The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]
As our team is offline taking an extended break for the July 4th Independence Day holiday in the US, we thought you'd enjoy an episode from one of N2K Network shows, Threat Vector.
This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report.
They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of 'living off the land' attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption supply chain attacks and share recommendations for mitigating these cyber threats.
Resources:
Read the 2024 Unit 42 Incident Response report.
Listen to Beyond the Breach: Strategies Against Ivanti Vulnerabilities.
Join the conversation on our social media channels:
Website: https://www.paloaltonetworks.com/unit42
Threat Research: https://unit42.paloaltonetworks.com/
Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/
LinkedIn: https://www.linkedin.com/company/unit42/
YouTube: @PaloAltoNetworksUnit42
Twitter: https://twitter.com/PaloAltoNtwks
About Threat Vector
Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape.
Palo Alto Networks
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton, Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, and former US Attorney, on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event.
On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.
The indictment alleges that the defendants conspired to hack into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity.
US Attorney Dave Hickton represented the Western District of Pennsylvania and was the signatory on the indictment. His team worked with the FBI Cyber Team in Pittsburgh, PA to bring about this historic action.
Resources:
Press Release: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage
Indictment
5/18/2024 • 44 minutes, 33 seconds
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 2 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency.
Summary
Dr. Ursula Wilder (LinkedIn) joins Andrew (X; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency.
What You’ll Learn
Intelligence
How psychology can be useful to national security
Historical examples of leadership analysis
Leadership personality assessments & the Cuban Missile Crisis
Psychoanalytic theory and espionage
Reflections
Human nature throughout history
History repeating itself
And much, much more …
Quotes of the Week
“Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” – Dr. Ursula Wilder.
Resources
SURFACE SKIM
*SpyCasts*
Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023)
The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023)
SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022)
“How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020)
*Beginner Resources*
What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video]
Psychologists in the CIA, American Psychological Association (2002) [Short article]
7 Reasons to Study Psychology, University of Toronto (n.d.) [Short article]
DEEPER DIVE
Books
Freud and Beyond, S. A. Mitchell (Basic Books, 2016)
Narcissism and Politics: Dreams of Glory, J. M. Post (Cambridge University Press, 2014)
The True Believer: Thoughts on the Nature of Mass Movements, E. Hoffer (Harper Perennial Modern Classics, 2010)
Team of Rivals: The Political Genius of Abraham Lincoln, D. K. Goodwin (Simon & Schuster, 2004)
Leaders, Fools, and Impostors: Essays on the Psychology of Leadership, M. F. R. Kets de Vries (iUniverse, 2003)
Primary Sources
Charles de Gaulle to Pamela Digby Churchill (1942)
Blood, Toil, Tears and Sweat (1940)
Memoirs of Ulysses S. Grant (1885)
Gettysburg Address (1863)
House Divided Speech (1858)
Excerpt on Cleopatra from Plutarch's Life of Julius Caesar (ca. 2nd century AD)
Plutarch’s The Life of Alexander (ca. 2nd century AD)
Appian’s The Civil Wars (ca. 2nd century AD)
Virgil’s The Aeneid (19 B.C.E)
*Wildcard Resource*
On Dreams by Sigmund Freud (1901)
In this simplified version of the father of psychoanalysis’ seminal book The Interpretation of Dreams, you can get a small taste for Freudian philosophy. Freud believed that dreams were a reflection of the subconscious mind and that studying a person’s dreams can elucidate their inner wants and needs. What are your dreams telling you?
3/22/2024 • 1 hour, 9 minutes, 34 seconds
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 1 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency.
Summary
Dr. Ursula Wilder (LinkedIn) joins Andrew (X; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency.
What You’ll Learn
Intelligence
How psychology can be useful to national security
Historical examples of leadership analysis
Leadership personality assessments & the Cuban Missile Crisis
Psychoanalytic theory and espionage
Reflections
Human nature throughout history
History repeating itself
And much, much more …
Quotes of the Week
“Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.”
Resources
SURFACE SKIM
*SpyCasts*
Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023)
The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023)
SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022)
“How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020)
*Beginner Resources*
What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video]
Psychologists in the CIA, American Psychological Association (2002) [Short article]
7 Reasons to Study Psychology, University of Toronto (n.d.) [Short article]
DEEPER DIVE
Books
Freud and Beyond, S. A. Mitchell (Basic Books, 2016)
Narcissism and Politics: Dreams of Glory, J. M. Post (Cambridge University Press, 2014)
The True Believer: Thoughts on the Nature of Mass Movements, E. Hoffer (Harper Perennial Modern Classics, 2010)
Team of Rivals: The Political Genius of Abraham Lincoln, D. K. Goodwin (Simon & Schuster, 2004)
Leaders, Fools, and Impostors: Essays on the Psychology of Leadership, M. F. R. Kets de Vries (iUniverse, 2003)
Primary Sources
Charles de Gaulle to Pamela Digby Churchill (1942)
Blood, Toil, Tears and Sweat (1940)
Memoirs of Ulysses S. Grant (1885)
Gettysburg Address (1863)
House Divided Speech (1858)
Excerpt on Cleopatra from Plutarch's Life of Julius Caesar (ca. 2nd century AD)
Plutarch’s The Life of Alexander (ca. 2nd century AD)
Appian’s The Civil Wars (ca. 2nd century AD)
Virgil’s The Aeneid (19 B.C.E)
*Wildcard Resource*
On Dreams by Sigmund Freud (1901)
In this simplified version of the father of psychoanalysis’ seminal book The Interpretation of Dreams, you can get a small taste for Freudian philosophy. Freud believed that dreams were a reflection of the subconscious mind and that studying a person’s dreams can elucidate their inner wants and needs. What are your dreams telling you?
3/15/2024 • 1 hour, 13 minutes, 33 seconds
“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]
Summary
Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the “Godmother of the Metaverse.”
What You’ll Learn
Intelligence
What the metaverse is
Security and counterintelligence in a virtual world
Futurism within intelligence agencies
Potential risks and consequences of the metaverse
Reflections
How virtual spaces can affect our physical world
The necessity to evolve alongside technology
And much, much more …
Episode Notes
The web will continue to evolve and change with time, but what’s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations?
This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the “Godmother of the Metaverse”
Resources
Featured Resource
Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era, Cathy Hackl (Bloomsbury, 2023)
Metaverse Marketing [Cathy’s podcast]
*Beginner Resources*
What Is the Metaverse, Exactly?, Wired (2022) [Article]
Web 3.0 Explained In 5 Minutes, YouTube (2022) [5 min. Video]
12 new tech terms you need to understand the future, R. Gray, BBC (2018)
*SpyCasts*
How Artificial Intelligence is Changing the Spy Game – with Mike Susong (2022)
Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022)
The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 1 of 2)
The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 2 of 2)
*Wildcard Resource*
Watch the world’s first metaverse music video, Snoop Dogg’s “House I Built,” here!
12/26/2023 • 1 hour, 1 minute, 55 seconds
The CyberWire: The 12 Days of Malware. [Special Edition]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!
The 12 Days of Malware lyrics
On the first day of Christmas, my malware gave to me:
A keylogger logging my keys.
On the second day of Christmas, my malware gave to me:
2 Trojan Apps...
And a keylogger logging my keys.
On the third day of Christmas, my malware gave to me:
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fourth day of Christmas, my malware gave to me:
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fifth day of Christmas, my malware gave to me:
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the sixth day of Christmas, my malware gave to me:
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the seventh day of Christmas, my malware gave to me:
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eighth day of Christmas, my malware gave to me:
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the ninth day of Christmas, my malware gave to me:
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the tenth day of Christmas, my malware gave to me:
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eleventh day of Christmas, my malware gave to me:
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the twelfth day of Christmas, my malware gave to me:
12 Hackers hacking...
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
12/23/2023 • 7 minutes, 28 seconds
CSO Perspectives Bonus: Veterans Day special.
Rick Howard (The Cyberwire’s Chief Analyst, CSO, and Senior Fellow), and the cast of the entire Cyberwire team, honor our U.S. veterans on this special day.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2023 • 17 minutes, 34 seconds
The Malware Mash! [Bonus]
Enjoy this CyberWire classic.
They did the Mash...they did the Malware Mash...
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/30/2023 • 3 minutes, 5 seconds
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/115
Selected reading.
Android GravityRAT goes after WhatsApp backups (ESET)
Quarterly Adversarial Threat Report (Facebook)
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant)
GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos)
Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck)
Darth Vidar: The Aesir Strike Back (Team Cymru)
Tracking Diicot: an emerging Romanian threat actor (Cado Security)
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec)
Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft)
Destructive malware targeting Ukrainian organizations (Microsoft)
6/15/2023 • 28 minutes, 58 seconds
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
SHOW NOTES
This interview from October 28th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
12/30/2022 • 10 minutes, 54 seconds
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
This interview from September 16th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
12/28/2022 • 8 minutes, 25 seconds
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
This interview from September 30th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with MK Palmore from Google Cloud to talk about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
12/27/2022 • 14 minutes, 30 seconds
The CyberWire: The 12 Days of Malware.[Special Editions]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!
The 12 Days of Malware lyrics
On the first day of Christmas, my malware gave to me:
A keylogger logging my keys.
On the second day of Christmas, my malware gave to me:
2 Trojan Apps...
And a keylogger logging my keys.
On the third day of Christmas, my malware gave to me:
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fourth day of Christmas, my malware gave to me:
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fifth day of Christmas, my malware gave to me:
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the sixth day of Christmas, my malware gave to me:
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the seventh day of Christmas, my malware gave to me:
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eighth day of Christmas, my malware gave to me:
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the ninth day of Christmas, my malware gave to me:
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the tenth day of Christmas, my malware gave to me:
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eleventh day of Christmas, my malware gave to me:
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the twelfth day of Christmas, my malware gave to me:
12 Hackers hacking...
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
12/25/2022 • 7 minutes, 28 seconds
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/233
Selected reading.
Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology)
Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future)
Antwerp's city services down after hackers attack digital partner (BleepingComputer)
Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future)
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry)
Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times)
Apiiro’s AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security)
Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB)
12/7/2022 • 28 minutes, 7 seconds
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer."
11/25/2022 • 16 minutes, 26 seconds
CSO Perspectives Bonus: Veterans Day special.
Rick Howard (The Cyberwire’s Chief Analyst, CSO, and Senior Fellow), and the cast of the entire Cyberwire team, honor our U.S. veterans on this special day.
11/11/2022 • 17 minutes, 34 seconds
The Malware Mash! [Bonus]
Enjoy this CyberWire classic.
They did the Mash...the did the Malware Mash...
10/28/2022 • 3 minutes, 5 seconds
Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]
The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, “Is it our fault if they don’t fix things?” While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start.
But the real battle shouldn’t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defenders just not care or does the onus fall on the report? Everyone really wants the same thing: better security. To get there, the primary communication tool between consultant and client, offensive and defensive teams — the pentest report — must be consumable and actionable and tailored to the audience who receives it.
In the first half of this episode of Cyberwire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Hash Table members Amanda Fennell, the CIO and CSO of Relativity, and William MacMillan, the SVP of Security Product and Program Management at Salesforce. In the second half of the episode, Dan DeCloss, the Founder and CEO of episode sponsor PlexTrac, joins Dave Bittner discuss the politics around pentest reporting and how better reports can support real progress.
10/9/2022 • 36 minutes, 24 seconds
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
As we break to observe the Juneteenth holiday, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. In this extended interview, Dave Bittner speaks with FBI Cyber Section Chief David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
6/20/2022 • 16 minutes, 7 seconds
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
As we break to observe Washington's birthday, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. In this extended interview, Dave Bittner speaks with Kenneth Geers from NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine." Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
Afternoon Cyber Tea with Ann Johnson is a CyberWire Network podcast created by Microsoft Security. It's a bi-weekly show that comes out every other Tuesday. We thought you would enjoy this episode in particular and hope you consider subscribing in your favorite podcast app.
Diana Kelly, the co-founder, and CTO of SecurityCurve, a cybersecurity consulting firm, joins Ann Johnson on this episode of Afternoon Cyber Tea. Diana is a globally known security expert who donates much of her time volunteering in the cybersecurity community while also serving on the Association for Computing Machinery Ethics and Plagiarism Committee. Diana talks with Ann about helping inexperienced organizations get up to speed on the cybersecurity landscape, some of the current significant security and privacy hurdles currently plaguing the field, and some of the best practices to assist network defenders and users trying to combat botnet threats.
In This Episode You Will Learn:
How companies can protect themselves from new unsecure devices
When security risks correspond with access management and IoT devices
Why we need security programs to grow to a new level
Some Questions We Ask:
How should network defenders and users combat botnet threats?
What types of universal IoT standards need to be created?
What privacy hurdles are currently plaguing the field of IoT-connected devices?
Resources:
View Diana Kelly on LinkedIn
View Ann Johnson on LinkedIn
Related:
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Listen to: Security Unlocked
Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
2/21/2022 • 29 minutes, 52 seconds
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Jaclyn Miller from NTT, Ltd. on diversity, inclusion and remote access security. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/31/2021 • 13 minutes, 12 seconds
CyberWire Pro Interview Selects: Sir David Omand.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Sir David Omand, former GCHQ Director, on his book, How Spies Think: Ten Lessons in Intelligence.. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/30/2021 • 21 minutes, 35 seconds
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Zan Vautrinot about boards. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/29/2021 • 20 minutes, 17 seconds
CyberWire Pro Interview Selects: Bill Wright of Splunk.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Bill Wright of Splunk on the ongoing geopolitical ransomware trend. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/28/2021 • 9 minutes, 47 seconds
The CyberWire: The 12 Days of Malware.
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!
The 12 Days of Malware lyrics
On the first day of Christmas, my malware gave to me:
A keylogger logging my keys.
On the second day of Christmas, my malware gave to me:
2 Trojan Apps...
And a keylogger logging my keys.
On the third day of Christmas, my malware gave to me:
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fourth day of Christmas, my malware gave to me:
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the fifth day of Christmas, my malware gave to me:
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the sixth day of Christmas, my malware gave to me:
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the seventh day of Christmas, my malware gave to me:
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eighth day of Christmas, my malware gave to me:
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the ninth day of Christmas, my malware gave to me:
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the tenth day of Christmas, my malware gave to me:
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the eleventh day of Christmas, my malware gave to me:
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days! (Bah-dum-dum-dum!)
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
On the twelfth day of Christmas, my malware gave to me:
12 Hackers hacking...
11 Phishers phishing...
10 Darknet markets...
9 Rootkits rooting...
8 Worms a wiping...
7 Scripts a scraping...
6 Passwords spraying...
5 Zero Days!
4 Crypto scams...
3 Web shells...
2 Trojan Apps...
And a keylogger logging my keys.
12/25/2021 • 7 minutes, 28 seconds
CyberWire Pro Research Briefing from 12/21/2021.
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off taking our long winter's nap. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as they’re played out in cyberspace. This week's headlines: US Commission on International Religious Freedom reportedly hacked. Sophistication of NSO exploit on par with nation-state tooling. Conti ransomware actors exploit Log4Shell. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/25/2021 • 9 minutes, 4 seconds
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Hatem Naguib, new CEO of Barracuda Networks, to discuss his views on how cybersecurity trends have drastically changed over the past year, including the rise of ransomware. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
12/24/2021 • 10 minutes, 59 seconds
CyberWire Pro Research Briefing from 11/23/2021
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off recovering from our Thanksgiving feasts. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as they’re played out in cyberspace. This week's headlines: Iranian threat actors target the IT supply chain. North Korean cyberespionage. More information on Emotet's return. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
11/27/2021 • 8 minutes, 18 seconds
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Our team decided to extend our Thanksgiving holiday and thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview October 27th, 2021 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect AD. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.
11/26/2021 • 9 minutes, 1 second
The Malware Mash!
10/29/2021 • 3 minutes, 5 seconds
Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail
The CyberWire partners with Recorded Future's threat intelligence podcast and our Dave Bittner is the host. It's a weekly show that comes out each Monday afternoon. We thought you might want to check it out and are adding it to our feed today. We hope you like it and consider subscribing in your favorite podcast app.
The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run-of-the-mill money scams to targeting phishing, business email compromise, and even espionage.
Recorded Future’s Insikt Group has been following these money trails and correlating them with a spectrum of bad actors around the globe. They recently published their findings in a blog post titled, “Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic.”
On today’s episode we’ve got a pair of Insikt Group analysts joining us to share their expertise. Lindsay Kaye is Director of Operational Outcomes and Charity Wright is a Cyber Threat Intelligence Analyst.
3/24/2021 • 17 minutes, 27 seconds
Encore: You will pay for that one way or another. [Caveat]
Dave's got the story of a landlord who may run afoul of the Computer Fraud and Abuse Act, Ben wonders if the big tech CEOs could be held liable for contact tracking apps, and later in the show my conversation with Joseph Cox. He is a Senior Staff Writer at Motherboard and will be discussing his recent article How Big Companies Spy on Your Emails.
While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.
Links to stories:
Apple and Google CEOs should be held responsible for protecting coronavirus tracking data, says GOP Sen. Hawley
The twitter thread from Dave's story
Got a question you'd like us to answer on our show? You can send your audio file to [email protected] or simply leave us a message at (410) 618-3720. Hope to hear from you.
1/18/2021 • 36 minutes, 9 seconds
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.
The research can be found here:
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
1/2/2021 • 29 minutes, 57 seconds
Andy Greenberg on the Sandworm Indictments. [Interview Selects]
This interview from November 6th, 2020 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Andy Greenberg on the Sandworm Indictments.
1/1/2021 • 17 minutes, 10 seconds
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
12/27/2020 • 7 minutes, 10 seconds
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.
Al Cooley is director of product management at Symantec, and he joins us to share their findings.
The original research can be found here:
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
12/26/2020 • 20 minutes, 27 seconds
Encore: Separating fools from money. [Hacking Humans]
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.
Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.
12/25/2020 • 30 minutes, 2 seconds
Encore: Technology that allows cops to track your phone. [Caveat]
Dave has an update on Baltimore’s spyplane, Ben describes concerns over violations by the FBI, CIA, NSA of FISA court rules, and later in the show our conversation with Kim Zetter on her recent article in The Intercept, titled “How Cops Can Secretly Track Your Phone.” It’s all about stingrays and dirtboxes, so stick around for that.
While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.
Links to stories:
Elizabeth Goitein on Twitter
In appeals court, Baltimore surveillance plane suit gets a mixed reaction
Got a question you'd like us to answer on our show? You can send your audio file to [email protected] or simply leave us a message at (410) 618-3720. Hope to hear from you.
Thanks to our sponsor, KnowBe4.
12/24/2020 • 49 minutes, 8 seconds
Encore: Using global events as lures for malicious activity.
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them.
This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot to enticing a user to help you. In today's threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They've tried a multitude of different tactics in this space, but one always stands out — current events.
Joining us on this week's Research Saturday from Craig Williams from Cisco's Talos Outreach team to walk us through how current events are used as lures.
The research and blog post can be found here:
Adversarial use of current events as lures
11/28/2020 • 22 minutes, 52 seconds
The Malware Mash!
10/30/2020 • 3 minutes, 5 seconds
Solving hard problems and pursuing your passions. [Career Notes]
CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us.
7/5/2020 • 7 minutes, 48 seconds
Extending security tools to the at home workforce during the pandemic. [Research Saturday]
In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the show. Thanks to our sponsor, Juniper Networks.
5/31/2020 • 29 minutes, 22 seconds
Complementary colors: teaming tactics in cybersecurity. [Research Saturday]
We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for organizations large and small. Join us for a lively conversation with our experts Austin Scott from Dragos, and Caleb Barlow, from Cynergistek in part one. In part 2, we’ll also hear from Dan DeCloss from Plextrac, the sponsor of today’s episode.
4/19/2020 • 27 minutes, 27 seconds
Case studies in risk and regulation. [CyberWire-X]
In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned.
Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak.
Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
1/30/2019 • 32 minutes, 12 seconds
Risk and regulation in the financial sector. [CyberWire-X]
In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust?
Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute.
Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
12/21/2018 • 29 minutes, 8 seconds
Settling in with GDPR. [CyberWire-X]
In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018.
Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF.
Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
12/3/2018 • 29 minutes, 54 seconds
Regulation in the U.S. [CyberWire-X}
In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S.
Joining us are Dr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC.
Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.