | 19 min

Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.

25 mars 2022 | 25 min

Updates on Russia’s hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivism’s sometimes wayward aim.

24 mars 2022 | 26 min

Insider Risk Excellence Awards. [CyberWire-X]

24 mars 2022 | 23 min

British-American warnings of a Russian cyber threat, and Russia’s response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.

23 mars 2022 | 26 min

White House adds its voice to CISA’s Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.

22 mars 2022 | 24 min

Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.

21 mars 2022 | 26 min

Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]

20 mars 2022 | 8 min

Implications of data leaks of sensitive OT information. [Research Saturday]

19 mars 2022 | 23 min

Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.

18 mars 2022 | 24 min

Debunking deepfakes. Hacktivism and information warfare. The prospect of “splinternets.” Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.

17 mars 2022 | 24 min

Ukrainian President Zelenskyy addresses the US Congress, as Russia’s hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.

16 mars 2022 | 24 min

Disinformation and cyberattacks in Russia’s hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.

15 mars 2022 | 28 min

Russia’s hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.

14 mars 2022 | 26 min

Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]

13 mars 2022 | 6 min

The story of REvil: From origin to beyond. [Research Saturday]

12 mars 2022 | 32 min

An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.

11 mars 2022 | 26 min

Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.

10 mars 2022 | 29 min

Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterday’s Patch Tuesday.

9 mars 2022 | 27 min

Updates on Russia’s hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.

8 mars 2022 | 26 min

Cyber dimensions of Russia’s hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).

7 mars 2022 | 27 min

HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]

6 mars 2022 | 36 min

Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]

6 mars 2022 | 9 min

An abuse of trust: Potential security issues with open redirects. [Research Saturday]

5 mars 2022 | 23 min

Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And there’s no US draft.

4 mars 2022 | 26 min

Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.

3 mars 2022 | 29 min

Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.

2 mars 2022 | 28 min

Updates on Russia’s invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.

1 mars 2022 | 29 min

An update on Russia’s hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.

28 februari 2022 | 26 min

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

27 februari 2022 | 8 min

Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]

26 februari 2022 | 20 min

Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.

25 februari 2022 | 28 min

Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.

24 februari 2022 | 24 min

Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.

23 februari 2022 | 30 min

Escalation in Russia’s hybrid aggression. APT10’s espionage against Taiwan’s financial sector. Developments in the C2C market. Jamming your teen’s Internet access.

22 februari 2022 | 29 min

Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."

21 februari 2022 | 24 min

Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures

21 februari 2022 | 30 min

Joe Carrigan: Build your network. [Security engineer] [Career Notes]

20 februari 2022 | 9 min

What Log4Shell has taught us. [CyberWire-X]

20 februari 2022 | 32 min

Instagram hijacks all start with a phish. [Research Saturday]

19 februari 2022 | 22 min

False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Kraken’s evolution. CISA’s guide to free security tools.

18 februari 2022 | 28 min

Someone’s engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.

17 februari 2022 | 28 min

A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. China’s favorite RAT. QR codes. Addiction to alt-coin speculation.

16 februari 2022 | 30 min

Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.

15 februari 2022 | 26 min

Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?

14 februari 2022 | 24 min

Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]

13 februari 2022 | 7 min

SysJoker backdoor masquerades as benign updates. [Research Saturday]

12 februari 2022 | 14 min

Update on Russia’s hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And there’s a new wrinkle in the old familiar Nigerian prince scam.

11 februari 2022 | 28 min

Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Group’s new yet familiar phishbait. Warnings about ransomware.

10 februari 2022 | 28 min

A Foreign Office hack is disclosed (but that’s it). Preparing for a cyber escalation in the hybrid war Russia’s waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.

9 februari 2022 | 26 min

Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.

8 februari 2022 | 27 min

Russia’s hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCat’s connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.

7 februari 2022 | 26 min

The persistent and patient nature of advanced threat actors. [Research Saturday]

5 februari 2022 | 19 min

Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.

4 februari 2022 | 27 min

Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.

3 februari 2022 | 29 min

Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.

2 februari 2022 | 26 min

Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.

1 februari 2022 | 31 min

The UN Security Council will take up Russia’s hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.

31 januari 2022 | 28 min

Helen Patton: A platform to talk about security. [CISO] [Career Notes]

30 januari 2022 | 9 min

Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]

30 januari 2022 | 34 min

Use of legitimate tools possibly linked to Seedworm. [Research Saturday]

29 januari 2022 | 15 min

Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.

28 januari 2022 | 28 min

Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.

27 januari 2022 | 24 min

Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.

26 januari 2022 | 28 min

Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPacker’s two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.

25 januari 2022 | 32 min

Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.

24 januari 2022 | 28 min

Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]

23 januari 2022 | 8 min

A collaboration stumbles upon threat actor Lyceum. [Research Saturday]

22 januari 2022 | 18 min

Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.

22 januari 2022 | 26 min

Looking toward tomorrow’s Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.

20 januari 2022 | 29 min

Updates on what Ukraine is now calling “BleedingBear.” CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.

19 januari 2022 | 26 min

A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.

18 januari 2022 | 26 min

SOAR - a first principle idea. [CSO Perspectives}

17 januari 2022 | 18 min

Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]

16 januari 2022 | 9 min

Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]

15 januari 2022 | 25 min

Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.

14 januari 2022 | 29 min

A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.

13 januari 2022 | 27 min

The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.

12 januari 2022 | 26 min

Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.

11 januari 2022 | 27 min

CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7’s BadUSB campaign. Security and Yealink.

10 januari 2022 | 30 min

Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]

9 januari 2022 | 9 min

The rise of Karakurt Hacking Team.

8 januari 2022 | 13 min

Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.

7 januari 2022 | 25 min

Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.

6 januari 2022 | 29 min

CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.

5 januari 2022 | 30 min

Log4j issues persist. Konni RAT found in New Year’s greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushin’s knowledge. The Show-Me-Too-Much State.

4 januari 2022 | 32 min

Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.

3 januari 2022 | 25 min

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

2 januari 2022 | 8 min

Cybersecurity predictions for 2022. [CyberWire-X]

2 januari 2022 | 30 min

Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]

1 januari 2022 | 21 min

CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.

31 december 2021 | 13 min

CyberWire Pro Interview Selects: Sir David Omand.

30 december 2021 | 22 min

CyberWire Pro Interview Selects: Zan Vautrinot on boards.

29 december 2021 | 20 min

CyberWire Pro Interview Selects: Bill Wright of Splunk.

28 december 2021 | 10 min

CSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.

27 december 2021 | 23 min

Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

26 december 2021 | 8 min

CyberWire Pro Research Briefing from 12/21/2021.

25 december 2021 | 9 min

The CyberWire: The 12 Days of Malware.

25 december 2021 | 7 min

CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.

24 december 2021 | 11 min

Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.

23 december 2021 | 27 min

The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.

22 december 2021 | 27 min

Belgium’s MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (one’s in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.

21 december 2021 | 27 min

Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.

20 december 2021 | 26 min

Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]

19 december 2021 | 9 min

Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]

18 december 2021 | 16 min

Log4j updates, with a side of Fancy Bear. Roots of Huawei’s career as a security risk. Tropic Trooper is back. Meta boots “cyber mercenaries.” Other cyberespionage incidents.

17 december 2021 | 25 min

Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.

16 december 2021 | 26 min

Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.

15 december 2021 | 28 min

Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.

14 december 2021 | 32 min

Updates on Log4shell, now being exploited in the wild. India PM’s Twitter account is hijacked. Extortion at Brazil’s Ministry of Health and Volvo. Phishing sites’ lifespan. Sentence passed.

13 december 2021 | 27 min

Hannah Kenney: Focused on people. [Risk] [Career Notes]

12 december 2021 | 7 min

FIN7 repositioning focus into ransomware. [Research Saturday]

11 december 2021 | 28 min

Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.

10 december 2021 | 25 min

Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.

9 december 2021 | 31 min

AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.

8 december 2021 | 24 min

The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?

7 december 2021 | 29 min

Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.

6 december 2021 | 24 min

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

5 december 2021 | 7 min

Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]

5 december 2021 | 49 min

Getting in and getting out with SnapMC. [Research Saturday]

4 december 2021 | 17 min

Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.

3 december 2021 | 25 min

More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?

2 december 2021 | 25 min

Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISA’s ICS advisories. Moscow on cybercrime.

1 december 2021 | 29 min

Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.

30 november 2021 | 26 min

Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.

29 november 2021 | 22 min

Anisha Patel: Right along with them. [Program management] [Career Notes]

28 november 2021 | 7 min

CyberWire Pro Research Briefing from 11/23/2021

27 november 2021 | 8 min

CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.

26 november 2021 | 9 min

Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]

25 november 2021 | 18 min

Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.

24 november 2021 | 29 min

Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Group’s troubles.

23 november 2021 | 30 min

Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.

22 november 2021 | 22 min

MK Palmore: Lead from where you stand. [CISO] [Career Notes]

21 november 2021 | 7 min

How ransomware impacts organizations. [CyberWire-X]

21 november 2021 | 30 min

Using bidirectionality override characters to obscure code. [Research Saturday]

20 november 2021 | 25 min

Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?

19 november 2021 | 26 min

Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.

18 november 2021 | 25 min

CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.

17 november 2021 | 24 min

Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.

16 november 2021 | 29 min

Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.

15 november 2021 | 22 min

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

14 november 2021 | 9 min

The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]

14 november 2021 | 29 min

A glimpse into TeamTNT. [Research Saturday]

13 november 2021 | 15 min

Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.

12 november 2021 | 26 min

Let's go to the movies. [Hacking Humans Goes to the Movies]

11 november 2021 | 25 min

Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.

10 november 2021 | 24 min

Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.

9 november 2021 | 25 min

REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.

8 november 2021 | 25 min

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

7 november 2021 | 6 min

An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]

6 november 2021 | 19 min

$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russia’s FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.

5 november 2021 | 26 min

Britain’s Labour Party sustains a “data incident.” CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.

4 november 2021 | 26 min

Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.

3 november 2021 | 23 min

Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.

2 november 2021 | 28 min

Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).

1 november 2021 | 23 min

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

31 oktober 2021 | 8 min

Malware sometimes changes its behavior. [Research Saturday]

30 oktober 2021 | 27 min

Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europol’s latest collars. Facebook rebrands as “Meta.”

29 oktober 2021 | 28 min

The Malware Mash!

29 oktober 2021 | 3 min

Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.

28 oktober 2021 | 26 min

Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.

27 oktober 2021 | 26 min

Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.

26 oktober 2021 | 28 min

SolarMarket malware carried in some WordPress sites. Russian privateers don’t much like REvil’s takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.

25 oktober 2021 | 24 min

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]

24 oktober 2021 | 7 min

When big ransomware goes away, where should affiliates go? [Research Saturday]

23 oktober 2021 | 20 min

Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.

22 oktober 2021 | 28 min

Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7’s front company. Sentencing in a bulletproof hosting case.

21 oktober 2021 | 28 min

Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.

20 oktober 2021 | 25 min

TA505’s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvil’s halting attempts to return. Sinclair’s incident response.

19 oktober 2021 | 22 min

A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvil’s Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?

18 oktober 2021 | 24 min

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

17 oktober 2021 | 8 min

Groove Gang making a name for themselves. [Research Saturday]

16 oktober 2021 | 21 min

CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.

15 oktober 2021 | 23 min

Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.

14 oktober 2021 | 26 min

Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.

13 oktober 2021 | 30 min

Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize

12 oktober 2021 | 30 min

Extra: Let's talk about Facebook's research. [Caveat]

11 oktober 2021 | 44 min

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

10 oktober 2021 | 10 min

Taking a closer look at UNC1151. [Research Saturday]

9 oktober 2021 | 17 min

Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.

8 oktober 2021 | 25 min

Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.

7 oktober 2021 | 26 min

Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.

6 oktober 2021 | 31 min

Facebook’s back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.

5 oktober 2021 | 29 min

Privacy and the Pandora Papers. Flubot’s scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.

4 oktober 2021 | 26 min

Cloud configuration security: Breaking the endless cycle. [CyberWire-X]

3 oktober 2021 | 33 min

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

3 oktober 2021 | 7 min

IoT security and the need for randomness. [Research Saturday]

2 oktober 2021 | 32 min

Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.

1 oktober 2021 | 26 min

GriftHorse’s premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.

30 september 2021 | 29 min

DDoS is on an upward trend, and it’s being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.

29 september 2021 | 22 min

Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.

28 september 2021 | 26 min

The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.

27 september 2021 | 25 min

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

26 september 2021 | 9 min

Why it’s time for cybersecurity to go mainstream. [CyberWire-X]

26 september 2021 | 41 min

Vulnerabilities in the public cloud. [Research Saturday]

25 september 2021 | 22 min

Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers’ phones. Meng heads home?

24 september 2021 | 25 min

Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.

23 september 2021 | 25 min

Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.

22 september 2021 | 28 min

BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomware’s support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.

21 september 2021 | 26 min

Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musk’s name.

20 september 2021 | 27 min

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

19 september 2021 | 7 min

An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

18 september 2021 | 23 min

Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.

17 september 2021 | 27 min

A CSO's 9/11 Story: CSO Perspectives Bonus.

17 september 2021 | 29 min

Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

16 september 2021 | 27 min

No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

15 september 2021 | 25 min

NSO Group’s Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.

14 september 2021 | 23 min

The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRK’s social media battlespace prep. Al Qaeda marks 9/11’s anniversary. And REvil seems to be back.

13 september 2021 | 23 min

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

12 september 2021 | 6 min

A Google Chrome update that just didn't feel right. [Research Saturday]

11 september 2021 | 19 min

Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.

10 september 2021 | 27 min

Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.

9 september 2021 | 26 min

BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvil’s remnant stirs. Bulletproof hosting. Phishing keywords.

8 september 2021 | 24 min

A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.

7 september 2021 | 26 min

Security operations centers: a first principle idea. [CSO Perspectives]

6 september 2021 | 17 min

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

5 september 2021 | 6 min

Like a computer network but for physical objects. [Research Saturday]

4 september 2021 | 24 min

Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.

3 september 2021 | 24 min

LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.

2 september 2021 | 25 min

A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.

1 september 2021 | 26 min

Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airline’s data. CISA opens registration for the President’s Cup. Too much gaming, kids.

31 augusti 2021 | 25 min

Data breaches and ransomware. Another gang says it’s retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?

30 augusti 2021 | 22 min

Rich Hale: Understanding the data. [CTO] [Career Notes]

29 augusti 2021 | 6 min

Joker malware family: not a joke for Google Play. [Research Saturday]

28 augusti 2021 | 18 min

The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrite’s availability. Ragnarok ransomware says it’s going out of business.

27 augusti 2021 | 30 min

A quick look back at yesterday’s White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.

26 augusti 2021 | 33 min

Hacktivism in Belarus. The Taliban’s data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.

25 augusti 2021 | 30 min

Apple CSAM: well-intentioned, slippery slope. [Caveat]

25 augusti 2021 | 45 min

Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man

24 augusti 2021 | 33 min

Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.

23 augusti 2021 | 25 min

From board advisor to board member: evolution of the modern CISO. [CyberWire-X]

22 augusti 2021 | 47 min

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

22 augusti 2021 | 8 min

Exploring vulnerabilities of off-the-shelf software. [Research Saturday]

21 augusti 2021 | 16 min

Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?

20 augusti 2021 | 30 min

T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.

19 augusti 2021 | 30 min

Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.

18 augusti 2021 | 29 min

Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.

17 augusti 2021 | 28 min

Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?

16 augusti 2021 | 29 min

Rick Howard: Give people resources. [CSO] [Career Notes]

15 augusti 2021 | 7 min

You can add new features, just secure the old stuff first. [Research Saturday]

14 augusti 2021 | 31 min

Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.

13 augusti 2021 | 34 min

More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.

12 augusti 2021 | 31 min

A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.

11 augusti 2021 | 32 min

A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.

10 augusti 2021 | 33 min

Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.

9 augusti 2021 | 29 min

Alyssa Miller: We have to elevate others. [BISO] [Career Notes]

8 augusti 2021 | 7 min

SideCopy malware campaigns expand and evolve. [Research Saturday]

7 augusti 2021 | 20 min

FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.

6 augusti 2021 | 36 min

CISA’s new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naiveté about a gang’s reform, or optimism over signs the gang is worried?

5 augusti 2021 | 31 min

Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDuck’s rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhou’s extradition.

4 augusti 2021 | 37 min

Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.

3 augusti 2021 | 32 min

SVR was reading the US Attorneys’ emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.

2 augusti 2021 | 32 min

Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

1 augusti 2021 | 6 min

Behavioral transparency – the patterns within. [CyberWire-X]

1 augusti 2021 | 33 min

China's influence grows through Digital Silk Road Initiative. [Research Saturday]

31 juli 2021 | 20 min

Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.

30 juli 2021 | 31 min

Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.

29 juli 2021 | 32 min

US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.

28 juli 2021 | 35 min

South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?

27 juli 2021 | 32 min

The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.

26 juli 2021 | 30 min

Is enhanced hardware security the answer to ransomware? [CyberWire-X]

25 juli 2021 | 32 min

Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]

25 juli 2021 | 6 min

Free malware with cracked software. [Research Saturday]

24 juli 2021 | 16 min

Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.

23 juli 2021 | 31 min

Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.

22 juli 2021 | 32 min

Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.

21 juli 2021 | 31 min

APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.

20 juli 2021 | 32 min

Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Group’s Pegasus tool reported.

19 juli 2021 | 29 min

Peter Baumann: Adding value to data. [CEO] [Career Notes]

18 juli 2021 | 6 min

Enabling connectivity enables exposures. [Research Saturday]

17 juli 2021 | 21 min

DDoS at Russia’s MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendor’s activities are exposed. No signs of the US softening on Huawei bans.

16 juli 2021 | 28 min

Luminous Moth or Mustang Panda, it’s the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.

15 juli 2021 | 33 min

Patch notes. What’s happening with REvil remains unclear, but it would be rash to count the gang out.

14 juli 2021 | 30 min

SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.

13 juli 2021 | 30 min

Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.

12 juli 2021 | 29 min

APTs transitioning to the cloud. [CyberWire-X]

11 juli 2021 | 31 min

Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]

11 juli 2021 | 6 min

Dealing illicit goods on encrypted chat apps. [Research Saturday]

10 juli 2021 | 21 min

Kaseya continues to work through its REvil days, as does the US Administration. In other news, there’s cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.

9 juli 2021 | 33 min

Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvil’s victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.

8 juli 2021 | 29 min

Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.

7 juli 2021 | 28 min

The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.

6 juli 2021 | 30 min

Dwayne Price: Sharing information. [Project Management] [Career Notes]

4 juli 2021 | 6 min

Malware in pirated Windows installation files. [Research Saturday]

3 juli 2021 | 14 min

Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.

2 juli 2021 | 31 min

Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?

1 juli 2021 | 30 min

A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.

30 juni 2021 | 29 min

A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.

29 juni 2021 | 29 min

Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.

28 juni 2021 | 28 min

Introducing Security Unlocked: CISO Series with Bret Arsenault–Leading an Inclusive Workforce: Emma Smith, Vodafone

27 juni 2021 | 36 min

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

27 juni 2021 | 8 min

Exhibiting advanced APT-like behavior. [Research Saturday]

26 juni 2021 | 22 min

REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.

25 juni 2021 | 22 min

Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?

24 juni 2021 | 26 min

Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.

23 juni 2021 | 28 min

Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LV’s REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.

22 juni 2021 | 21 min

South Korea’s nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.

21 juni 2021 | 25 min

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

20 juni 2021 | 6 min

Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]

19 juni 2021 | 15 min

Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.

18 juni 2021 | 29 min

The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.

17 juni 2021 | 26 min

Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.

16 juni 2021 | 24 min

Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.

15 juni 2021 | 25 min

Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?

14 juni 2021 | 27 min

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

13 juni 2021 | 5 min

Taking a look behind the Science of Security. [Research Saturday]

12 juni 2021 | 24 min

Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.

11 juni 2021 | 27 min

Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBI’s partial recovery of DarkSide’s ransom take.

10 juni 2021 | 25 min

Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATO’s Article 5 in cyberspace. Patch Tuesday notes.

9 juni 2021 | 23 min

FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.

8 juni 2021 | 27 min

Dark Side’s way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.

7 juni 2021 | 24 min

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

6 juni 2021 | 7 min

Bad building blocks: a new and unusual phishing campaign. [Research Saturday]

5 juni 2021 | 19 min

Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.

4 juni 2021 | 25 min

FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.

3 juni 2021 | 25 min

The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobelium’s USAID impersonation campaign. Siemens addresses PLC vulnerabilities.

2 juni 2021 | 24 min

Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.

1 juni 2021 | 25 min

Zero trust: a change in mindset. [Special Editions]

31 maj 2021 | 19 min

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

30 maj 2021 | 6 min

Big data, big payoff for China's cybercrime underground. [Research Saturday]

29 maj 2021 | 20 min

A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.

28 maj 2021 | 27 min

Impersonation campaign targets China’s Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.

27 maj 2021 | 23 min

Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.

26 maj 2021 | 26 min

CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.

25 maj 2021 | 25 min

Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.

24 maj 2021 | 23 min

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

23 maj 2021 | 6 min

Leveraging COVID-19 themes for malicious purposes. [Research Saturday]

22 maj 2021 | 25 min

DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.

21 maj 2021 | 28 min

DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.

20 maj 2021 | 23 min

Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.

19 maj 2021 | 26 min

WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.

18 maj 2021 | 25 min

Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.

17 maj 2021 | 23 min

Dominique West: Security found me. [Strategy] [Career Notes]

16 maj 2021 | 6 min

Zeroing in on zero trust. [CyberWire-X]

16 maj 2021 | 33 min

Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]

15 maj 2021 | 29 min

Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).

14 maj 2021 | 26 min

The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizon’s DBIR is out.

13 maj 2021 | 26 min

The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.

12 maj 2021 | 27 min

Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.

11 maj 2021 | 25 min

Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.

10 maj 2021 | 26 min

Street cred: increasing trust in passwordless authentication. [CyberWire-X]

9 maj 2021 | 30 min

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

9 maj 2021 | 6 min

SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]

8 maj 2021 | 20 min

CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.

7 maj 2021 | 26 min

Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.

6 maj 2021 | 24 min

DDoS interrupts Belgium’s parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).

5 maj 2021 | 27 min

VPN vulnerability exploited for cyberespionage closed. “IT security incident” at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.

4 maj 2021 | 25 min

Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.

3 maj 2021 | 25 min

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

2 maj 2021 | 6 min

A snapshot of the ransomware threat landscape. [Research Saturday}

1 maj 2021 | 24 min

Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.

30 april 2021 | 25 min

Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSA’s advice on OT security.

29 april 2021 | 23 min

More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.

28 april 2021 | 23 min

The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.

27 april 2021 | 24 min

Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.

26 april 2021 | 25 min

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

25 april 2021 | 6 min

Channeling the data avalanche. [CyberWire-X]

25 april 2021 | 35 min

Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]

24 april 2021 | 18 min

Three ransomware gangs up their game. The US Postal Inspection Service’s “Internet Covert Operations Program.” GCHQ warns of dependence on Chinese tech. Undersea cable security.

23 april 2021 | 26 min

VPN users remediate systems. New Supernova infection. Cryptojacking botnet afflicts vulnerable Exchange Servers. Facebook takes down spyware groups. Ransomware. Cellebrite bug found.

22 april 2021 | 27 min

SonicWall, Pulse Secure products under exploitation (mitigations are available). Power grid security. Cyber conflict in the Near Abroad. ISIS worries about Bitcoin. Bad passwords.

21 april 2021 | 24 min

Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.

20 april 2021 | 26 min

Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.

19 april 2021 | 24 min

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

18 april 2021 | 4 min

Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]

17 april 2021 | 17 min

International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.

16 april 2021 | 25 min

Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.

15 april 2021 | 26 min

The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.

14 april 2021 | 27 min

Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.

13 april 2021 | 25 min

Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.

12 april 2021 | 24 min

Debra Danielson: Be fearless. [CTO] [Career Notes]

11 april 2021 | 6 min

Strategic titles point to something more than a commodity campaign. [Research Saturday]

10 april 2021 | 23 min

A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.

9 april 2021 | 25 min

Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafnium’s patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.

8 april 2021 | 23 min

A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.

7 april 2021 | 24 min

Watering holes, from Kiev to Canada. File transfer blues. What’s up in the criminal-to-criminal market. And an update on the old Facebook breach.

6 april 2021 | 22 min

An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

5 april 2021 | 21 min

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

4 april 2021 | 5 min

Ezuri: Regenerating a different kind of target. [Research Saturday]

3 april 2021 | 19 min

Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

2 april 2021 | 26 min

Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

1 april 2021 | 26 min

Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

31 mars 2021 | 24 min

US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

30 mars 2021 | 25 min

Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

29 mars 2021 | 26 min

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

28 mars 2021 | 6 min

How are we doing in the industrial sector? [Research Saturday]

27 mars 2021 | 22 min

Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

26 mars 2021 | 28 min

Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

25 mars 2021 | 24 min

Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

24 mars 2021 | 25 min

Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

24 mars 2021 | 17 min

Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

23 mars 2021 | 25 min

Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

22 mars 2021 | 26 min

Kevin Magee: Focus on the archer. (CSO) [Career Notes]

21 mars 2021 | 6 min

BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

20 mars 2021 | 16 min

Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

19 mars 2021 | 28 min

Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

18 mars 2021 | 25 min

US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.

17 mars 2021 | 25 min

Cyberespionage prospects telecom companies: Operation Diànxùn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).

16 mars 2021 | 25 min

Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands £1000 pounds to go on do-not-call list.

15 mars 2021 | 25 min

SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]

14 mars 2021 | 37 min

Dinah Davis: Building your network. [R&D] [Career Notes]

14 mars 2021 | 6 min

Keeping data confidential with fully homomorphic encryption. [Research Saturday]

13 mars 2021 | 24 min

Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.

12 mars 2021 | 25 min

More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.

11 mars 2021 | 26 min

Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.

10 mars 2021 | 26 min

Dealing with Hafnium’s work against Microsoft Exchange Server and Holiday Bear’s visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.

9 mars 2021 | 24 min

Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).

8 mars 2021 | 26 min

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

7 mars 2021 | 6 min

Diving deep into North Korea's APT37 tool kit. [Research Saturday]

6 mars 2021 | 18 min

SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.

5 mars 2021 | 28 min

Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.

4 mars 2021 | 22 min

RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.

3 mars 2021 | 23 min

India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).

2 mars 2021 | 24 min

“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.

1 mars 2021 | 24 min

Aarti Borkar: Make your own choices. [Product} [Career Notes]

28 februari 2021 | 5 min

Shining a light on China's cyber underground. [Research Saturday]

27 februari 2021 | 24 min

Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.

26 februari 2021 | 28 min

PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.

25 februari 2021 | 25 min

Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.

24 februari 2021 | 26 min

DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.

23 februari 2021 | 24 min

Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.

22 februari 2021 | 24 min

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

21 februari 2021 | 5 min

Attackers (ab)using Google Chrome. [Research Saturday]

20 februari 2021 | 20 min

Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.

19 februari 2021 | 26 min

The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.

18 februari 2021 | 24 min

US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.

17 februari 2021 | 26 min

France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE

16 februari 2021 | 24 min

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]

16 februari 2021 | 39 min

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

14 februari 2021 | 6 min

Using the human body as a wire-like communication channel. [Research Saturday]

13 februari 2021 | 20 min

Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.

12 februari 2021 | 28 min

Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.

11 februari 2021 | 27 min

Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.

10 februari 2021 | 21 min

Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.

9 februari 2021 | 25 min

A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?

8 februari 2021 | 26 min

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

7 februari 2021 | 5 min

In the clear: what it's like working as a woman in the cleared community. [Special Edition]

7 februari 2021 | 53 min

"Follow the money" the cybersecurity way. [Research Saturday]

6 februari 2021 | 27 min

Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.

5 februari 2021 | 28 min

Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.

4 februari 2021 | 25 min

China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.

3 februari 2021 | 26 min

Coups d’état and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.

2 februari 2021 | 22 min

Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.

1 februari 2021 | 26 min

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

31 januari 2021 | 6 min

Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]

31 januari 2021 | 31 min

The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]

30 januari 2021 | 17 min

Lebanon Cedar’s wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.

29 januari 2021 | 27 min

Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.

28 januari 2021 | 25 min

Emotet takedown. Solorigate updates (and President Biden tells President Putin he’d like him to knock it off). Vulnerabilities and threats discovered and described.

27 januari 2021 | 24 min

Pyongyang’s social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?

26 januari 2021 | 24 min

The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWall’s investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.

25 januari 2021 | 26 min

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

24 januari 2021 | 6 min

Trickbot may be down, but can we count it out? [Research Saturday]

23 januari 2021 | 20 min

Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.

22 januari 2021 | 28 min

Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.

21 januari 2021 | 24 min

More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.

20 januari 2021 | 23 min

EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.

19 januari 2021 | 23 min

Encore: You will pay for that one way or another. [Caveat]

18 januari 2021 | 36 min

Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

17 januari 2021 | 6 min

Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

16 januari 2021 | 25 min

Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.

15 januari 2021 | 26 min

SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?

14 januari 2021 | 25 min

Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.

13 januari 2021 | 22 min

Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.

12 januari 2021 | 24 min

More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.

11 januari 2021 | 28 min

Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]

10 januari 2021 | 5 min

Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]

9 januari 2021 | 25 min

The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomware’s successful business model.

8 januari 2021 | 26 min

CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.

7 januari 2021 | 24 min

Who worked through SolarWinds? An APT “likely Russian in origin,” says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they’re ensured. No bail for Mr. Assange.

6 januari 2021 | 25 min

It’s not Kates and Vals over Ford Island, but it’s not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.

5 januari 2021 | 24 min

Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.

4 januari 2021 | 25 min

Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]

3 januari 2021 | 6 min

Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]

2 januari 2021 | 30 min

Andy Greenberg on the Sandworm Indictments. [Interview Selects]

1 januari 2021 | 17 min

Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]

27 december 2020 | 7 min

Encore: Seedworm digs Middle East intelligence. [Research Saturday]

26 december 2020 | 20 min

Encore: Separating fools from money. [Hacking Humans]

25 december 2020 | 30 min

Encore: Technology that allows cops to track your phone. [Caveat]

24 december 2020 | 49 min

Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.

23 december 2020 | 26 min

Bear tracks all over the US Government’s networks. Pandas and Kittens and Bears, oh my... Emotet’s back. Spyware litigation. A few predictions.

22 december 2020 | 27 min

Sunburst looks worse: bad Bears in US networks, and that’s not just right at all. “Evil mobile emulator farm.” Report: Pegasus used against journalists.

21 december 2020 | 25 min

Robert Lee: Keeping the lights on. [ICS] [Word Notes]

20 december 2020 | 6 min

Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]

19 december 2020 | 25 min

Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Joker’s Stash has its problems. And a few thoughts on the near future.

18 december 2020 | 31 min

The SVR’s exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on China’s influence ops delayed.

17 december 2020 | 23 min

SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.

16 december 2020 | 22 min

SolarWinds compromise scope grows clearer. DPRK’s Earth Kitsune. Google’s authentication issue. A look at the near future of cybersecurity.

15 december 2020 | 25 min

A few predictions, but today’s news is dominated by Cozy Bear’s supply chain attack on Solar Winds’ Orion Platform.

14 december 2020 | 23 min

Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]

14 december 2020 | 33 min

Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]

13 december 2020 | 6 min

Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]

12 december 2020 | 33 min

OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.

11 december 2020 | 25 min

Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.

10 december 2020 | 25 min

Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.

9 december 2020 | 24 min

IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.

8 december 2020 | 23 min

NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.

7 december 2020 | 23 min

Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]

6 december 2020 | 7 min

SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]

5 december 2020 | 16 min

2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.

4 december 2020 | 26 min

Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?

3 december 2020 | 25 min

The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.

2 december 2020 | 26 min

Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.

1 december 2020 | 23 min

Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.

30 november 2020 | 26 min

Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]

29 november 2020 | 6 min

Encore: Using global events as lures for malicious activity.

28 november 2020 | 23 min

Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.

25 november 2020 | 24 min

Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.

24 november 2020 | 23 min

Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”

23 november 2020 | 25 min

James Hadley: Spend time on what interests you. [CEO] [Career Notes]

22 november 2020 | 5 min

Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]

21 november 2020 | 20 min

Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.

20 november 2020 | 27 min

Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).

19 november 2020 | 25 min

Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.

18 november 2020 | 24 min

Hidden Cobra’s new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.

17 november 2020 | 23 min

Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.

16 november 2020 | 26 min

Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]

15 november 2020 | 5 min

That first CVE was a fun find, for sure. [Research Saturday]

14 november 2020 | 28 min

CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.

13 november 2020 | 25 min

An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.

12 november 2020 | 24 min

remote access Trojan or RAT (noun) [Word Notes]

11 november 2020 | 5 min

shadow IT (noun) [Word Notes]

11 november 2020 | 5 min

A look at what’s up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.

10 november 2020 | 24 min

Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.

9 november 2020 | 25 min

Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]

8 november 2020 | 5 min

PoetRAT: a complete lack of operational security. [Research Saturday]

7 november 2020 | 21 min

IRGC domains taken down. A look at 2021’s threatscape. Russia says its didn’t do anything (others see Bears.) Forfeiture of Silk Road’s hitherto unaccounted for billion-plus dollars.

6 november 2020 | 26 min

CISA’s happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.

5 november 2020 | 24 min

US elections: CISA calls security success, but reminds all that it’s not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.

4 november 2020 | 24 min

Election security updates from CISA. Maze says it’s out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.

3 november 2020 | 23 min

Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.

2 november 2020 | 26 min

David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]

1 november 2020 | 30 min

Carole Theriault: Constantly learning new things. [Media] [Career Notes]

1 november 2020 | 6 min

Leveraging for a bigger objective. [Research Saturday]

31 oktober 2020 | 25 min

Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Don’t exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.

30 oktober 2020 | 27 min

The Malware Mash!

30 oktober 2020 | 3 min

Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.

29 oktober 2020 | 22 min

Warnings about the DPRK’s Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.

28 oktober 2020 | 24 min

Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.

27 oktober 2020 | 25 min

Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.

26 oktober 2020 | 26 min

Sal Aurigemma: How things work. [Education] [Career Notes]

25 oktober 2020 | 6 min

Just saying there are attacks is not enough. [Research Saturday]

24 oktober 2020 | 27 min

Energetic Bear’s battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.

23 oktober 2020 | 26 min

Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the “blatant Russophobia,” TASS?

22 oktober 2020 | 23 min

TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.

21 oktober 2020 | 23 min

International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.

20 oktober 2020 | 25 min

Influence operations and cyber probes of presidential campaigns. TrickBot’s recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.

19 oktober 2020 | 28 min

Rosa Smothers: Secure the planet. [Career Notes]

18 oktober 2020 | 6 min

Intentionally not drawing attention. [Research Saturday]

17 oktober 2020 | 25 min

Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.

16 oktober 2020 | 25 min

Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.

15 oktober 2020 | 26 min

Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.

14 oktober 2020 | 23 min

Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.

13 oktober 2020 | 25 min

Rigging the game. [Caveat]

12 oktober 2020 | 43 min

Geoff White: Suddenly all of the pieces start to line up. [Career Notes]

11 oktober 2020 | 6 min

It's still possible to find ways to break out. [Research Saturday]

10 oktober 2020 | 19 min

A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.

9 oktober 2020 | 25 min

Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.

8 oktober 2020 | 24 min

Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.

7 oktober 2020 | 23 min

New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.

6 oktober 2020 | 24 min

Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.

5 oktober 2020 | 24 min

Diane M. Janosek: It's only together that we are going to rise. [Career Notes]

4 oktober 2020 | 6 min

Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]

3 oktober 2020 | 23 min

CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.

2 oktober 2020 | 27 min

Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.

1 oktober 2020 | 24 min

Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.

30 september 2020 | 24 min

Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.

29 september 2020 | 25 min

Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.

28 september 2020 | 23 min

Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]

27 september 2020 | 8 min

What came first, the Golden Chickens or more_eggs? [Research Saturday]

26 september 2020 | 19 min

Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.

25 september 2020 | 26 min

Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.

24 september 2020 | 23 min

Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.

23 september 2020 | 24 min

Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.

22 september 2020 | 24 min

Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.

21 september 2020 | 25 min

The cybersecurity paradox. [CyberWire-X]

20 september 2020 | 36 min

Monica Ruiz: Moving ahead when not many look like you. [Career Notes]

20 september 2020 | 6 min

Election 2020: What to expect when we are electing. [Research Saturday]

19 september 2020 | 24 min

Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.

18 september 2020 | 26 min

Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.

17 september 2020 | 25 min

VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.

16 september 2020 | 23 min

Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.

15 september 2020 | 23 min

Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.

14 september 2020 | 25 min

Ode to Wealthy Elite. [Shadowspeak]

14 september 2020 | 2 min

Brandon Robinson: Built from the ground up. [Career Notes]

13 september 2020 | 5 min

Leveraging legitimate tools. [Research Saturday]

12 september 2020 | 31 min

Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.

11 september 2020 | 28 min

Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.

10 september 2020 | 23 min

Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.

9 september 2020 | 23 min

Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?

8 september 2020 | 26 min

Exploring the cultural values of personal privacy. [Caveat]

7 september 2020 | 50 min

Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]

6 september 2020 | 5 min

Going after the most valuable data. [Research Saturday]

5 september 2020 | 25 min

Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.

4 september 2020 | 28 min

Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.

3 september 2020 | 23 min

Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.

2 september 2020 | 23 min

The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.

1 september 2020 | 23 min

DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.

31 augusti 2020 | 25 min

Jack Rhysider: Get your experience points in everything. [Career Notes]

30 augusti 2020 | 6 min

They fooled a lot of people. [Research Saturday]

29 augusti 2020 | 14 min

Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.

28 augusti 2020 | 26 min

Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.

27 augusti 2020 | 23 min

New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?

26 augusti 2020 | 23 min

The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.

25 augusti 2020 | 23 min

Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.

24 augusti 2020 | 23 min

Kiersten Todt: Problem solving and building solutions. [Career Notes]

23 augusti 2020 | 6 min

Using global events as lures. [Research Saturday]

22 augusti 2020 | 22 min

Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.

21 augusti 2020 | 25 min

Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.

20 augusti 2020 | 23 min

Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.

19 augusti 2020 | 23 min

Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.

18 augusti 2020 | 23 min

North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.

17 augusti 2020 | 27 min

Trying for a win, win, win game. [Career Notes]

16 augusti 2020 | 4 min

The ABCs of cybersecurity for the education sector. [CyberWire-X]

16 augusti 2020 | 28 min

Waiting for their victims. [Research Saturday]

15 augusti 2020 | 23 min

Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).

14 augusti 2020 | 25 min

This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.

13 augusti 2020 | 21 min

Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?

12 augusti 2020 | 22 min

Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.

11 augusti 2020 | 24 min

NMAP (noun) [Word Notes]

11 augusti 2020 | 4 min

What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.

10 augusti 2020 | 25 min

The Green Goldfish and cyber threat intelligence. [Career Notes]

9 augusti 2020 | 6 min

Like anything these days, you have to disinfect it first. [Research Saturday]

8 augusti 2020 | 26 min

US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.

7 augusti 2020 | 25 min

US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.

6 augusti 2020 | 24 min

Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.

5 augusti 2020 | 21 min

US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.

4 augusti 2020 | 21 min

Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.

3 augusti 2020 | 23 min

Rely on your strengths in the areas of the unknown. [Career Notes]

2 augusti 2020 | 6 min

Detecting Twitter bots in real time. [Research Saturday]

1 augusti 2020 | 24 min

Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.

31 juli 2020 | 26 min

A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.

30 juli 2020 | 21 min

Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.

29 juli 2020 | 22 min

Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.

28 juli 2020 | 22 min

Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.

27 juli 2020 | 21 min

No matter the statistic, even if against the odds, focus on what you want. [Career Notes]

26 juli 2020 | 5 min

It was only a matter of time. [Research Saturday]

25 juli 2020 | 15 min

A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.

24 juli 2020 | 26 min

Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.

23 juli 2020 | 22 min

Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.

22 juli 2020 | 21 min

Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.

21 juli 2020 | 22 min

Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.

20 juli 2020 | 19 min

Have to be able to communicate to everybody. [Career Notes]

19 juli 2020 | 6 min

Every time we get smarter, the bad guy changes something. [Research Saturday]

18 juli 2020 | 32 min

High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.

17 juli 2020 | 25 min

Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.

16 juli 2020 | 23 min

A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.

15 juli 2020 | 21 min

Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.

14 juli 2020 | 22 min

Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.

13 juli 2020 | 22 min

Turn challenges into opportunities. [Career Notes]

12 juli 2020 | 6 min

Are you running what you think you're running? [Research Saturday]

11 juli 2020 | 16 min

The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.

10 juli 2020 | 26 min

Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.

9 juli 2020 | 22 min

Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.

8 juli 2020 | 22 min

Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.

7 juli 2020 | 22 min

Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.

6 juli 2020 | 22 min

Solving hard problems and pursuing your passions. [Career Notes]

5 juli 2020 | 6 min

Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.

2 juli 2020 | 22 min

EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.

1 juli 2020 | 22 min

Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.

30 juni 2020 | 21 min

Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.

29 juni 2020 | 21 min

Get your foot in the door and prove your worth. [Career Notes]

28 juni 2020 | 5 min

Enter the RAT. [Research Saturday]

27 juni 2020 | 24 min

Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.

26 juni 2020 | 26 min

Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.

25 juni 2020 | 21 min

BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.

24 juni 2020 | 23 min

Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.

23 juni 2020 | 22 min

BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.

22 juni 2020 | 22 min

Superhero origin stories and lessons that last. [Career Notes]

21 juni 2020 | 6 min

Click here to update your webhook. [Research Saturday]

20 juni 2020 | 19 min

Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.

19 juni 2020 | 24 min

Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.

18 juni 2020 | 22 min

Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.

17 juni 2020 | 22 min

Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.

16 juni 2020 | 22 min

ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.

15 juni 2020 | 20 min

The mark of making a difference. [Career Notes]

14 juni 2020 | 5 min

The value of the why and the who. [Research Saturday]

13 juni 2020 | 27 min

Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.

12 juni 2020 | 26 min

Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.

11 juni 2020 | 21 min

A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.

10 juni 2020 | 22 min

Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.

9 juni 2020 | 22 min

Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.

8 juni 2020 | 21 min

Ask more people to dance. [Career Notes]

7 juni 2020 | 4 min

Due diligence cannot be done as a one-off. [Research Saturday]

6 juni 2020 | 20 min

Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.

5 juni 2020 | 23 min

Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.

4 juni 2020 | 21 min

Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.

3 juni 2020 | 21 min

Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.

2 juni 2020 | 22 min

Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.

1 juni 2020 | 21 min

Extending security tools to the at home workforce during the pandemic. [Research Saturday]

31 maj 2020 | 29 min

Twofold snooping venture. [Research Saturday]

30 maj 2020 | 20 min

Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.

29 maj 2020 | 25 min

Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.

28 maj 2020 | 22 min

Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.

27 maj 2020 | 22 min

The evolution of malware, both criminal and state-run.

26 maj 2020 | 20 min

Naming and shaming is the worst thing we can do. [Research Saturday]

23 maj 2020 | 26 min

An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...

22 maj 2020 | 26 min

Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.

21 maj 2020 | 22 min

Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.

20 maj 2020 | 22 min

Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.

19 maj 2020 | 22 min

Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.

18 maj 2020 | 21 min

Gangnam Industrial Style APT campaign targets South Korea. [Research Saturday]

16 maj 2020 | 20 min

Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.

15 maj 2020 | 25 min

ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.

14 maj 2020 | 21 min

More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.

13 maj 2020 | 21 min

Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.

12 maj 2020 | 21 min

Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.

11 maj 2020 | 21 min

The U.S. campaign trail is actually quite secure. [Research Saturday]

9 maj 2020 | 21 min

PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.

8 maj 2020 | 25 min

Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.

7 maj 2020 | 21 min

Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.

6 maj 2020 | 22 min

Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.

5 maj 2020 | 22 min

A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.

4 maj 2020 | 21 min

Fingerprint authentication is not completely secure. [Research Saturday]

2 maj 2020 | 21 min

China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.

1 maj 2020 | 25 min

The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.

30 april 2020 | 22 min

Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.

29 april 2020 | 22 min

Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?

28 april 2020 | 21 min

Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.

27 april 2020 | 21 min

Contact tracing as COVID-19 aid. [Research Saturday]

25 april 2020 | 34 min

iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.

24 april 2020 | 26 min

APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.

23 april 2020 | 22 min

COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.

22 april 2020 | 22 min

DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.

21 april 2020 | 22 min

Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.

20 april 2020 | 22 min

Complementary colors: teaming tactics in cybersecurity. [Research Saturday]

19 april 2020 | 27 min

How low can they go? A spike in Coronavirus phishing. [Research Saturday]

18 april 2020 | 18 min

Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.

17 april 2020 | 26 min

US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.

16 april 2020 | 22 min

Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.

15 april 2020 | 22 min

The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.

14 april 2020 | 21 min

Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.

13 april 2020 | 22 min

Profiling an audacious Nigerian cybercriminal. [Research Saturday]

11 april 2020 | 23 min

That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.

10 april 2020 | 27 min

Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.

9 april 2020 | 22 min

Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.

8 april 2020 | 21 min

Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.

7 april 2020 | 22 min

COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.

6 april 2020 | 21 min

A rough year ahead for ransomware attacks - and how to stop them. [Research Saturday]

4 april 2020 | 15 min

Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?

3 april 2020 | 26 min

WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.

2 april 2020 | 21 min

More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.

1 april 2020 | 21 min

Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.

31 mars 2020 | 21 min

Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.

30 mars 2020 | 21 min

Hidden dangers inside Windows and LINUX computers. [Research Saturday]

28 mars 2020 | 23 min

Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.

27 mars 2020 | 26 min

Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.

26 mars 2020 | 20 min

APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.

25 mars 2020 | 21 min

Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.

24 mars 2020 | 22 min

Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.

23 mars 2020 | 21 min

The security implications of cloud infrastructure in IoT. [Research Saturday]

21 mars 2020 | 30 min

CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.

20 mars 2020 | 26 min

EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.

19 mars 2020 | 21 min

Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.

18 mars 2020 | 24 min

Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.

17 mars 2020 | 21 min

COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.

16 mars 2020 | 21 min

TLS is here to stay. [Research Saturday]

14 mars 2020 | 19 min

COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.

13 mars 2020 | 25 min

The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.

12 mars 2020 | 22 min

The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.

11 mars 2020 | 20 min

Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.

10 mars 2020 | 22 min

Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.

9 mars 2020 | 22 min

Overworked developers write vulnerable software. [Research Saturday]

7 mars 2020 | 17 min

Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.

6 mars 2020 | 24 min

Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.

5 mars 2020 | 21 min

Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.

4 mars 2020 | 22 min

Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.

3 mars 2020 | 24 min

Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.

2 mars 2020 | 19 min

Application tracking in Wacom tablets. [Research Saturday]

29 februari 2020 | 21 min

South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.

28 februari 2020 | 26 min

RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?

27 februari 2020 | 23 min

Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.

26 februari 2020 | 22 min

Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.

25 februari 2020 | 24 min

Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.

24 februari 2020 | 21 min

New vulnerabilities in PC sound cards. [Research Saturday]

22 februari 2020 | 22 min

DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.

21 februari 2020 | 23 min

UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.

20 februari 2020 | 21 min

Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?

19 februari 2020 | 22 min

Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.

18 februari 2020 | 21 min

If you can't detect it, you can't steal it. [Research Saturday]

15 februari 2020 | 26 min

Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.

14 februari 2020 | 24 min

Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.

13 februari 2020 | 21 min

Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.

12 februari 2020 | 22 min

Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).

11 februari 2020 | 22 min

US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.

10 februari 2020 | 22 min

The Chameleon attacks Online Social Networks. [Research Saturday]

8 februari 2020 | 19 min

Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.

7 februari 2020 | 27 min

Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.

6 februari 2020 | 22 min

Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.

5 februari 2020 | 22 min

Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.

4 februari 2020 | 23 min

More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.

3 februari 2020 | 18 min

Eric Haseltine on his book, "The Spy in Moscow Station." [Special Editions]

2 februari 2020 | 31 min

Tracking one of China's hidden hacking groups. [Research Saturday]

1 februari 2020 | 20 min

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T

31 januari 2020 | 25 min

Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.

30 januari 2020 | 24 min

Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.

29 januari 2020 | 24 min

Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.

28 januari 2020 | 23 min

A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.

27 januari 2020 | 20 min

Know Thine Enemy - Identifying North American Cyber Threats. [Research Saturday]

25 januari 2020 | 29 min

PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.

24 januari 2020 | 21 min

Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.

23 januari 2020 | 19 min

The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.

22 januari 2020 | 22 min

RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.

21 januari 2020 | 21 min

Clever breaches demonstrate IoT security gaps. [Research Saturday]

18 januari 2020 | 23 min

Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.

17 januari 2020 | 26 min

Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.

16 januari 2020 | 22 min

Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.

15 januari 2020 | 22 min

Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.

14 januari 2020 | 23 min

Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.

13 januari 2020 | 20 min

Profiling the Linken Sphere anti-detection browser. [Research Saturday]

11 januari 2020 | 14 min

Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.

10 januari 2020 | 26 min

Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.

9 januari 2020 | 22 min

No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.

8 januari 2020 | 23 min

No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.

7 januari 2020 | 23 min

Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.

6 januari 2020 | 18 min

Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.

3 januari 2020 | 24 min

A Jira vulnerability that’s leaking data in the public cloud. [Research Saturday]

2 januari 2020 | 16 min

Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.

2 januari 2020 | 22 min

Ron Gula and Mike Janke - VC pitfalls and how to avoid them. [Special Editions]

30 december 2019 | 34 min

Inside Magecart and Genesis. [Research Saturday]

21 december 2019 | 20 min

Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?

20 december 2019 | 22 min

TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.

19 december 2019 | 22 min

Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.

18 december 2019 | 22 min

Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.

17 december 2019 | 23 min

Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.

16 december 2019 | 19 min

Capturing the flag at NXTWORK 2019 [Special Editions]

15 december 2019 | 36 min

WAV files carry malicious data payloads. [Research Saturday]

14 december 2019 | 19 min

Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.

13 december 2019 | 23 min

False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.

12 december 2019 | 21 min

Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.

11 december 2019 | 23 min

Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?

10 december 2019 | 22 min

Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.

9 december 2019 | 16 min

Targeting routers to hit gaming servers. [Research Saturday]

7 december 2019 | 19 min

Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.

6 december 2019 | 23 min

Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.

5 december 2019 | 23 min

Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.

4 december 2019 | 22 min

Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.

3 december 2019 | 22 min

ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.

2 december 2019 | 17 min

Peter W. Singer author of LikeWar [Special Editions]

30 november 2019 | 39 min

John Maeda author of How to Speak Machine [Special Editions]

29 november 2019 | 26 min

Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?

27 november 2019 | 22 min

Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.

26 november 2019 | 21 min

Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.

25 november 2019 | 22 min

Mustang Panda leverages Windows shortcut files. [Research Saturday]

23 november 2019 | 15 min

Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.

22 november 2019 | 28 min

Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.

21 november 2019 | 22 min

Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.

20 november 2019 | 21 min

Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.

19 november 2019 | 23 min

Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.

18 november 2019 | 16 min

Sodinokibi aka REvil connections to GandCrab. [Research Saturday]

16 november 2019 | 20 min

Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.

15 november 2019 | 28 min

PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.

14 november 2019 | 21 min

NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.

13 november 2019 | 22 min

Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.

12 november 2019 | 17 min

Andy Greenberg from WIRED on his book "Sandworm." [Special Editions]

11 november 2019 | 32 min

Monitoring the growing sophistication of PKPLUG. [Research Saturday]

9 november 2019 | 23 min

Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.

8 november 2019 | 25 min

US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.

7 november 2019 | 22 min

App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.

6 november 2019 | 22 min

Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.

5 november 2019 | 17 min

BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.

4 november 2019 | 16 min

Insider Threats [Special Editions]

3 november 2019 | 28 min

Usable security is a delicate balance. [Research Saturday]

2 november 2019 | 21 min

Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.

1 november 2019 | 26 min

Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.

31 oktober 2019 | 22 min

WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.

30 oktober 2019 | 22 min

Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.

29 oktober 2019 | 23 min

Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?

28 oktober 2019 | 17 min

Masad Steals via Social Media. [Research Saturday]

26 oktober 2019 | 20 min

Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.

25 oktober 2019 | 28 min

Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.

24 oktober 2019 | 23 min

Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.

23 oktober 2019 | 22 min

More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.

22 oktober 2019 | 23 min

Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.

21 oktober 2019 | 17 min

Hoping for SOHO security. [Research Saturday]

19 oktober 2019 | 18 min

Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.

18 oktober 2019 | 27 min

Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.

17 oktober 2019 | 22 min

Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.

16 oktober 2019 | 20 min

Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.

15 oktober 2019 | 22 min

Decrypting ransomware for good. [Research Saturday]

12 oktober 2019 | 22 min

Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.

11 oktober 2019 | 24 min

Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.

10 oktober 2019 | 21 min

Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.

9 oktober 2019 | 22 min

Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.

8 oktober 2019 | 21 min

Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.

7 oktober 2019 | 18 min

The fuzzy boundaries of APT41. [Research Saturday]

5 oktober 2019 | 25 min

Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.

4 oktober 2019 | 27 min

A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.

3 oktober 2019 | 21 min

RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.

2 oktober 2019 | 22 min

Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.

1 oktober 2019 | 22 min

Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.

30 september 2019 | 20 min

Focusing on Autumn Aperture. [Research Saturday]

28 september 2019 | 21 min

Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.

27 september 2019 | 27 min

Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.

26 september 2019 | 22 min

Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.

25 september 2019 | 22 min

Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.

24 september 2019 | 20 min

YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.

23 september 2019 | 17 min

Leaky guest networks and covert channels. [Research Saturday]

21 september 2019 | 18 min

Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.

20 september 2019 | 26 min

Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.

19 september 2019 | 20 min

Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.

18 september 2019 | 21 min

More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.

17 september 2019 | 21 min

Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.

16 september 2019 | 18 min

Bluetooth blues: KNOB attack explained. [Research Saturday]

14 september 2019 | 19 min

CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.

13 september 2019 | 27 min

The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.

12 september 2019 | 21 min

Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.

11 september 2019 | 23 min

US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.

10 september 2019 | 22 min

BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.

9 september 2019 | 16 min

VOIP phone system harbors decade-old vulnerability. [Research Saturday]

7 september 2019 | 28 min

China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.

6 september 2019 | 27 min

Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.

5 september 2019 | 21 min

Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.

4 september 2019 | 20 min

Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.

3 september 2019 | 21 min

Emotet's updated business model. [Research Saturday]

31 augusti 2019 | 25 min

Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.

30 augusti 2019 | 22 min

Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.

29 augusti 2019 | 21 min

LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.

28 augusti 2019 | 22 min

Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.

27 augusti 2019 | 20 min

BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.

26 augusti 2019 | 21 min

Gift card bots evolve and adapt. [Research Saturday]

24 augusti 2019 | 26 min

Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.

23 augusti 2019 | 23 min

North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.

22 augusti 2019 | 21 min

China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.

21 augusti 2019 | 21 min

Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.

20 augusti 2019 | 22 min

ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.

19 augusti 2019 | 21 min

Detecting dating profile fraud. [Research Saturday]

17 augusti 2019 | 27 min

ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.

16 augusti 2019 | 25 min

Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.

15 augusti 2019 | 20 min

Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.

14 augusti 2019 | 22 min

UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.

13 augusti 2019 | 21 min

A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.

12 augusti 2019 | 22 min

Unpacking the Malvertising Ecosystem. [Research Saturday]

10 augusti 2019 | 28 min

Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.

9 augusti 2019 | 26 min

Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.

8 augusti 2019 | 21 min

Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.

7 augusti 2019 | 21 min

Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.

6 augusti 2019 | 22 min

Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.

5 augusti 2019 | 19 min

Package manager repository malware detection. [Research Saturday]

3 augusti 2019 | 14 min

Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.

2 augusti 2019 | 26 min

Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.

1 augusti 2019 | 22 min

Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.

31 juli 2019 | 21 min

Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?

30 juli 2019 | 22 min

Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.

29 juli 2019 | 21 min

Cult of the Dead Cow author Joseph Menn extended interview. [Special Editions]

28 juli 2019 | 29 min

Day to day app fraud in the Google Play store. [Research Saturday]

27 juli 2019 | 22 min

Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.

26 juli 2019 | 27 min

News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.

25 juli 2019 | 22 min

Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.

24 juli 2019 | 21 min

Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.

23 juli 2019 | 20 min

FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.

22 juli 2019 | 21 min

The Fifth Domain coauthor Richard A. Clarke. [Special Editions]

21 juli 2019 | 28 min

Nansh0u not your normal cryptominer. [Research Saturday]

20 juli 2019 | 20 min

Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.

19 juli 2019 | 26 min

TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.

18 juli 2019 | 21 min

Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.

17 juli 2019 | 22 min

GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.

16 juli 2019 | 21 min

Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.

15 juli 2019 | 21 min

Opportunistic botnets round up vulnerable routers. [Research Saturday]

13 juli 2019 | 20 min

Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.

12 juli 2019 | 25 min

Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.

11 juli 2019 | 22 min

Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.

10 juli 2019 | 22 min

Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.

9 juli 2019 | 22 min

Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.

8 juli 2019 | 22 min

Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.

3 juli 2019 | 21 min

US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.

2 juli 2019 | 21 min

Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.

1 juli 2019 | 21 min

Giving everyone a stake in the success of Open Source implementation. [Research Saturday]

29 juni 2019 | 24 min

Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”

28 juni 2019 | 26 min

Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.

27 juni 2019 | 22 min

Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?

26 juni 2019 | 22 min

Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.

25 juni 2019 | 22 min

Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.

24 juni 2019 | 20 min

Middleboxes may be meddling with TLS connections. [Research Saturday]

22 juni 2019 | 24 min

US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.

21 juni 2019 | 27 min

Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.

20 juni 2019 | 22 min

BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.

19 juni 2019 | 21 min

Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.

18 juni 2019 | 22 min

Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.

17 juni 2019 | 21 min

Apps on third-party Android store carry unwelcome code. [Research Saturday]

15 juni 2019 | 15 min

Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.

14 juni 2019 | 26 min

Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.

13 juni 2019 | 22 min

Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.

12 juni 2019 | 22 min

Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.

11 juni 2019 | 22 min

An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.

10 juni 2019 | 17 min

Xwo scans for default credentials and exposed web services. [Research Saturday]

8 juni 2019 | 17 min

Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.

7 juni 2019 | 27 min

BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?

6 juni 2019 | 21 min

AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.

5 juni 2019 | 22 min

Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?

4 juni 2019 | 21 min

Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.

3 juni 2019 | 22 min

Blockchain bandits plunder weak wallets. [Research Saturday]

1 juni 2019 | 22 min

Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.

31 maj 2019 | 28 min

Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.

30 maj 2019 | 22 min

Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.

29 maj 2019 | 23 min

Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.

28 maj 2019 | 17 min

A fresh look at GOSSIPGIRL and the Supra Threat Actors. [Research Saturday]

25 maj 2019 | 32 min

Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.

24 maj 2019 | 27 min

NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?

23 maj 2019 | 22 min

Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.

22 maj 2019 | 21 min

BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.

21 maj 2019 | 20 min

Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.

20 maj 2019 | 22 min

Elfin APT group targets Middle East energy sector. [Research Saturday]

18 maj 2019 | 18 min

Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.

17 maj 2019 | 27 min

US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.

16 maj 2019 | 22 min

Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.

15 maj 2019 | 20 min

Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.

14 maj 2019 | 22 min

Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.

13 maj 2019 | 17 min

Steganography enables sophisticated OceanLotus payloads. [Research Saturday]

11 maj 2019 | 20 min

Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.

10 maj 2019 | 26 min

Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.

9 maj 2019 | 20 min

Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.

8 maj 2019 | 22 min

Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?

7 maj 2019 | 22 min

Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.

6 maj 2019 | 23 min

Sea Turtle state-sponsored DNS hijacking. [Research Saturday]

4 maj 2019 | 26 min

Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.

3 maj 2019 | 27 min

Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.

2 maj 2019 | 18 min

US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.

1 maj 2019 | 22 min

Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.

30 april 2019 | 22 min

IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.

29 april 2019 | 16 min

Deep Learning threatens 3D medical imaging integrity. [Research Saturday]

27 april 2019 | 24 min

Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?

26 april 2019 | 27 min

Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?

25 april 2019 | 22 min

Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.

24 april 2019 | 23 min

ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.

23 april 2019 | 22 min

Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.

22 april 2019 | 18 min

Undetectable vote manipulation in SwissPost e-voting system. [Research Saturday]

20 april 2019 | 28 min

Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.

19 april 2019 | 26 min

Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.

18 april 2019 | 23 min

Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.

17 april 2019 | 22 min

Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.

16 april 2019 | 22 min

ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.

15 april 2019 | 17 min

The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]

14 april 2019 | 39 min

Establishing software root of trust unconditionally. [Research Saturday]

13 april 2019 | 25 min

Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.

12 april 2019 | 26 min

Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.

11 april 2019 | 22 min

The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.

10 april 2019 | 19 min

GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.

9 april 2019 | 23 min

US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.

8 april 2019 | 17 min

Lessons learned from Ukraine elections. [Research Saturday]

6 april 2019 | 26 min

Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.

5 april 2019 | 23 min

Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.

4 april 2019 | 22 min

For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.

3 april 2019 | 22 min

Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.

2 april 2019 | 22 min

Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.

1 april 2019 | 19 min

Alarming vulnerabilities in automotive security systems. [Research Saturday]

30 mars 2019 | 21 min

Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.

29 mars 2019 | 26 min

Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.

28 mars 2019 | 22 min

State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.

27 mars 2019 | 22 min

More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.

26 mars 2019 | 22 min

Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.

25 mars 2019 | 21 min

Ryuk ransomware relationship revelations. [Research Saturday]

23 mars 2019 | 24 min

Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.

22 mars 2019 | 25 min

Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.

21 mars 2019 | 22 min

Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.

20 mars 2019 | 22 min

LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.

19 mars 2019 | 21 min

Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.

18 mars 2019 | 18 min

ThinkPHP exploit from Asia-Pacific region goes global. [Research Saturday]

16 mars 2019 | 14 min

Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.

15 mars 2019 | 23 min

Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.

14 mars 2019 | 22 min

Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).

13 mars 2019 | 22 min

Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.

12 mars 2019 | 22 min

Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.

11 mars 2019 | 18 min

Job-seeker exposes banking network to Lazurus Group. [Research Saturday]

9 mars 2019 | 25 min

Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.

8 mars 2019 | 25 min

Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.

7 mars 2019 | 23 min

5G worries. Whitefly vs. SingHealth. Speculative execution bug.

6 mars 2019 | 22 min

India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.

5 mars 2019 | 22 min

Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.

4 mars 2019 | 16 min

Fake Fortnite app scams infect gamers. [Research Saturday]

2 mars 2019 | 18 min

Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.

1 mars 2019 | 25 min

Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.

28 februari 2019 | 22 min

Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.

27 februari 2019 | 22 min

Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.

26 februari 2019 | 22 min

Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.

25 februari 2019 | 17 min

Rosneft suspicions shift from espionage to business email compromise. [Research Saturday]

23 februari 2019 | 29 min

Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.

22 februari 2019 | 27 min

Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.

21 februari 2019 | 22 min

Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.

20 februari 2019 | 22 min

International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.

19 februari 2019 | 21 min

Seedworm digs Middle East intelligence. [Research Saturday]

16 februari 2019 | 19 min

GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.

15 februari 2019 | 28 min

Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.

14 februari 2019 | 22 min

China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.

13 februari 2019 | 22 min

VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.

12 februari 2019 | 21 min

Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.

11 februari 2019 | 20 min

Trends and tips for cloud security. [Research Saturday]

9 februari 2019 | 22 min

Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.

8 februari 2019 | 27 min

Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.

7 februari 2019 | 22 min

APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.

6 februari 2019 | 23 min

ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.

5 februari 2019 | 22 min

Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.

4 februari 2019 | 19 min

Online underground markets in the Middle East. [Research Saturday]

2 februari 2019 | 21 min

No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.

1 februari 2019 | 27 min

Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.

31 januari 2019 | 22 min

US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.

30 januari 2019 | 22 min

Case studies in risk and regulation. [CyberWire-X]

30 januari 2019 | 32 min

FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.

29 januari 2019 | 22 min

Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.

28 januari 2019 | 21 min

Amplification bots and how to detect them. [Research Saturday]

26 januari 2019 | 21 min

Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.

25 januari 2019 | 26 min

The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.

24 januari 2019 | 22 min

Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.

23 januari 2019 | 21 min

Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.

22 januari 2019 | 22 min

Luring IoT botnets to the honeypot. [Research Saturday]

19 januari 2019 | 22 min

Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.

18 januari 2019 | 28 min

Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.

17 januari 2019 | 22 min

SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.

16 januari 2019 | 22 min

Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.

15 januari 2019 | 21 min

Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.

14 januari 2019 | 21 min

Magecart payment card theft analysis. [Research Saturday]

12 januari 2019 | 32 min

Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.

11 januari 2019 | 24 min

TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.

10 januari 2019 | 21 min

ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?

9 januari 2019 | 21 min

German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.

8 januari 2019 | 22 min

German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?

7 januari 2019 | 22 min

NOKKI, Reaper and DOGCALL target Russians and Cambodians. [Research Saturday]

5 januari 2019 | 17 min

Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.

4 januari 2019 | 26 min

2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.

3 januari 2019 | 21 min

Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore.

2 januari 2019 | 22 min

Apple Device Enrollment Program vulnerabilities explored. [Research Saturday]

22 december 2018 | 20 min

Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.

21 december 2018 | 29 min

Risk and regulation in the financial sector. [CyberWire-X]

21 december 2018 | 29 min

US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.

20 december 2018 | 22 min

Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.

19 december 2018 | 21 min

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

18 december 2018 | 21 min

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

17 december 2018 | 16 min

The Sony hack and the perils of attribution. [Research Saturday]

15 december 2018 | 23 min

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

14 december 2018 | 26 min

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

13 december 2018 | 22 min

Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.

12 december 2018 | 21 min

Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.

11 december 2018 | 21 min

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.

10 december 2018 | 21 min

Operation Red Signature targets South Korean supply chain. [Research Saturday]

8 december 2018 | 27 min

Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.

7 december 2018 | 27 min

Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.

6 december 2018 | 21 min

DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.

5 december 2018 | 22 min

Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.

4 december 2018 | 22 min

US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.

3 december 2018 | 16 min

Settling in with GDPR. [CyberWire-X]

3 december 2018 | 30 min

Getting an education on Cobalt Dickens. [Research Saturday]

1 december 2018 | 15 min

Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.

30 november 2018 | 25 min

Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.

29 november 2018 | 21 min

DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.

28 november 2018 | 21 min

Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.

27 november 2018 | 20 min

A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.

26 november 2018 | 19 min

Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.

21 november 2018 | 21 min

Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.

20 november 2018 | 21 min

CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”

19 november 2018 | 17 min

Doubling down on Cobalt Group activity. [Research Saturday]

17 november 2018 | 22 min

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

16 november 2018 | 24 min

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

15 november 2018 | 20 min

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

14 november 2018 | 22 min

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

13 november 2018 | 22 min

Regulation in the U.S. [CyberWire-X}

13 november 2018 | 28 min

Establishing international norms in cyberspace. [Research Saturday]

10 november 2018 | 23 min

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

9 november 2018 | 26 min

Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.

8 november 2018 | 20 min

A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.

7 november 2018 | 21 min

Iran complains, threatens, and spies. Election Day cybersecurity notes.

6 november 2018 | 21 min

US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?

5 november 2018 | 17 min

Election protection. [Research Saturday]

3 november 2018 | 25 min

Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.

2 november 2018 | 26 min

Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.

1 november 2018 | 22 min

Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.

31 oktober 2018 | 21 min

This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.

30 oktober 2018 | 21 min

Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.

29 oktober 2018 | 18 min

Faxploitation. [Research Saturday]

27 oktober 2018 | 17 min

Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?

26 oktober 2018 | 24 min

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

25 oktober 2018 | 20 min

Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.

24 oktober 2018 | 22 min

Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.

23 oktober 2018 | 20 min

Making the business case for privacy. [Special Edition]

23 oktober 2018 | 23 min

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

22 oktober 2018 | 15 min

Stormy weather in the Office 365 cloud. [Research Saturday]

20 oktober 2018 | 24 min

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

19 oktober 2018 | 25 min

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

18 oktober 2018 | 21 min

Meddling with the midterms. [Special Editions]

17 oktober 2018 | 23 min

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

17 oktober 2018 | 20 min

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

16 oktober 2018 | 19 min

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

15 oktober 2018 | 20 min

Driving GPS manipulation. [Research Saturday]

13 oktober 2018 | 30 min

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

12 oktober 2018 | 26 min

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

11 oktober 2018 | 21 min

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

10 oktober 2018 | 22 min

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

9 oktober 2018 | 21 min

Cryptojacking criminal capers continue. [Research Saturday]

6 oktober 2018 | 25 min

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

5 oktober 2018 | 25 min

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

4 oktober 2018 | 21 min

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

3 oktober 2018 | 21 min

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

2 oktober 2018 | 21 min

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

1 oktober 2018 | 21 min

Sophisticated FIN7 criminal group hits payment card data. [Research Saturday]

29 september 2018 | 34 min

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

28 september 2018 | 25 min

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

27 september 2018 | 20 min

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

26 september 2018 | 19 min

Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.

25 september 2018 | 20 min

Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.

24 september 2018 | 18 min

ICS honeypots attract sophisticated snoops. [Research Saturday]

22 september 2018 | 24 min

US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.

21 september 2018 | 26 min

Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.

20 september 2018 | 18 min

State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.

19 september 2018 | 21 min

Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.

18 september 2018 | 21 min

Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?

17 september 2018 | 20 min

Android device eavesdropping investigation. [Research Saturday]

15 september 2018 | 20 min

Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.

14 september 2018 | 26 min

Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.

13 september 2018 | 21 min

Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.

12 september 2018 | 21 min

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

11 september 2018 | 21 min

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

10 september 2018 | 20 min

Leafminer espionage digs the Middle East. [Research Saturday]

8 september 2018 | 25 min

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

7 september 2018 | 25 min

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

6 september 2018 | 21 min

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

5 september 2018 | 22 min

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

4 september 2018 | 16 min

ATM hacks on the rise. [Research Saturday]

1 september 2018 | 25 min

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

31 augusti 2018 | 26 min

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

30 augusti 2018 | 18 min

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

29 augusti 2018 | 21 min

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

28 augusti 2018 | 20 min

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

27 augusti 2018 | 17 min

Cyber espionage coming from Chinese University. [Research Saturday]

25 augusti 2018 | 28 min

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

24 augusti 2018 | 27 min

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

23 augusti 2018 | 20 min

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

22 augusti 2018 | 22 min

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

21 augusti 2018 | 22 min

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

20 augusti 2018 | 18 min

Stealthy ad fraud campaign evades detection. [Research Saturday]

18 augusti 2018 | 22 min

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

17 augusti 2018 | 26 min

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

16 augusti 2018 | 21 min

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

15 augusti 2018 | 21 min

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

14 augusti 2018 | 22 min

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

13 augusti 2018 | 18 min

Thrip espionage group lives off the land. [Research Saturday]

11 augusti 2018 | 28 min

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

10 augusti 2018 | 23 min

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

9 augusti 2018 | 21 min

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

8 augusti 2018 | 19 min

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

7 augusti 2018 | 21 min

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

6 augusti 2018 | 21 min

Cortana voice assistant lets you in. [Research Saturday]

4 augusti 2018 | 24 min

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

3 augusti 2018 | 26 min

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

2 augusti 2018 | 19 min

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

1 augusti 2018 | 19 min

Data-centric security. [Special Editions]

1 augusti 2018 | 29 min

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

31 juli 2018 | 21 min

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

30 juli 2018 | 17 min

BabaYaga strangely symbiotic Wordpress malware. [Research Saturday]

28 juli 2018 | 23 min

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

27 juli 2018 | 23 min

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

26 juli 2018 | 21 min

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

25 juli 2018 | 22 min

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

24 juli 2018 | 21 min

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

23 juli 2018 | 16 min

Measuring the spearphishing threat. [Research Saturday]

21 juli 2018 | 26 min

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

20 juli 2018 | 23 min

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

19 juli 2018 | 21 min

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

18 juli 2018 | 21 min

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

17 juli 2018 | 21 min

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

16 juli 2018 | 21 min

A new approach to mission critical systems.

14 juli 2018 | 24 min

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

13 juli 2018 | 26 min

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

12 juli 2018 | 21 min

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

11 juli 2018 | 21 min

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

10 juli 2018 | 21 min

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

9 juli 2018 | 17 min

No Distribute Scanners help sell malware. [Research Saturday]

7 juli 2018 | 17 min

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

6 juli 2018 | 24 min

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

5 juli 2018 | 21 min

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

3 juli 2018 | 20 min

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

2 juli 2018 | 16 min

VPNFilter malware could brick devices worldwide. [Research Saturday]

30 juni 2018 | 31 min

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

29 juni 2018 | 26 min

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

28 juni 2018 | 21 min

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

27 juni 2018 | 21 min

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

26 juni 2018 | 21 min

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

25 juni 2018 | 15 min

LG smartphone keyboard vulnerabilities. [Research Saturday]

23 juni 2018 | 19 min

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

22 juni 2018 | 25 min

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

21 juni 2018 | 21 min

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

20 juni 2018 | 21 min

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

19 juni 2018 | 21 min

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

18 juni 2018 | 20 min

Cyber bank heists. [Research Saturday]

16 juni 2018 | 19 min

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

15 juni 2018 | 24 min

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

14 juni 2018 | 20 min

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

13 juni 2018 | 18 min

Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.

12 juni 2018 | 21 min

SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.

11 juni 2018 | 18 min

Winnti Umbrella Chinese threat group. [Research Saturday]

9 juni 2018 | 24 min

Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.

8 juni 2018 | 26 min

New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.

7 juni 2018 | 20 min

Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?

6 juni 2018 | 21 min

DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.

5 juni 2018 | 20 min

Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.

4 juni 2018 | 16 min

Islamic State propaganda persistence. [Research Saturday]

2 juni 2018 | 22 min

Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.

1 juni 2018 | 26 min

Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.

31 maj 2018 | 21 min

More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.

30 maj 2018 | 20 min

Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.

29 maj 2018 | 21 min

UPnProxy infiltrates home routers. [Research Saturday]

26 maj 2018 | 23 min

VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.

25 maj 2018 | 26 min

VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.

24 maj 2018 | 21 min

Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.

23 maj 2018 | 21 min

Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.

22 maj 2018 | 20 min

DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.

21 maj 2018 | 17 min

Threat actors hijack Lojack. [Research Saturday]

19 maj 2018 | 20 min

Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.

18 maj 2018 | 25 min

Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.

17 maj 2018 | 20 min

Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?

16 maj 2018 | 21 min

Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.

15 maj 2018 | 21 min

Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.

14 maj 2018 | 16 min

Three pillars of Artificial Intelligence. [Research Saturday]

12 maj 2018 | 35 min

Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.

11 maj 2018 | 25 min

Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?

10 maj 2018 | 21 min

Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.

9 maj 2018 | 20 min

Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.

8 maj 2018 | 20 min

2018 RSAC Outlook. [Special Editions]

8 maj 2018 | 20 min

Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?

7 maj 2018 | 17 min

BlackTDS and ThreadKit offered in criminal markets. [Research Saturday]

5 maj 2018 | 24 min

In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.

4 maj 2018 | 27 min

Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?

3 maj 2018 | 22 min

New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.

2 maj 2018 | 21 min

Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.

1 maj 2018 | 20 min

Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.

30 april 2018 | 22 min

New MacOS backdoor linked to OceanLotus. [Research Saturday]

28 april 2018 | 23 min

Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?

27 april 2018 | 22 min

Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.

26 april 2018 | 21 min

DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.

25 april 2018 | 22 min

Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.

24 april 2018 | 20 min

ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.

23 april 2018 | 17 min

InnaputRAT exfiltrates victim data. [Research Saturday]

21 april 2018 | 23 min

RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.

20 april 2018 | 21 min

Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.

19 april 2018 | 20 min

More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.

18 april 2018 | 18 min

Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.

17 april 2018 | 23 min

Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.

16 april 2018 | 16 min

Energetic Dragonfly and DYMALLOY Bear 2.0. [Research Saturday]

14 april 2018 | 21 min

Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?

13 april 2018 | 25 min

Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.

12 april 2018 | 21 min

Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?

11 april 2018 | 17 min

Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?

10 april 2018 | 21 min

Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.

9 april 2018 | 16 min

Crypto crumple zones. [Research Saturday]

7 april 2018 | 38 min

Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.

6 april 2018 | 23 min

Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.

5 april 2018 | 21 min

Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.

4 april 2018 | 21 min

Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.

3 april 2018 | 21 min

Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.

2 april 2018 | 18 min

Chasing FlawedAMMYY. [Research Saturday]

31 mars 2018 | 23 min

Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.

30 mars 2018 | 22 min

Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.

29 mars 2018 | 21 min

Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.

28 mars 2018 | 21 min

Blockchains that bind us. [Special Editions]

28 mars 2018 | 36 min

Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.

27 mars 2018 | 20 min

Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.

26 mars 2018 | 19 min

Code comments cause SAML conundrum. [Research Saturday]

24 mars 2018 | 19 min

US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.

23 mars 2018 | 28 min

Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.

22 mars 2018 | 21 min

Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook's no-good, bad, awful week.

21 mars 2018 | 20 min

Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.

20 mars 2018 | 21 min

Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.

19 mars 2018 | 20 min

Cryptojacking injections heat up. [Research Saturday]

17 mars 2018 | 25 min

NATO-Russian cyber tensions high. They're also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?

16 mars 2018 | 25 min

Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.

15 mars 2018 | 21 min

AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.

14 mars 2018 | 21 min

May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.

13 mars 2018 | 21 min

Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.

12 mars 2018 | 20 min

Dark Caracal APT steals out of Lebanon. [Research Saturday]

10 mars 2018 | 40 min

Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?

9 mars 2018 | 23 min

A Memcrash kill-switch. Shadow Brokers' leaked "Territorial Dispute" tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.

8 mars 2018 | 18 min

Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.

7 mars 2018 | 20 min

Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.

6 mars 2018 | 20 min

Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American "yelling and hollering").

5 mars 2018 | 18 min

Lebal malware phishes for victims. [Research Saturday]

3 mars 2018 | 18 min

Memcrashing no longer just a theoretical possibility. Fancy Bear's pawprints in German networks and other peoples' embassies. Deterrence in cyberspace. High-profile fraud victims.

2 mars 2018 | 23 min

Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?

1 mars 2018 | 18 min

Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.

28 februari 2018 | 20 min

Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?

27 februari 2018 | 20 min

Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.

26 februari 2018 | 21 min

Phishing for holiday winnings. [Research Saturday]

24 februari 2018 | 23 min

Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.

23 februari 2018 | 23 min

Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus's shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.

22 februari 2018 | 20 min

SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.

21 februari 2018 | 21 min

SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.

20 februari 2018 | 19 min

The uncanny HEX men. [Research Saturday]

17 februari 2018 | 25 min

The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.

16 februari 2018 | 24 min

Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.

15 februari 2018 | 20 min

Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).

14 februari 2018 | 20 min

Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.

13 februari 2018 | 20 min

Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.

12 februari 2018 | 15 min

IcedID banking trojan. [Research Saturday]

10 februari 2018 | 24 min

Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?

9 februari 2018 | 24 min

Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.

8 februari 2018 | 20 min

Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the "Microsoft" Help Desk scam.

7 februari 2018 | 20 min

More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.

6 februari 2018 | 18 min

DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.

5 februari 2018 | 17 min

Advanced adware with nation-state tactics. [Research Saturday]

3 februari 2018 | 19 min

JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.

2 februari 2018 | 26 min

ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.

1 februari 2018 | 20 min

Phishing campaign targets Israeli scientists. Low-level contract phishing in China's hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.

31 januari 2018 | 20 min

Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper's Charter loses in court. US House may release surveillance memos. Strava OPSEC.

30 januari 2018 | 19 min

Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?

29 januari 2018 | 15 min

Targeting Olympic organizations. [Research Saturday]

27 januari 2018 | 22 min

Lebal's layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.

26 januari 2018 | 23 min

2018 forecast [Special Editions]

26 januari 2018 | 34 min

Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.

25 januari 2018 | 21 min

Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK's new office to combat disinformation. Pirated pdfs hold malware.

24 januari 2018 | 19 min

ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.

23 januari 2018 | 19 min

Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.

22 januari 2018 | 17 min

Fancy Bear Duping Doping Domains. [Research Saturday]

20 januari 2018 | 17 min

AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.

19 januari 2018 | 26 min

Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?

18 januari 2018 | 18 min

Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.

17 januari 2018 | 18 min

New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.

16 januari 2018 | 21 min

Shake Your MoneyTaker. [Research Saturday]

13 januari 2018 | 22 min

Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.

12 januari 2018 | 26 min

Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn't Bitcoin Cash.

11 januari 2018 | 21 min

Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.

10 januari 2018 | 17 min

Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.

9 januari 2018 | 19 min

Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.

8 januari 2018 | 17 min

TRISIS Malware: Fail-safe fail. [Research Saturday]

6 januari 2018 | 39 min

Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.

5 januari 2018 | 23 min

Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran's Internet crackdown. Indications of a guilty plea in NSA leak case.

4 januari 2018 | 18 min

Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. "Trackmageddon." Curating YouTube. Condolences to a SWATTING victim's family.

3 januari 2018 | 20 min

ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.

2 januari 2018 | 15 min

Hunting the Sowbug. [Research Saturday]

30 december 2017 | 20 min

The German Cybersecurity Market with Gerald Hahn

29 december 2017 | 14 min

The CISO's changing role with Andrew Wild

28 december 2017 | 16 min

"Hacked Again" author Scott Schober

27 december 2017 | 20 min

Active defense and “hacking back" with Johnathan Braverman from Cymmetria

26 december 2017 | 17 min

Keyboys back in town. [Research Saturday]

23 december 2017 | 21 min

Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.

22 december 2017 | 24 min

More data found exposed in an AWS S3 bucket. EtherDelta's DNS impersonation issue. DPRK says it doesn't hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.

21 december 2017 | 20 min

Pyongyang's snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?

20 december 2017 | 19 min

North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.

19 december 2017 | 20 min

Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.

18 december 2017 | 15 min

The unique culture of the Middle Eastern and North African underground. [Research Saturday]

16 december 2017 | 25 min

Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.

15 december 2017 | 24 min

Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.

14 december 2017 | 18 min

A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.

13 december 2017 | 20 min

Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?

12 december 2017 | 20 min

Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.

11 december 2017 | 14 min

Stealthy Zberp Banking Trojan. {Research Saturday]

9 december 2017 | 26 min

Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft's emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.

8 december 2017 | 22 min

Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.

7 december 2017 | 18 min

Satori botnet is awake (and it's not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.

6 december 2017 | 20 min

Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.

5 december 2017 | 19 min

Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.

4 december 2017 | 15 min

Staying ahead of Fast Flux Networks. [Research Saturday]

2 december 2017 | 20 min

Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.

1 december 2017 | 21 min

Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?

30 november 2017 | 17 min

Building your cyber security career. [Special Edition]

30 november 2017 | 34 min

Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.

29 november 2017 | 21 min

Who's the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.

28 november 2017 | 18 min

Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.

27 november 2017 | 15 min

Waiting for Terdot, a sneaky banking Trojan. [Research Saturday]

25 november 2017 | 21 min

The Right to Be Forgotten with Yale Law School's Tiffany Li

22 november 2017 | 19 min

Cyberspace in Peace and War author Martin C. Libicki

21 november 2017 | 28 min

PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business

20 november 2017 | 22 min

Dark Net Pricing with Flashpoint's Liv Rowley. [Research Saturday]

18 november 2017 | 22 min

AWS S3 misconfigurations. Kaspersky's report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.

17 november 2017 | 22 min

Revisions to the US VEP (and comparisons to China's). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?

16 november 2017 | 19 min

Hidden Cobra's RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?

15 november 2017 | 20 min

Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.

14 november 2017 | 20 min

Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.

13 november 2017 | 17 min

Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish. [Research Saturday]

11 november 2017 | 16 min

Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.

9 november 2017 | 22 min

Fancy Bear's new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.

8 november 2017 | 20 min

Stolen Paradise Papers aren't making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.

7 november 2017 | 21 min

The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?

6 november 2017 | 14 min

Exploring Phishing Kits with Duo Security's Jordan Wright. [Research Saturday]

4 november 2017 | 33 min

BadRabbit misdirection? Fancy Bear's wish list. AWS misconfigurations. Data breach notes.

3 november 2017 | 22 min

The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn't claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.

2 november 2017 | 19 min

Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.

1 november 2017 | 19 min

A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China's cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.

31 oktober 2017 | 14 min

Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.

30 oktober 2017 | 15 min

Tracking a Trojan: KHRAT. [Research Saturday]

28 oktober 2017 | 20 min

BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow's free commercial speech piety. Anonymous is back.

27 oktober 2017 | 23 min

Dogs that haven't barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.

26 oktober 2017 | 20 min

BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta's ICS Cybersecurity Conference.

25 oktober 2017 | 19 min

Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28's phishing. Kaspersky's offer of code review. FBI shots in the crypto wars.

24 oktober 2017 | 20 min

Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.

23 oktober 2017 | 16 min

WireX BotNet with Justin Paine from Cloudflare. [Research Saturday]

21 oktober 2017 | 26 min

IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.

20 oktober 2017 | 23 min

Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.

19 oktober 2017 | 17 min

DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.

18 oktober 2017 | 18 min

Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.

17 oktober 2017 | 19 min

KRACK attacks. Iran's growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.

16 oktober 2017 | 16 min

Synthesized DNA Malware with Peter Ney. [Research Saturday]

14 oktober 2017 | 23 min

Germany's BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.

13 oktober 2017 | 21 min

Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it's better).

12 oktober 2017 | 19 min

Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.

11 oktober 2017 | 18 min

Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.

10 oktober 2017 | 18 min

GDPR: Privacy from Across the Pond [Special Edition]

9 oktober 2017 | 32 min

Android Toast Overlay: Ryan Olson from Palo Alto Networks. [Research Saturday]

7 oktober 2017 | 19 min

FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.

6 oktober 2017 | 20 min

NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab's coffin.

5 oktober 2017 | 20 min

No insight yet into Las Vegas gunman's motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.

4 oktober 2017 | 18 min

Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK

3 oktober 2017 | 18 min

Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.

2 oktober 2017 | 14 min

APT 33: FireEye's John Hultquist on an Iranian Cyber Espionage Group. [Research Saturday]

30 september 2017 | 18 min

Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.

29 september 2017 | 22 min

Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.

28 september 2017 | 19 min

Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.

27 september 2017 | 19 min

Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.

26 september 2017 | 19 min

Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad's protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.

25 september 2017 | 16 min

Pacifier APT : Bitdefender's Liviu Arsene describes a sophisticated, multifaceted malware campaign. [Research Saturday]

23 september 2017 | 25 min

Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.

22 september 2017 | 22 min

EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.

21 september 2017 | 19 min

German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.

20 september 2017 | 19 min

Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.

19 september 2017 | 19 min

Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.

18 september 2017 | 17 min

Cobian RAT: Zscaler’s Deepen Desai describes some clever malware. [Research Saturday]

16 september 2017 | 18 min

Equifax agonistes. Kaspersky denies his company's a security risk. Political database for sale found exposed. Trolling the DCI.

15 september 2017 | 21 min

Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.

14 september 2017 | 19 min

North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked

13 september 2017 | 18 min

Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.

12 september 2017 | 17 min

Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.

11 september 2017 | 15 min

Equifax decides to tell people it's been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.

8 september 2017 | 23 min

DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. "Fake News" survey.

7 september 2017 | 17 min

Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that's not SIGINT.

6 september 2017 | 19 min

Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.

5 september 2017 | 16 min

Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks' Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.

1 september 2017 | 22 min

Turla's Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.

31 augusti 2017 | 19 min

Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.

30 augusti 2017 | 17 min

NIST Cybersecurity Framework [Special Editions]

30 augusti 2017 | 28 min

Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.

29 augusti 2017 | 16 min

Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran's info-ops rapper.

28 augusti 2017 | 16 min

Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.

25 augusti 2017 | 24 min

Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.

24 augusti 2017 | 18 min

Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.

23 augusti 2017 | 17 min

Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.

22 augusti 2017 | 18 min

GCHQ and MalwareTech's arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.

21 augusti 2017 | 16 min

Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI continues

18 augusti 2017 | 24 min

Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews "Profexor." Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.

17 augusti 2017 | 18 min

NIST SP 800-53 updated. Attack on Scotland Parliament's email system. Consequences of Equation Group leaks. "Mr. Smith" and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.

16 augusti 2017 | 18 min

Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to "Mr. Smith." Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.

15 augusti 2017 | 19 min

Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a "ripoff." More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.

14 augusti 2017 | 14 min

HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear's in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.

11 augusti 2017 | 22 min

Kenyan elections, not hacked? Someone's poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.

10 augusti 2017 | 18 min

Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.

9 augusti 2017 | 17 min

Power grid risks. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a Cybersecurity W

8 augusti 2017 | 17 min

US Army bans DJI COTS drones. Amazon will scan AWS customers' S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.

7 augusti 2017 | 15 min

MalwareTech arrested over Kronos banking Trojan. "Bateleur" in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.

4 augusti 2017 | 21 min

WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.

3 augusti 2017 | 18 min

Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin's hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.

2 augusti 2017 | 18 min

HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK's Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.

1 augusti 2017 | 18 min

Black Hat 2017 - Research and Investment [Special Edition]

1 augusti 2017 | 42 min

Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden's big breach. DPRK hacks online gaming for revenue.

31 juli 2017 | 15 min

WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang's Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.

28 juli 2017 | 23 min

"Mia Ash" is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Anti-drone

27 juli 2017 | 18 min

Counterattackers' advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.

26 juli 2017 | 16 min

Google Groups oversharing. E-discovery don'ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).

25 juli 2017 | 18 min

Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.

24 juli 2017 | 16 min

Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil's Ivy and the IoT. A look at criminal markets.

21 juli 2017 | 23 min

Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.

20 juli 2017 | 17 min

Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.

19 juli 2017 | 17 min

Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.

18 juli 2017 | 17 min

Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.

17 juli 2017 | 15 min

More from WikiLeaks' Vault7. Cyber ops and national policy. NotPetya's costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.

14 juli 2017 | 23 min

Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.

13 juli 2017 | 17 min

Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.

12 juli 2017 | 20 min

Russia's phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.

11 juli 2017 | 22 min

Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC

10 juli 2017 | 16 min

NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.

7 juli 2017 | 22 min

Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?

6 juli 2017 | 17 min

Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.

5 juli 2017 | 18 min

Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU's regulatory big stick. Vishing Parliament.

3 juli 2017 | 15 min

What's up with Petya/Nyetya/NotPetya? It's a wiper—the extortion is just misdirection. WikiLeaks dumps "OutlawCountry" from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.

30 juni 2017 | 22 min

Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.

29 juni 2017 | 15 min

IoT 2017 – Securing the Things: A CyberWire Special Edition [Special Edition]

29 juni 2017 | 36 min

Petya/PetrWrap/Goldeneye updates.

28 juni 2017 | 18 min

Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.

27 juni 2017 | 18 min

Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites. 

26 juni 2017 | 15 min

Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.

23 juni 2017 | 22 min

WannaCry's back and the industrial IoT's got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.

22 juni 2017 | 17 min

Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data.

21 juni 2017 | 17 min

Who's behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.

20 juni 2017 | 17 min

Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn't do it. (Didn't need to?) Hackers sentenced.

19 juni 2017 | 16 min

More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.

16 juni 2017 | 21 min

Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers' leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.

15 juni 2017 | 17 min

A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.

14 juni 2017 | 20 min

CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.

13 juni 2017 | 16 min

CrashOverride implicated in Ukraine grid hack—possibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.

12 juni 2017 | 16 min

Comey's testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.

9 juni 2017 | 22 min

Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.

8 juni 2017 | 16 min

Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.

7 juni 2017 | 15 min

Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.

6 juni 2017 | 16 min

ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.

5 juni 2017 | 15 min

Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.

2 juni 2017 | 21 min

It's the first of June, and the ShadowBrokers' exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).

1 juni 2017 | 15 min

Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.

31 maj 2017 | 16 min

Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.

30 maj 2017 | 13 min

WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.

26 maj 2017 | 22 min

Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.

25 maj 2017 | 16 min

Manchester bombing investigators look at bomber's network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.

24 maj 2017 | 16 min

ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.

23 maj 2017 | 15 min

How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).

22 maj 2017 | 14 min

WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.

19 maj 2017 | 21 min

OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.

18 maj 2017 | 16 min

Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks

17 maj 2017 | 16 min

WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?

16 maj 2017 | 16 min

WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.

15 maj 2017 | 16 min

WannaCry ransomware spreads via ShadowBrokers' dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump's Executive Order on cybersecurity.

12 maj 2017 | 21 min

French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother's day giftcard hacking. Telephonic harassment.

11 maj 2017 | 16 min

NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.

10 maj 2017 | 15 min

Metadata signs point to St. Petersburg in l'affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.

9 maj 2017 | 16 min

Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.

8 maj 2017 | 14 min

Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.

5 maj 2017 | 21 min

Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin's CISO.

4 maj 2017 | 16 min

Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.

3 maj 2017 | 16 min

IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.

2 maj 2017 | 16 min

NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.

1 maj 2017 | 14 min

OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. 

28 april 2017 | 20 min

Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority's charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.

27 april 2017 | 15 min

Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle's point-of-sale breach. Hacking in Fast and Furious 8.

26 april 2017 | 16 min

Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.

25 april 2017 | 16 min

Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.

24 april 2017 | 16 min

States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.

21 april 2017 | 21 min

Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium. A Chicago lawsuit brings privacy issues to the fore.

20 april 2017 | 16 min

Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.

19 april 2017 | 16 min

Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.

18 april 2017 | 16 min

Missiles and malware? ShadowBrokers' leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?

17 april 2017 | 15 min

ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.

14 april 2017 | 21 min

Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits.

13 april 2017 | 16 min

Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers

12 april 2017 | 15 min

Women in Cybersecurity 2017: A CyberWire Special Edition [Special Edition]

12 april 2017 | 26 min

Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes Gödel Prize

11 april 2017 | 16 min

Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.

10 april 2017 | 16 min

APT10's Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.

7 april 2017 | 21 min

Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.

6 april 2017 | 16 min

Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.

5 april 2017 | 16 min

Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security.

4 april 2017 | 16 min

WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.

3 april 2017 | 16 min

Fancy Bear's phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? 

31 mars 2017 | 21 min

Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.

30 mars 2017 | 16 min

Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.

29 mars 2017 | 16 min

Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.

28 mars 2017 | 16 min

Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America's JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.

27 mars 2017 | 16 min

WikiLeaks' Vault 7 "Dark Matter" docs. Information operations, Russian style and ISIS style. Job database exposed.

24 mars 2017 | 21 min

Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.  

23 mars 2017 | 16 min

Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.

22 mars 2017 | 15 min

Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it's being framed by DNS spoofing. "Cyber Pearl Harbor" fears may be a distraction.

21 mars 2017 | 16 min

Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council's Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.

20 mars 2017 | 15 min

Cyberspace and "Cold War Two." Who's leaking to WikiLeaks? Wishbone breached—warn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.

17 mars 2017 | 21 min

Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.

16 mars 2017 | 16 min

Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.

15 mars 2017 | 15 min

Canadian government sites recover from the Apache Struts vulnerability. FireEye's M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.

14 mars 2017 | 16 min

Vault 7 updates—observers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.

13 mars 2017 | 15 min

WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs.

10 mars 2017 | 20 min

Vault 7 doesn't show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power.

9 mars 2017 | 15 min

WikiLeaks and Vault 7

8 mars 2017 | 16 min

StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks' Vault 7. Hacking back? Wiretapping?

7 mars 2017 | 16 min

RSA 2017 Roundup – Perspectives, Pitches and Predictions [Special Edition]

7 mars 2017 | 47 min

Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.  

6 mars 2017 | 16 min

Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar's prospects. PRC wants cyber peace. And farewell to Howard Schmidt.

3 mars 2017 | 21 min

Online banking funds transfer fraud. Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.

2 mars 2017 | 16 min

Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.

1 mars 2017 | 16 min

Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.

28 februari 2017 | 15 min

If I Only Had a Brain... Artificial Intelligence Gets Real at RSA 2017 [Special Edition]

28 februari 2017 | 34 min

Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.

27 februari 2017 | 15 min

SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars. 

24 februari 2017 | 21 min

Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State's cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.

23 februari 2017 | 16 min

Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York's cyber security regulations for banks. What Verizon will get from Yahoo!

22 februari 2017 | 16 min

A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST's draft electrical utility cyber guidance. Problematic toys.

21 februari 2017 | 16 min

International norms of cyber conflict. Fancy Bear's tradecraft (with a side of дезинформа́ция). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.

17 februari 2017 | 21 min

Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported.  Notes from RSA, and an update on Android gunnery malware.

16 februari 2017 | 16 min

Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.

15 februari 2017 | 16 min

RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.

14 februari 2017 | 15 min

Cyber attacks reported in the Middle East, from both states and non-state actors. Italy's Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA's Innovation Sandbox.

13 februari 2017 | 16 min

Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine's Day.

10 februari 2017 | 21 min

The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.

9 februari 2017 | 17 min

Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.

8 februari 2017 | 16 min

Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?

7 februari 2017 | 16 min

Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to "witchcraft."

6 februari 2017 | 15 min

Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.

3 februari 2017 | 20 min

A black market for insider information. Cisco studies data breaches. The Internet as a threat actor's R&D infrastructure.

2 februari 2017 | 16 min

Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?

1 februari 2017 | 17 min

Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.

31 januari 2017 | 16 min

2017 Cyber Security Forecast [Special Editions]

31 januari 2017 | 39 min

Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.

30 januari 2017 | 14 min

LeakedSource is down. DoubleFlag's called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.

27 januari 2017 | 21 min

Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security's 2016 breach report. International cyber conflict notes, and a treason case in Russia.

26 januari 2017 | 16 min

Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.

25 januari 2017 | 16 min

Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.

24 januari 2017 | 13 min

Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai's master?

23 januari 2017 | 16 min

Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).

20 januari 2017 | 21 min

France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding "Fruitfly." Tracking Mirai's master.

19 januari 2017 | 16 min

Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.

18 januari 2017 | 16 min

Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.

17 januari 2017 | 16 min

Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.

13 januari 2017 | 21 min

Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.

12 januari 2017 | 14 min

Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?

11 januari 2017 | 17 min

Witch hunts and yard sales. See relationships, not dox. Rebrandings, mergers, acquisitions, and executive moves. Building anti-witch capabilities.

10 januari 2017 | 16 min

Election hacking, influence operations, and official reports. EU hacking concerns. Lawsuit over email's invention. Twitter frowns on unrequited love. Billy Bass, meet Alexa.  

9 januari 2017 | 16 min

Spearphishing in industrial espionage. Ransomware gets more widespread, ruthless, and perfidious. The US Intelligence Community assures the Senate that the Russians hacked the DNC.

6 januari 2017 | 21 min

Indiscriminate IOCs erode confidence in attributions. Official leaks erode trust in information sharing. Exploit updates.

5 januari 2017 | 16 min

Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.

4 januari 2017 | 16 min

Attribution issues: one story fizzles; another looks disappointingly circumstantial. Great powers jostle in cyberspace. Hacktivists resurface online. So, alas, do terrorists.

3 januari 2017 | 16 min

Best of: Daniel Ennis

30 december 2016 | 17 min

Buying Cyber Security [Special Editions]

30 december 2016 | 29 min

Best of: Tom Coale

29 december 2016 | 17 min

Best of: Tom Wingfield

28 december 2016 | 18 min

Best of: Abby Smith Rumsey

27 december 2016 | 17 min

Daily & Week in Review: Gunnery hacking. Influence operations and a proportionate response thereto? Yahoo breach post mortems. NIST issues Special Publication 800-184: "Guide for Cybersecurity Event Recovery."

23 december 2016 | 20 min

Daily: ISIS offers Christmas inspiration (and it's got nothing to do with peace or good will). Fancy Bear makes a battlefield appearance. Blogging services under attack.

22 december 2016 | 16 min

Daily: Grid hacking in Ukraine? German terror investigations. Airliner vulnerability dispute. NIST wants post-quantum crypto standards. Project Wycheproof. Wassenaar update.

21 december 2016 | 16 min

Daily: Another Ukrainian power grid outage may have cyber causes. ShadowBrokers may have got Equation Group code from a rogue insider. WordPress brute-forcing. Evading volumetric detection. Methbot ad fraud. Wassenaar remains controversial. 

20 december 2016 | 16 min

Daily: ShadowBrokers update. More consequences of the Yahoo! breach. Other sites suffer data compromises. US investigations of, plans for retaliation against, Russian influence operations proceed.

19 december 2016 | 16 min

Daily & Week in Review: US Election Assistance Commission hacked. US, Russia, swap hard words over influence operations. Ransomware updates. More on the effects of the Yahoo! breach. Autonomous vehicles approaching.

16 december 2016 | 20 min

Daily: Yahoo's big breach—industry reactions. Spyware circulates in the wild. Investigation of election hacking continues. Hacktivism and "faketivism." The ShadowBrokers are back.

15 december 2016 | 16 min

Daily: Nation-state hacking (and nation-state victims of hacking). Loyalty program breaches, and a new Android Trojan strain.

14 december 2016 | 16 min

Daily: SWIFT issues new fraud warnings. US investigates Russian influence operations. Patch news. Wages of sin are in-game purchases?

13 december 2016 | 16 min

Daily: Stressor, booter shoppers arrested. Small DDoS against Russian banks. Botnets and home routers. Popcorn Time ransomware. US investigates Russian influence operations.

12 december 2016 | 15 min

Daily & Week in Review: Korean cyber alert amid a presidential impeachment. Germany calls out Fancy Bear for influence ops. Georgia—the Dixie one, not the one in the Caucasus—demands a cyber explanation. Holiday phishing, the enduring DDoS threat, and

9 december 2016 | 22 min

Daily: IP theft in Germany. "Sledgehammer" looks like DDoS by Turkish patriotic hacktivists. Floki Bot and Dridex in the wild. Competition for cyber talent in a tight labor market.

8 december 2016 | 16 min

Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay? 

7 december 2016 | 17 min

Daily: State-directed cyberattacks in the 2017 forecast. Tenable's Cybersecurity Assurance Report Card. DDoS and ransomware notes. Content filtering in social media. Connected toys too curious.

6 december 2016 | 17 min

Presidential Commission on Cybersecurity offers its recommendations to the next President. Russia says its financial system is under cyber threat. Cybercrime notes, and a scorecard.

5 december 2016 | 15 min

Daily & Week in Review: Europol and its partners say they've got the head of the Avalanche snake. DDoS and IoT botnet updates. Android vulnerability. New rules for warrants and insider threats.

2 december 2016 | 21 min

Daily: Shamoon and Fancy Bear are back. Mirai never left. San Francisco Muni saved by good backups. New Android Trojan found. Firefox patches threat to Tor anonymity. Surveillance policy, ISIS investigations in Germany. 

1 december 2016 | 16 min

Daily: Mirai remains a threat; experts expect more IoT-driven DDoS. ISIS, online radicalization, and terror attacks in the US. Snooper's Charter and its alternatives. Gooligan Android malware.

30 november 2016 | 17 min

Daily: ISIS online sympathizers (but not ISIS itself, which is lying a bit low) claim Ohio State attacker. German security agencies warn of possible Russian disruption of elections. Mirai strikes again. San Francisco's Muni shrugs off ransomware. A look a

29 november 2016 | 17 min

Securing a Deal - Cyber Security Venture Capitalists on what they look for. A CyberWire Special Edition. [Special Edition]

29 november 2016 | 31 min

Daily: Military, law enforcement cooperation take a toll of ISIS operators. DDoS investigations. Mirai botnet can be rented on the black market. Beware ATM skimmers. Ransomware hits San Francisco light rail. Bogus news of cable show hacking.

28 november 2016 | 16 min

Daily: ISIS shows a slightly different face in cyberspace. BITAG issues advice to the IoT industry. Jackpotting and carding investigated.

23 november 2016 | 21 min

Daily: Banks are vulnerable to more than carding and transfer fraud. Ransomware updates. Lessons for users from the Three Mobile hack. Biometrics (with hedgehog). Election hacking retrospective.

22 november 2016 | 17 min

Daily: More of the customary cybercrime, but with additional warnings of new ransomware vectors. Dodgy apps and holiday shopping. Credential abuse. No pardon for Snowden, for now, anyway.

21 november 2016 | 15 min

Daily & Week in Review: US DNI Clapper says Russia "curtailed" election hacking after being named. Three Mobile breached. Android and iOS issues. Good news on ransomware. Start-up rundown. China calls its Internet controls "wisdom."

18 november 2016 | 21 min

Daily: Social media aren't automatically on the right side of history, it seems. More on the Adups backdoor. Holiday shopping cyber-safety and security.

17 november 2016 | 17 min

Daily: An insider threat deadline approaches. Lawful intercept tools from Italy. Carbanak moves to new targets. Security policy in Germany and the US. A guilty plea in the TalkTalk hack.

16 november 2016 | 17 min

Daily: It walks, it talks, it reports to Shanghai. Locky takes a run at US Army Cyber Command. CrySis decrypted. SpamTorte 2.0 is out. Adults should be warned off by "adult."

15 november 2016 | 18 min

Daily: Russian banks suffer IoT botnet DDoS. Fancy Bear's still phishing. Lessons from Tesco fraud. Third-party risk hits Michael Page. Casino Rama data breach. Adult website loses data for 339 million accounts. FTC litigation. Moscow anti-trust case.

14 november 2016 | 16 min

Daily: Yahoo! warns Verizon deal may be at risk. More OPM-themed ransomware phishing. Cyber policy advice for, and speculation about, the next US Administration.

10 november 2016 | 18 min

US elections proceeded undisrupted by hacking. Patch Tuesday review. Banking Trojans, Android trigger-malware, and thermostats gone wild.

9 november 2016 | 17 min

Daily: Election Day cyber updates. Mirai goes to pieces. Five Eyes and Europol take down dark web souks. Turkey and clamps down on their Internet.

8 november 2016 | 17 min

Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.

7 november 2016 | 15 min

Mirai, "Botnet #14," hits Liberian networks. Anonymous doesn't much care for either jihad or the Man. A new security company forms with acquisition of Cryptzone, Catbird, Easy Solutions, and Brainspace. Election hacking updates.

4 november 2016 | 22 min

Daily: Sources say FBI is confident foreign intelligence services penetrated former Secretary of State's private email server. WikiLeaks says it's not a Russian tool. Notes on industry; notes on cybercrime.

3 november 2016 | 17 min

Daily: To disclose or not to disclose…in public. A look into the dark web. Chrome and Firefox disallow shaky certificates. Anonymous gets an incomplete. The Shadow Brokers are still after the Wealthy Elite.

2 november 2016 | 17 min

Daily: The Shadow Brokers say trick or treat to the Amerikanski. Are free elections like free beer? Google wants faster patching. The state of Mirai.

1 november 2016 | 17 min

Daily: Halloween special: mummies, lycanthropes, vampires, villagers with pitchforks, and virtual stakes through virtual hearts.

31 oktober 2016 | 14 min

Daily & Week in Review: Not all experts agree you should resign yourself to being hacked. The state of fraud, 2016. Ransomware and DDoS updates. The Kremlin gets doxed.

28 oktober 2016 | 22 min

Exploring Cyber Security Education [Special Edition]

28 oktober 2016 | 34 min

Daily: DDoS concerns mount—not just Mirai botnets, but LDAP exploitation. Ukrainian hacktivists release emails they say belong to one of Putin's closest advisors. (Moscow says they're fake. Moscow's on its own.)

27 oktober 2016 | 16 min

Daily: Youth and cyber make a bad-news-good-news story (it's complicated). Mirai DDoS may be the work of skids. ISIS adjusts its messaging.

26 oktober 2016 | 17 min

Daily: The Mirai botnet DDoS attack, its consequences and attribution, with commentary from various observers.

25 oktober 2016 | 17 min

Daily: Recovering from Friday's IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.

24 oktober 2016 | 15 min

Daily & Week in Review: Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.

21 oktober 2016 | 21 min

Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.

20 oktober 2016 | 17 min

Daily: Blockchains at a brewery. Ecuador says it cut Assange's Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London's City.

19 oktober 2016 | 17 min

Daily: Assange still has asylum, but not so much connectivity. RT's banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.

18 oktober 2016 | 17 min

Daily: Pakistan phishes Indian Army. US election hacks continue as the US investigates and mulls its response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.

17 oktober 2016 | 16 min

Daily & Week in Review: Political hacks: email, Twitter, and iCloud. Calls mount for tough US response to Russian cyber operations. Two Android vulnerabilities and one threat revealed. Verizon calls Yahoo! breach "material."

14 oktober 2016 | 22 min

Daily: Patriotic hacktivism in South Asia? US, Russia cyber stare-down continues. IoT devices exploited as proxies. Cyber sector sees market volatility. Cartels launder money through games.

13 oktober 2016 | 16 min

Daily: Australia confirms foreign intelligence service hacked Bureau of Meteorology. TV5Monde and its false-flag hack. Trojan hitting SWIFT. Patch Tuesday notes. US-Russian cyber showdown.

12 oktober 2016 | 17 min

Daily: US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as "rubbish." WikiLeaks posts Clinton campaign emails.

11 oktober 2016 | 17 min

Daily & Week in Review: Skepticism concerning Guccifer 2.0's claimed hack of the Clinton Foundation. NSA contractor arrest. Mirai botnet exploits. Security fatigue.

7 oktober 2016 | 22 min

Daily: NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story's still murky. Thoughts from AUSA on cyber innovation and information warfare.

6 oktober 2016 | 17 min

Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.

5 oktober 2016 | 17 min

Daily: AUSA update. Mirai botnet shows risks of default IoT passwords. US-Russian tensions rise over imposition of costs.

4 oktober 2016 | 17 min

Daily: Hackers said to "probe" US voting systems. IoT botnet source code released. "DressCode" malware afflicts Android devices. Industry notes. SEC urged to make an example of Yahoo!

3 oktober 2016 | 13 min

Daily & Week in Review: Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion.

30 september 2016 | 22 min

Daily: Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.

29 september 2016 | 17 min

Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.

28 september 2016 | 16 min

Daily: Yahoo!'s Verizon deal still on. Mac trojan hits aerospace. Facebook poked by German privacy laws.

27 september 2016 | 16 min

Daily: Yahoo! breach fallout, Krebs back online, election hack concerns.

26 september 2016 | 14 min

Daily & Week in Review: Yahoo! breach, infected torrents, insider threats.

23 september 2016 | 21 min

Daily: Record breaking DDoS, record breaking account info theft.

22 september 2016 | 17 min

Daily: Russian hackers hit German targets. New ransomware. DPRK domains revealed.

21 september 2016 | 17 min

Daily: FBI hunts Russian bears, election hacking, chat bot warnings.

20 september 2016 | 17 min

Daily: New York area bombings, ISIS defacements, Snowden pardon debate.

19 september 2016 | 14 min

Daily & Week in Review: VIPs scrub email, cyber war vs cold war, industry news and more.

16 september 2016 | 21 min

Daily: Does Fancy Bear care if it's caught? Retaliation, vulnerabilities, litigation, and more.

15 september 2016 | 17 min

Daily: Pentesting meets the gig economy. Stingrays, machine learning, and more.

14 september 2016 | 17 min

Daily: Lessons from recent incidents. Russia says, it's not us, it's you, and more.

13 september 2016 | 16 min

Daily: Zero-days, industry notes, the Intelligence & National Security Summit, and more.

12 september 2016 | 15 min

Daily & Week in Review: Malware mines Monero. That sad OPM breach, Crackas cracked, and more.

9 september 2016 | 21 min

Daily: US voting security, cyber M&A action, OPM breach post mortem, Pokémon, and more.

8 september 2016 | 17 min

Daily: Election hacking (again). Also key sharing risks, and more.

7 september 2016 | 16 min

Daily: Slap leather, Vlad. If cyberspace is the "Wild West," here's the best showdown since Blazing Saddles, and more.

6 september 2016 | 16 min

Daily & Week in Review: Election hacking, OS X patched, cyber saber-rattling, finding security talent, and more.

2 september 2016 | 21 min

Daily: Russia's cyber long game, SWIFT fraud, hack physics (not metaphors), and more.

1 september 2016 | 17 min

Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.

31 augusti 2016 | 17 min

Fundraising and Cyber Startups [Special Editions]

31 augusti 2016 | 30 min

Daily: Bug hunters turn shorts. Cyber frame-ups, election fraud, spearphishing, whalephishing, and more.

30 augusti 2016 | 17 min

Daily: Bug bounty? Nah, just short the stock. Pegasus, cyber arms control, and more.

29 augusti 2016 | 16 min

Daily & Week in Review: Sorry, kids, it's back-to-school. What you should know, fellow youths, and more.

26 augusti 2016 | 21 min

Daily: Info ops drive hacks. Cryptowar resurgence in Europe, and more.

25 augusti 2016 | 17 min

Daily: "It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)

24 augusti 2016 | 15 min

Daily: Shadow Brokers: zero-day hoarding (or not) and firewall exploitation.

23 augusti 2016 | 17 min

Daily: Hacking and hybrid warfare. Industry notes (including Wassenaar's next round).

22 augusti 2016 | 16 min

Daily & Week in Review: Hulk smash. Pokemon smish. And more on the Shadow Brokers.

19 augusti 2016 | 21 min

Daily: Who is Boson Spider? Legit zero-days among Shadow Brokers' leaks.

18 augusti 2016 | 17 min

Daily: Shadow Brokers warn 'Wealthy Elite'--new cyber cold war? And cybercrooks are still out there.

17 augusti 2016 | 17 min

Daily: All your attack code are belong us. Guccifer 2.0 suddenly more fluent.

16 augusti 2016 | 16 min

Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.

15 augusti 2016 | 14 min

Daily & Week in Review: FBI has "high confidence" Russians hacked DNC. Olympic hacks, cyber vigilantes, criminal markets.

12 augusti 2016 | 22 min

Daily: Info ops as battlespace prep. It's hard to count Australians.

11 augusti 2016 | 17 min

Daily: Australia's census clogged. Iran ups its offense? Ransomware and file deletion.

10 augusti 2016 | 16 min

Daily: A look back at Vegas. Rio's rogue Wi-Fi. Cyberwar & actual war.

9 augusti 2016 | 16 min

Black Hat, Part 2 - Trends and Insights from Industry Leaders [Special Edition]

9 augusti 2016 | 18 min

Daily: DARPA CTF: Mayhem (win), Xandra (place), Mechphish (show). Blame it on Rio.

8 augusti 2016 | 17 min

Daily: Election hacking, layoff rumors, the unbearable lightness of Pokemon.

5 augusti 2016 | 20 min

Black Hat - Cyber Security Trends and Investment [Special Edition]

4 augusti 2016 | 30 min

Daily: Black Hat, of course. US election concerns, and more jihadist info ops.

4 augusti 2016 | 15 min

Daily: Black Hat USA, Android upgrades, and mind control (maybe).

3 augusti 2016 | 17 min

Daily: US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.

2 augusti 2016 | 17 min

Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.

1 augusti 2016 | 15 min

Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?

29 juli 2016 | 22 min

Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.

28 juli 2016 | 17 min

Daily: DNC hacks, encryption, IoT hacks, and Pokémon.

27 juli 2016 | 16 min

Daily: Russians interested in US elections? Russia says nyet, but DNC says da.

26 juli 2016 | 17 min

Daily: ISIS, al Qaeda compete online. WikiLeaks doxes DNC (courtesy FSB, GRU).

25 juli 2016 | 14 min

Daily & Week in Review: Hacktivists hit Library of Congress, Stingrays and Security Clearances

22 juli 2016 | 22 min

Daily: DDoSing ISIS. Political hacks. Inspiration is an info op.

21 juli 2016 | 14 min

Daily: Brazilian, Chinese groups pledge allegiance to ISIS. Turkey's coup aftermath online.

20 juli 2016 | 16 min

Daily: Influence online, from jihad to kawaii. Cybercrime. Industry updates.

19 juli 2016 | 16 min

Quantifying Cyber Risk [Special Editions]

19 juli 2016 | 32 min

Daily: Dark web observations on coups and lists. Pokémon Go and the madness of crowds.

18 juli 2016 | 16 min

Daily & Week in Review: Pokémon Go's astonishing success. (And attack surface?) Crime, folly, the punishment thereof.

15 juli 2016 | 21 min

Daily: Slinging cyber lingo. Bad robots. Pokémon Go's long march.

14 juli 2016 | 16 min

Daily: Patch Tuesday notes. Pokémon Go (of course), ICS security, energy recon, fansmitters.

13 juli 2016 | 17 min

Daily: Medical device, record hacks. (Un)welcome new ransomware: Alfa, Ranscam. ISIS online decline?

12 juli 2016 | 14 min

Daily: Pokémon Go is out, with troubles in its popular trail. Cybercrime & hacktivist miscellany.

11 juli 2016 | 17 min

Daily & Week in Review: Classified info--goose sauce, gander sauce. Security industry buoyed by Avast, AVG.

8 juli 2016 | 22 min

Daily: Blockchains and their uses. Pirrit adware attribution. Avast buys AVG for $1.3B.

7 juli 2016 | 17 min

Daily: Cybercrime campaigns. States hope ISIS overplayed its violent hand. No indictment of Clinton over email.

6 juli 2016 | 13 min

Daily: Statecraft, spycraft, & warcraft: inspiration, cells, & espionage. Cybercrime & punishment.

5 juli 2016 | 17 min

Daily & Week in Review: Conficker worms into medical IoT. Talking key management, DevOps. NERC standards take effect.

1 juli 2016 | 21 min

Daily: Hacktivism or denial-&-deception? (Smart money's on D&D.) LizardStressor herds CCTV bots.

30 juni 2016 | 15 min

Daily: Istanbul bombings prompt global intel collection re-look. Cyber threats to transportation.

29 juni 2016 | 16 min

Daily: Not interested in Fancy Bear? Fancy Bear's interested in you. No dark-grey hats, please.

28 juni 2016 | 16 min

Daily: Ransomware: MIRCOP, Cerber, CryptXXX, Bart, TeslaCrypt (& the #95 car). Intel selling security unit?

27 juni 2016 | 13 min

Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.

24 juni 2016 | 22 min

Daily: Insecurity cascades from credential breaches, homebrew servers? Cyber casus belli. Waiting for Brexit (or not).

23 juni 2016 | 5 min

Daily: Android malware circulating in the wild. Did bears find Clinton Foundation servers just right? Help me, ObiWan.

22 juni 2016 | 16 min

Daily: DNC hack looks like Russia's work, but Guccifer 2.0 still says no. (Nyet?)

21 juni 2016 | 16 min

Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.

20 juni 2016 | 17 min

Daily & Week in Review: Car hacking. Flash Player Patched. DNC hack updates, fighting terror in cyberspace.

17 juni 2016 | 22 min

Daily: xDedic, Guccifer 2.0...but what really knocks us out is those cheap sunglasses.

16 juni 2016 | 17 min

Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.

15 juni 2016 | 15 min

Daily: Run DNC. Online inspiration and the limits of investigation. North Korean cyber ops.

14 juni 2016 | 16 min

Daily: Jihadists continue online inspiration. India worries about China's cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.

13 juni 2016 | 14 min

Daily & Week in Review: Breach reactions. Attention grid substations: squirrels, and snakes, and monkeys, oh my...

10 juni 2016 | 22 min

Daily: Ransomware spreads (backup or pay up?). Safe travels. FTC, NFL embarrassed.

9 juni 2016 | 15 min

Daily: US banks warned to get their security act together. Security trends.

8 juni 2016 | 12 min

Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter's parapet.

7 juni 2016 | 15 min

Daily: Sovereign mafia state? Spearphishing with Pay Commission bait. IoT risks.

6 juni 2016 | 15 min

Daily & Week in Review: Money laundering, cyber fraud, lost laptops, & how cyber criminals get paid.

3 juni 2016 | 23 min

Daily: A look at markets, legitimate and criminal. ICS proof-of-concept exploit.

2 juni 2016 | 15 min

Daily: Stealth Falcon, OEM issues, black market trends.

1 juni 2016 | 15 min

Daily: Social media breach woes, sector analysts & investor sentiment.

31 maj 2016 | 14 min

Daily & Week in Review: Crypto wars update, story stocks, AI, encryption, and the usual crime.

27 maj 2016 | 21 min

Daily: Ransomware threats. Industry (mostly good) news. US State Department IG reports on email.

26 maj 2016 | 15 min

Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren't 'bombs?

25 maj 2016 | 13 min

Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day... Bonus: Scunthorpe Problem.

24 maj 2016 | 15 min

Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.

23 maj 2016 | 15 min

Daily & Week in Review: TeslaCrypt says "sorry, here's the key." 50-cent-ers troll China.

20 maj 2016 | 21 min

Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).

19 maj 2016 | 13 min

Daily: LinkedIn may have been breached. Malicious apps, a new Skimmer, and honor among thieves.

18 maj 2016 | 15 min

Daily: Current exploits and bugs, fraught China-US cyber relations, and industry notes.

17 maj 2016 | 16 min

Daily: Social media collection suggests ISIS in trouble. Russian government cyber activities. US VA wants dark web help.

16 maj 2016 | 14 min

Daily & Week in Review: Android issues, SWIFT hacks, the cyber security marketplace.

13 maj 2016 | 23 min

Daily: US-CERT warns of SAP issues. Business disruption big criminal business. A talk with IBM about Watson.

12 maj 2016 | 14 min

Daily: Reports of venture capital's death seem much exaggerated. Quantum technology, adapted to the meanest understanding.

11 maj 2016 | 13 min

Daily: Ransomware evolves (and gets brutal). Dataminr blocks IC--bad Gov-industry blood?

10 maj 2016 | 15 min

Daily: Panama Papers updates, info ops, pro- & anti-ISIS, market jitters.

9 maj 2016 | 12 min

Daily & Week in Review: Responsible disclosure & why the cool miscreants are on Twitter.

6 maj 2016 | 21 min

Daily: World Password Day, OpIcarus

5 maj 2016 | 13 min

Daily: Hey, padawans: Supreme Leader Snope hints he's got your back!

4 maj 2016 | 13 min

Daily: Anonymous hits Bank of Greece. I am Satoshi!

3 maj 2016 | 13 min

Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?

2 maj 2016 | 13 min

Daily & Week in Review: Backdoors or legit apps? Serpents in walled gardens. Verizon's Data Breach Report.

29 april 2016 | 22 min

Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who's Aquaman?

28 april 2016 | 13 min

Daily: Paranoia -as-a-service? Cyber con jobs.

27 april 2016 | 13 min

Daily: Snowden advanced crypto by 7 years." Proofread your way to security.

26 april 2016 | 13 min

Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)

25 april 2016 | 13 min

Daily & Week in Review: Voter dbase compromises. How not to sell security.

22 april 2016 | 21 min

Daily: Australia's new cyber strategy, Dorkbot's old; CryptXXX is new.

21 april 2016 | 13 min

Daily: Industry news, and some plaintiffs may wish to reconsider.

20 april 2016 | 13 min

Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.

19 april 2016 | 13 min

Daily: Confidence building. Offensive cyber ops. M&A notes.

18 april 2016 | 12 min

Daily & Week in Review: Industry notes, including a look at labor markets. Cyber gangland and its neighborhoods.

15 april 2016 | 21 min

Daily: Info ops for and against ISIS. Industry notes.

14 april 2016 | 13 min

Daily: Dogs still not barking in Panama. (But ransomware bites.)

13 april 2016 | 13 min

Daily: State hacking, state messaging. Crimeware evolution.

12 april 2016 | 13 min

Daily: Ukraine's PM resigns, in part over Panama Papers controversy. Patch news.

11 april 2016 | 13 min

Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.

8 april 2016 | 20 min

In Their Own Words — The 2016 Women in Cybersecurity Conference [Special Edition]

7 april 2016 | 32 min

Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.

7 april 2016 | 13 min

Daily: Panama Papers count coup. Trojanized Android apps found.

6 april 2016 | 12 min

Daily: Governments nervously investigate Panama Papers. Industry sees layoffs & an IPO.

5 april 2016 | 13 min

Daily: MedStar recovers. More on ransomware, and one weird trick to hiding $2B.

4 april 2016 | 12 min

Daily & Week in Review: Ransomware, state actors, the current state of the crypto wars.

1 april 2016 | 23 min

Daily: DDoS, business email threats remain. How to set up your new machine.

31 mars 2016 | 12 min

Daily: Hospital hack, ransomware evolution, the FBI, and Scotland Yard.

30 mars 2016 | 13 min

Daily: Healthcare cyber risks. Jihadi's iPhone accessed. Working with MSSPs.

29 mars 2016 | 13 min

Daily: Ransomware and hospitals. Why random numbers matter. Stolen certificates.

28 mars 2016 | 13 min

Daily: ISIS info ops target gangsta demo. Snakes in walled gardens. US indicts Iranians.

25 mars 2016 | 13 min

Daily: Collection outstrips analysis & dissemination. When an air-gap...isn't.

24 mars 2016 | 13 min

Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.

23 mars 2016 | 13 min

Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.

22 mars 2016 | 13 min

Daily: Elves vs. trolls in the Baltic. Updates on Bangladesh bank heist, DoJ vs. Apple.

21 mars 2016 | 12 min

Daily: Buhtrap raked in the rubles. Dridex is back. So are Stagefright and Rowhammer.

18 mars 2016 | 12 min

Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread.

17 mars 2016 | 13 min

Daily: Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign.

16 mars 2016 | 13 min

Daily: Naming & shaming Iran's hackers? Palo Alto spots "Digital Quartermaster." Team Apple bigger than Team DoJ.

15 mars 2016 | 13 min

Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars.

14 mars 2016 | 13 min

Daily: US to indict Iranians for Rye hack? ISIS loses HR records. Apple vs. FBI gets nastier.

11 mars 2016 | 13 min

RSA Special: Trade and Investment [Special Editions]

10 mars 2016 | 18 min

Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.

10 mars 2016 | 13 min

RSA Special: Emerging Technologies [Special Editions]

10 mars 2016 | 22 min

Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues.

9 mars 2016 | 13 min

RSA Special: Threat Intelligence [Special Editions]

8 mars 2016 | 21 min

Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.

8 mars 2016 | 13 min

Daily: Looking back at RSA. "Transparent Tribe" and "Pawn Storm" expand target sets. Mac ransomware found, blocked. Apple's amici.

7 mars 2016 | 14 min

Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.

4 mars 2016 | 12 min

Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.

3 mars 2016 | 13 min

Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.

2 mars 2016 | 13 min

Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?

2 mars 2016 | 13 min

Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.

29 februari 2016 | 13 min

Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. "Government OS."

26 februari 2016 | 13 min

Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th?

25 februari 2016 | 13 min

Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Venture capital gets tight.

24 februari 2016 | 13 min

Daily: Anonymous hits Belgium & Cincinnati. Twitter vs. jihad? MouseJack. Apple, FBI dispute updates.

23 februari 2016 | 13 min

Daily: Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department.

22 februari 2016 | 12 min

Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.

19 februari 2016 | 13 min

Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.

18 februari 2016 | 13 min

Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.

17 februari 2016 | 13 min

The CyberWire - 2.16.2016 - Daily cyber security news brief.

16 februari 2016 | 13 min

The CyberWire Daily Podcast 2.12.16

12 februari 2016 | 13 min

The CyberWire Daily Podcast 2.11.16

11 februari 2016 | 13 min

The CyberWire Daily Podcast 2.10.16

10 februari 2016 | 13 min

The CyberWire Daily Podcast 2.9.16

8 februari 2016 | 11 min

The CyberWire Daily Podcast 2.8.16

8 februari 2016 | 13 min

The CyberWire Daily Podcast 2.5.16

5 februari 2016 | 13 min

The CyberWire Daily Podcast 2.4.16

4 februari 2016 | 13 min

The CyberWire 2.3.16

3 februari 2016 | 13 min

The CyberWire 2.2.16

2 februari 2016 | 13 min

The CyberWire 2.1.16

1 februari 2016 | 11 min

The CyberWire 1.29.16

29 januari 2016 | 13 min

The CyberWire 1.28.16

28 januari 2016 | 13 min

The CyberWire 1.27.16

27 januari 2016 | 13 min

The CyberWire 1.26.16

26 januari 2016 | 12 min

The CyberWire 1.25.16

25 januari 2016 | 13 min

The CyberWire 1.22.16

22 januari 2016 | 12 min

The CyberWire 1.21.16

21 januari 2016 | 13 min

The CyberWire 1.20.16

20 januari 2016 | 12 min

The CyberWire 1.19.16

19 januari 2016 | 13 min

The CyberWire 1.15.16

15 januari 2016 | 12 min

The CyberWire 1.14.16

14 januari 2016 | 11 min

The CyberWire 1.13.16

13 januari 2016 | 12 min

The CyberWire 1.12.16

12 januari 2016 | 13 min

The CyberWire 1.11.16

11 januari 2016 | 15 min

The CyberWire 1.8.16

8 januari 2016 | 10 min

The CyberWire 1.7.16

7 januari 2016 | 12 min

The CyberWire 1.6.16

6 januari 2016 | 12 min

The CyberWire 1.5.16

5 januari 2016 | 11 min

The CyberWire 1.4.16

4 januari 2016 | 13 min

The CyberWire 12.30.15

30 december 2015 | 11 min

The CyberWire 12.29.15

29 december 2015 | 13 min

The CyberWire 12.28.15

28 december 2015 | 11 min

The CyberWire 12.23.15

23 december 2015 | 9 min

The CyberWire 12.22.15

22 december 2015 | 10 min

The CyberWire 12.21.15

21 december 2015 | 9 min

Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]

Senaste avsnitt

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

Muddled Libra: From Spraying to Preying in 2025 [Threat Vector]

A dark web titan falls.

Powering AI with politics.

SharePoint springs a leak.

The SharePoint siege goes strategic.

Microsoft flaws fuel global breaches.

Anisha Patel: Right along with them. [Program management] [Career Notes]

Creeping like a spider. [Research Saturday]

UK calls out Russia’s playbook.

When hackers become the hunted.

Chrome’s high-risk bug gets squashed.

The Grok that broke the camel’s back.

Taxing times for cyber fraudsters.

MK Palmore: Lead from where you stand. [CISO] [Career Notes]

Click here to steal. [Research Saturday]

Behind the firewall, trouble brews.

Cybercrime has a hefty price tag.

Plug-ins gone rogue.

Memory leaks and login sneaks.

SafePay, unsafe day.

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Botnet’s back, tell a friend. [Research Saturday]

Turning data into decisions. [Deep Space]

Secure Your Summer: Top Cyber Myths, Busted [Threat Vector]

The bug that let anyone in.

Houken blends stealth and chaos.

North Korea’s covert coders caught.

U.S. braces for Iranian cyber intrusions.

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

A tale of two botnets. [Research Saturday]

Turbulence in the cloud.

No panic—just patch.

Open-source, open season.

Iran’s digital threat after U.S. strikes.

Iran’s digital retaliation looms.

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

Signed, sealed, exploitable. [Research Saturday]

A blast from the breached past.

Juneteenth: Reflecting, belonging, and owning your seat at the table. [Special Edition]

Typhoon on the line.

Can’t DOGE the inquiry.

Darknet drug marketplace closed for business.

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]

Hiding in plain sight with vibe coding.

Cloudflare’s cloudy day resolved.

Scam operations disrupted across Asia.

Ghost students “haunting” online colleges.

Jedai tricks, human risks.

White House reboots cybersecurity priorities.

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

A new stealer hiding behind AI hype. [Research Saturday]

Beware of BADBOX.

China’s largest data leak exposes billions.

Appetite for tracking: A feast on private data.

Zero-day déjà vu.

AVCheck goes dark in Operation Endgame.

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

Triofox and the key to disaster. [Research Saturday]

All systems not go.

When "out of the box" becomes "out of control."

Fingers point east.

BEAR-ly washed and dangerous.

AWS in Orbit: Automated Satellite Management. [T-Minus Space]

Hugh Thompson on Building the RSA Conference [Afternoon Cyber Tea]

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Purple teaming in the modern enterprise. [CyberWire-X]

Pandas with a purpose. [Research Saturday]

When malware masters meet their match.

Lights out for Lumma.

Bear in the network.

The Take It Down Act walks a fine line.

Redacted realities: Inside the MoJ hack.

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

Leveling up their credential phishing tactics. [Research Saturday]

Preparing for the cyber battlespace.

Bypassing Bitlocker encryption.

Get to patching: Patch Tuesday updates.