Podcast appearances and mentions of Rick Howard

  • 57PODCASTS
  • 325EPISODES
  • 27mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Sep 26, 2022LATEST

POPULARITY

20152016201720182019202020212022


Best podcasts about Rick Howard

Latest podcast episodes about Rick Howard

CSO Perspectives (public)
Pt 1 – Introducing Rick the Toolman Series: Mitre ATT&CK.

CSO Perspectives (public)

Play Episode Listen Later Sep 26, 2022 26:38


In this episode of CSO Perspectives, Rick Howard examines the MITRE ATT&CK® framework for the security executive. Rick explains how your infosec team can use it to support your intrusion kill chain strategy. More importantly, Rick describes the framework in terms that busy security executives can understand. For a complete reading list and even more information, check out Rick's more detailed essay on the topic.

The CyberWire
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.

The CyberWire

Play Episode Listen Later Sep 26, 2022 30:27


Unrest in Iran finds expression in cyberspace. Albania explains its reasons for severing relations with Iran. Cybercrime in the hybrid war. Rick Howard on risk forecasting with data scientists. Dave Bittner sits down with Dr. Bilyana Lilly to discuss her new book: "Russian Information Warfare: Assault on Democracies in the Cyber Wild West."And there seems to have been an arrest in the Uber and Rockstar breaches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/185 Selected reading. Iran's War Within (Foreign Affairs) Iran's Hijab Protests Have Lit a Fire the Regime Can't Put Out (World Politics Review)  ‘Something big is happening': the Iranians risking everything to protest (the Guardian) Dissident: 'Iranian women are furious' over headscarf death (AP NEWS) OpIran: Anonymous declares war on Teheran amid Mahsa Amini's death (Security Affairs) IDF official says military foiled ‘dozens' of Iran cyberattacks on civilian sites (Times of Israel) Analysis | 'Our Conflict With Iran Is Unparalleled', Say Israel's Elite Cyber Unit Commanders (Haaretz)  US Issues License to Expand Internet Access for Iranians (VOA) US Treasury carves out Iran sanctions exceptions for internet providers (The Record by Recorded Future)  Iran and Albania: diplomacy and cyber operations (CyberWire) Ukraine dismantles hacker gang that stole 30 million accounts (BleepingComputer)  The SBU neutralized a hacker group that "hacked" almost 30 million accounts of Ukrainian and EU citizens (SSU) Les détails personnels de stars, dont Sir David Attenborough et Sarah Ferguson, ont été divulgués après le piratage d'un magasin bio par des escrocs russes (News 24)  London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches (The Hacker News) UK teen suspected of Uber and Rockstar hacks arrested (Computing) 

The CyberWire
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.

The CyberWire

Play Episode Listen Later Sep 19, 2022 29:43 Very Popular


An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. Grayson Milbourne of Webroot on the arms race for vulnerabilities. Rick Howard continues his exploration of cyber risk. And risky piracy sites–that's on the Internet, kids, not the high seas. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/180 Selected reading. Developments in the case of the Uber breach. (CyberWire) Preliminary lessons from the Uber breach. (CyberWire) Uber says “no evidence” user accounts were compromised in hack (The Verge) Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This (The Hacker News) Uber apparently hacked by teen, employees thought it was a joke (The Verge) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) The Uber Hack's Devastation Is Just Starting to Reveal Itself (WIRED)  Uber was breached to its core, purportedly by an 18-year-old. Here's what's known (Ars Technica) Uber hacked by teen who annoyed employee into logging them in - report (Jerusalem Post) 18-year-old allegedly hacks Uber and sends employees messages on Slack (Interesting Engineering) Uber Investigating Massive Security Breach by Alleged Teen Hacker (Gizmodo) Uber cyber attack: protecting against social engineering (Information Age) Threat actor breaches many of Uber's critical systems (Cybersecurity Dive) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) Uber confirms hack in the the latest access and identity nightmare for corporate America (SC Media) Uber hacked, attacker tears through the company's systems (Help Net Security) Uber confirms it is investigating cybersecurity incident (The Record by Recorded Future) UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you (Naked Security) Emotet and other malware delivery systems. (CyberWire) Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer) AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 (AdvIntel) August's Top Malware: Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index (Check Point Software) How Belarusian hacktivists are using digital tools to fight back (The Record by Recorded Future) Malvertising on piracy sites. (CyberWire) Unholy Triangle (Digital Citizens' Alliance) Piracy Advertising Researchers Fall Victim to Ransomware Attacks (TorrentFreak)

CSO Perspectives (public)
Introducing the cyberspace sand table series: The DNC compromise.

CSO Perspectives (public)

Play Episode Listen Later Sep 19, 2022 30:10


The 2016 DNC hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the DNC hack on the cyber sand table to see what might have been done differently with host Rick Howard, the CyberWire's CSO and Chief Analyst. For a complete reading list and even more information, check out Rick's more detailed essay on the topic.

Hacking Humans
It pays to do your research. [Hacking Humans Goes to the Movies}

Hacking Humans

Play Episode Listen Later Sep 18, 2022 31:28 Very Popular


Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group – you may know her on Twitter as @Infosecsherpa. Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Tracy's clips from "Working Girl" Elevator scene Tess and Jack gatecrash a wedding scene Joe's clip from "Oceans 8"

The CyberWire
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.

The CyberWire

Play Episode Listen Later Sep 12, 2022 31:27 Very Popular


Albania reports additional cyberattacks from Iran over the weekend. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet. Kinetic strikes hit Ukraine's infrastructure. Rick Howard calculates risk with classic mathematical theorems. Tim Eades from Cyber Mentor Fund on the dynamic nature of the attack surface. And a look into the cyber phase of the hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/175 Selected reading. Albania blames Iran for second cyberattack since July (CNN) Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities (US Department of the Treasury) Iran strongly condemns US sanctions over Albania hacking (Al Arabiya) Six months into Breached: The legacy of RaidForums? (KELA) 2022 State of the Internet Report (Censys) Ukraine hails snowballing offensive, blames Russia for blackouts (Reuters) Ukraine says Russia is retaliating by hitting critical infrastructure, causing blackouts. (New York Times) Last reactor at Ukraine's Zaporizhzhia nuclear plant stopped (Associated Press) Ukraine Warns Russian Cyber Onslaught Is Coming (Voice of America) Montenegro wrestles with massive cyberattack, Russia blamed (ABC News) CyberCube: Russia's Sovereign Internet Creates Security Risks With Implications for Cyber (Re)Insurance While War in Ukraine Develops (Associated Press)

CSO Perspectives (public)
Security compliance around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Sep 12, 2022 28:50


Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” On the Hash Table, Tom Quinn of T. Rowe Price argues for why compliance is both good for business and good for security. Cybersecurity professional development and continued education. You will learn about: privacy and security compliance, compliance support services, the value of investing in compliance, CyberWire's spreadsheet of cybersecurity laws and standards  CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more compliance and cybersecurity first principles resources, check the topic essay.

The CyberWire
A CSO's 9/11 Story: CSO Perspectives Bonus.

The CyberWire

Play Episode Listen Later Sep 11, 2022 28:33


From the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire's CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. CyberWire Pro subscribers also get exclusive access to Rick's original 2001 essay with notes from the day of the attack. If you would like to check that out, you can subscribe today.

The CyberWire
New CISO responsibilities: supply chain. [CSO Perspectives]

The CyberWire

Play Episode Listen Later Sep 5, 2022 24:43


Rick Howard, the Cyberwire's CSO and Chief Analyst, is joined by Hash Table members Ann Johnson, Microsoft's Corporate VP on Security, Compliance, & Identity, and Ted Wagner, the SAP National Security Services CISO, t0 discuss supply chain as a new CISO responsibility.

CSO Perspectives (public)
Security compliance and cybersecurity first principles.

CSO Perspectives (public)

Play Episode Listen Later Sep 5, 2022 16:54


Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” Cybersecurity professional development and continued education. You will learn about: privacy and security compliance, compliance support services, the value of investing in compliance, CyberWire's spreadsheet of cybersecurity laws and standards  CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more compliance and cybersecurity first principles resources, check the topic essay.

The CyberWire
Securing multi-cloud identity with orchestration. [CyberWire-X]

The CyberWire

Play Episode Listen Later Sep 1, 2022 31:37 Very Popular


While multi-cloud brings significant benefits, it also poses serious security risks. And identity is the reason. Each cloud platform, such as Azure, Google, and AWS, uses proprietary identity systems, and the lack of interoperability makes it unruly to manage. These disparate systems can't talk to each other resulting in a fragmented environment full of identity silos — the perfect way for an attacker to get in and cause destruction. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten, the CISO for Healthcare Enterprises and Centene. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Strata Identity's CEO and Co-founder Eric Olden. Both sets of discussions center around the challenges to identity management caused by the rapid shift to multi-cloud. 

The CyberWire
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.

The CyberWire

Play Episode Listen Later Aug 29, 2022 24:15 Very Popular


Russian cyber operations in Southeastern Europe. The challenge of containing the cyber phases of a hybrid war. Russian and Chinese cyber activity in Latin America. Greenwashing influence operations. Rick Howard looks at risk probabilities. Dinah Davis from Arctic Wolf looks at ransomware payment myths. And an Iranian threat actor exploits Log4j vulnerabilities against Israeli targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/166 Selected reading. Russia blamed for wave of hacker attacks in Southeast Europe (BNE) Montenegro declares it is in 'hybrid war' with Russia after massive cyber attack (Metro) Montenegro reports massive Russian cyberattack against govt (ABC News) Montenegro Reports Massive Russian Cyberattack Against Govt (AP via SecurityWeek) Montenegro's state infrastructure hit by cyber attack -officials (Reuters)  Cyber Element in the Russia-Ukraine War & its Global Implications (Modern Diplomacy) Swiss secret service worried about Russian cyber operations (SWI swissinfo.ch) China and Russia Step Up Cyber Presence in Latin America (Diálogo Américas) Dominican Republic refuses to pay ransom after attack on agrarian institute (The Record by Recorded Future)  China-Linked Bots Attacking Rare Earths Producer ‘Every Day' (Bloomberg)  Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations (The Hacker News) MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations (Microsoft Threat Intelligence Center) Iran exploiting Log4j 2 weakness to attack Israel, says Microsoft (Israel Defense)

The CyberWire
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.

The CyberWire

Play Episode Listen Later Aug 22, 2022 22:16 Very Popular


Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon. Rick Howard on the RSA Security Breach of 2011 and the Equifax breach of 2017. Caleb Barlow on what does a recession mean for cyber security venture capital and what is the impact of this on the industry? And data-tampering attacks are regarded as a growing risk. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/158 Selected reading. WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware (BleepingComputer) Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads (Sucuri Blog) Car blast kills daughter of Russian known as 'Putin's brain' (AP NEWS) Russia blames Kyiv for killing daughter of ‘Putin's Rasputin', but the truth may be closer to home (The Telegraph) Alexander Dugin's daughter killed by anti-war Russians: Former state deputy (Newsweek) Estonia Repels Biggest Cyber-Attack Since 2007 (Infosecurity Magazine)  Estonia's Battle Against a Deluge of DDoS Attacks (Infosecurity Magazine) Latvia Starts Removing Soviet Monument in Challenge to Russia (Bloomberg) Data-tampering attacks are a 'nightmare' threat that's hard to detect (Protocol)

CSO Perspectives (public)
Adversary playbooks around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Aug 22, 2022 31:34


Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. With the world of cyber defense and threat intelligence upside down, Rick and the Hash Table discuss the history of shifting the offense/defense balance, the three components of a proactive defense, and the evolution of adversary playbooks and the intrusion kill chain. with Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Ryan Olson, the Palo Alto Networks VP on Threat Intelligence (Unit 42). They discuss the history and next steps for the adversary playbook concept. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a proactive defense, ISACs and ISAOs CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more adversary playbooks and cybersecurity first principles resources, check the topic essay.

The CyberWire
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.

The CyberWire

Play Episode Listen Later Aug 15, 2022 26:11 Very Popular


Shuckworm maintains its focus on Ukrainian targets. Killnet's DDoS and dubious proof-of-work. Iron Tiger's supply chain campaign. TikTok and national security. Dinah Davis from Arctic Wolf shares insights on Dark Utilities. Rick Howard digs into identity management. And an arrest in the case of the Tornado Cash crypto mixer. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/154 Selected reading. Shuckworm: Russia-Linked Group Maintains Ukraine Focus (Symantec) Killnet Releases 'Proof' of its Attack Against Lockheed Martin (SecurityWeek)  Killnet greift lettisches Parlament an (Tagesspiegel) Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (Trend Micro) How Frustration Over TikTok Has Mounted in Washington (New York Times) 3 ways China's access to TikTok data is a security risk (CSO Online) Arrest of suspected developer of Tornado Cash (FIOD) Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer (The Hacker News) Arrested Tornado Cash developer is Alexey Pertsev, his wife confirms (The Block)

CSO Perspectives (public)
Adversary playbooks and cybersecurity first principles.

CSO Perspectives (public)

Play Episode Listen Later Aug 15, 2022 22:13


Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a proactive defense, ISACs and ISAOs CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more adversary playbooks and cybersecurity first principles resources, check the topic essay.

The CyberWire
Red teamer's perspective on demotivating attackers. [CyberWire-X]

The CyberWire

Play Episode Listen Later Aug 14, 2022 26:24 Very Popular


Cybercriminals are motivated by one simple incentive - money. Their favorite tools are bots to leverage sophistication, scalability, and ease of use. The effect is the creation of the underground bot ecosystem. This community allows threat actors to work together and continually improve their tactics. They sell bypasses for rule-based anti-bot solutions to other less technical fraudsters. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Etay Maor. Cato Networks' Senior Director Security Strategy. They discuss this reality that has put defenders at a serious disadvantage and the mitigation steps to consider for future attacks.. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Kasada's founder Sam Crowther talking about what he saw first-hand as a red teamer at a major Australian bank and what inspired him to reimagine bot mitigation with the founding principle of undermining the attacker's ROI.

The CyberWire
Cybersecurity is a team sport. [CyberWire-X]

The CyberWire

Play Episode Listen Later Aug 9, 2022 33:14 Very Popular


In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport–united for a shared mission. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by two Hash Table members, Ted Wagner, CISO at SAP National Security Services, and Jenn Reed, CISO at Aviatrix. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor ExtraHop's Senior Product Marketing Manager, Chase Snyder, and CrowdStrike's Head of Product Marketing, Janani Nagarajan .They discuss why and how vendors should work together to enable better integrated security for their customers. They'll answer questions like “what is XDR?” and “how do I get my vendors to work together?”. 

The CyberWire
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.

The CyberWire

Play Episode Listen Later Aug 8, 2022 26:30 Very Popular


Shifting cyber threats during Russia's war against Ukraine. A Twitter exploit may have compromised more than 5 million accounts. A Cyberattack disrupts NHS 111. Developments in the C2C market. An alleged Russian cryptocurrency exchange operator is extradited to the US. Rick Howard looks at FinTech. Andrea Little Limbago from Interos on Industrial policy and the tech divide. And a Crypto mixing service has been sanctioned by the US Treasury Department. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/150 Selected reading. ESET Threat Report T 1 2022 (WeLiveSecurity)  Twitter confirms zero-day used to expose data of 5.4 million accounts (BleepingComputer) NHS 111 software outage confirmed as cyber-attack (BBC News)  Ministers coordinate response after cyber-attack hits NHS 111 (the Guardian) Thousands of hackers flock to 'Dark Utilities' C2-as-a-Service (BleepingComputer) Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns (Cisco Talos) Genesis Brings Polish to Stolen-Credential Marketplaces (Sophos) Cyber-related Designation (U.S. Department of the Treasury) U.S. imposes sanctions on virtual currency mixer Tornado Cash (Reuters) Crypto Mixing Service Tornado Cash Blacklisted by US Treasury (CoinDesk) Alleged Russian Cryptocurrency Money Launderer Extradited to United States (US Department of Justice) Russian accused of money laundering and running $4B bitcoin exchange extradited to US | CNN Politics (CNN)

CSO Perspectives (public)
Orchestrating the security stack around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Aug 8, 2022 20:44


Orchestrating the security stack is a cybersecurity first principle strategy. Our security stack has grown unwieldy. The complexity breeds vulnerability. Orchestration may be our only hope. Rick reviews SOAR/SIEM platforms, SASE, and DevSecOps strategies from the perspective of orchestrating the security stack. He discovers key methods to build zero trust, intrusion kill chain prevention, resiliency, and risk forecasting within these tools. The Hash Table identifies data governance and policy strategy as a crucial first step. They also talk about the first principles of speaking with the C-suite, as well as the darkside of automation and orchestration. With Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Bob Turner, the Fortinet Field CISO for Education, and Kevin Magee, the CSO for Microsoft Canada, discuss orchestration as a first principle strategy. Cybersecurity professional development and continued education. You will learn about: SOAR/SIEM and SASE for large scale orchestration, data governance, the three components of a good SASE platform, data materiality and gap analyses, the dark side of automation CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more orchestration and cybersecurity first principles resources, check the topic essay.

The CyberWire
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.

The CyberWire

Play Episode Listen Later Aug 1, 2022 28:35 Very Popular


KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp. Rick Howard previews season ten of the CSO Perspectives podcast. Our guest is Nate Kharrl of SpecTrust on deploying fraud detection at the gateway. And a heartfelt farewell to a woman who's inspiration lives on. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/146 Selected reading. Cyberactivist Group Killnet Declares War on Lockheed Martin (Sputnik) Russian Hackers Target U.S. HIMARS Maker in 'New Type of Attack': Report (Newsweek) Founder of pro-Russian hacktivist Killnet quitting group (SC Magazine)  Huge network of 11,000 fake investment sites targets Europe (BleepingComputer) Microsoft links Raspberry Robin malware to Evil Corp attacks (BleepingComputer)  Microsoft ties novel ‘Raspberry Robin' malware to Evil Corp cybercrime syndicate (The Record by Recorded Future) FakeUpdates malware delivered via Raspberry Robin has possible ties to EvilCorp (SC Magazine) Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself (Microsoft Security) Australia charges dev of Imminent Monitor RAT used by domestic abusers (BleepingComputer)  Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege (the Guardian)

CSO Perspectives (public)
Orchestrating the security stack and cybersecurity first principles.

CSO Perspectives (public)

Play Episode Listen Later Aug 1, 2022 19:49


Orchestrating the security stack is a cybersecurity first principle strategy. Our security stack has grown unwieldy. The complexity breeds vulnerability. Orchestration may be our only hope. Rick reviews SOAR/SIEM platforms, SASE, and DevSecOps strategies from the perspective of orchestrating the security stack. He discovers key methods to build zero trust, intrusion kill chain prevention, resiliency, and risk forecasting within these tools. Cybersecurity professional development and continued education. You will learn about: SOAR/SIEM and SASE for large scale orchestration, data governance, the three components of a good SASE platform, data materiality and gap analyses, the dark side of automation CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more orchestration and cybersecurity first principles resources, check the topic essay.

The CyberWire
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.

The CyberWire

Play Episode Listen Later Jul 29, 2022 27:58 Very Popular


Anonymous's hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Phishing in the IPFS. Update on the initial access criminal-to-criminal market and its effect on MSPs. Cyber gangs move away from malicious macros. Thomas Etheridge from CrowdStrike on managed detection and response. Rick Howard sits down with Art Poghosyan from Britive to discuss DevSecOps and Identity Management. And Rewards for Justice seeks some righteous snitches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/145 Selected reading. Putin 'embarrassed' as hackers launch cyber war on Russian President over Ukraine invasion (Express.co.uk) Is Anonymous Rewriting the Rules of Cyberwarfare? Timeline of Their Attacks Against the Russian Government (Website Planet)  HolyGhost's Bargain Basement Approach To Ransomware (Digital Shadows) IPFS: The New Hotbed of Phishing (Trustwave) Threat Advisory: Hackers Are Selling Access to MSPs (Huntress) We're currently monitoring a situation that entails a hacker selling access to an MSP with access to 50+ customers, totaling 1,000+ servers. Experts warn of hacker claiming access to 50 U.S. companies through breached MSP (The Record by Recorded Future) How Threat Actors Are Adapting to a Post-Macro World (Proofpoint) Rewards for Justice – Reward Offer for Information on Russian Interference in U.S. Elections (United States Department of State)

CSO Perspectives (public)
Enterprise backups around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Jul 25, 2022 23:07


Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. The Hash Table provides tangible enterprise backup strategies that encompass centralized, decentralized, and DevSecOps techniques, business continuity and disaster recovery plans, and engaging the Executive team in crisis scenarios and recovery training. In data backups, nothing is easy, but Rick breaks it down to first principles and makes it understandable. With Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Jerry Archer, the Sallie Mae CSO, and Jaclyn Miller, the CISO for NTT, discuss enterprise backups as a first principle strategy. Cybersecurity professional development and continued education. You will learn about: backup tools and platforms, workflow responsibilities and models, disaster recovery and business continuity plans, backups as a tool to improve resilience CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more enterprise backups and cybersecurity first principles resources, check the topic essay.

The CyberWire
The great overcorrection: shifting left probably left you vulnerable. Here's how you can make it right. [CyberWire-X]

The CyberWire

Play Episode Listen Later Jul 24, 2022 26:58 Very Popular


Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, talks with two Hash Table members, Centene's VP and CISO for Healthcare Enterprises, Rick Doten, and Akamai's Advisory CISO, Steve Winterfeld. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Invicti's Chief Product Officer, Sonali Shah. They discuss the challenges and misunderstandings around shifting left, and provide tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle.

The CyberWire
Cyber phases of Russia's hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.

The CyberWire

Play Episode Listen Later Jul 20, 2022 31:47 Very Popular


What's Russia up to in cyberspace, nowadays? Belgium accuses China of cyberespionage. LockBit ransomware spreading through compromised servers. Malek Ben Salem from Accenture explains the Privacy Enhancing Technologies of Federated Learning with Differential Privacy guarantees. Rick Howard speaks with Rob Gurzeev from Cycognito on Data Exploitation. And Micodus GPS tracker vulnerabilities should motivate the user to turn the thing off. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Continued cyber activity in Eastern Europe observed by TAG (Google) Declaration by the High Representative on behalf of the European Union on malicious cyber activities conducted by hackers and hacker groups in the context of Russia's aggression against Ukraine (European Council) China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors (Federal Public Service Foreign Affairs)  Déclaration du porte-parole de l'Ambassade de Chine en Belgique au sujet de la déclaration du gouvernement belge sur les cyberattaques (Embassy of the People's Republic of China in the Kingdom of Belgium) LockBit: Ransomware Puts Servers in the Crosshairs (Broadcom Software Blogs | Threat Intelligence) Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720) (BitSight) CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker (CISA)

The CyberWire
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.

The CyberWire

Play Episode Listen Later Jul 19, 2022 30:06 Very Popular


A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeting today addresses the cyber workforce. Ben Yelin looks at our right to record police. Our guest is Tim Knudsen, Director of Product Management for Zero Trust at Google Cloud, speaking with Rick Howard. And another trend we'd like to be included out of. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive (Unit 42) Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say (CyberScoop) Russian SVR hackers use Google Drive, Dropbox to evade detection (BleepingComputer)  Ukraine's spy problem runs deeper than Volodymyr Zelensky's childhood friend (The Telegraph)  Albanian government websites go dark after cyberattack (Register)  On Google Play, Joker, Facestealer, & Coper Banking Malware (Zscaler)  Justice Department seizes $500K from North Korean hackers who targeted US medical organizations (CNN)  Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors (US Federal Bureau of Investigation) Announcement of White House National Cyber Workforce and Education Summit | The White House (The White House) Fortinet Announces Free Training Offering for Schools at White House Cyber Workforce and Education Summit (Fortinet) Not your average side hustle: the women making thousands from 'pay pigs' who enjoy being financially dominated (Business Insider)

CSO Perspectives (public)
Enterprise backups and cybersecurity first principles.

CSO Perspectives (public)

Play Episode Listen Later Jul 18, 2022 17:06


Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. In data backups, nothing is easy, but Rick breaks it down to first principles and makes it understandable. Cybersecurity professional development and continued education. You will learn about: backup tools and platforms, workflow responsibilities and models, disaster recovery and business continuity plans, backups as a tool to improve resilience CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more enterprise backups and cybersecurity first principles resources, check the topic essay.

The CyberWire
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]

The CyberWire

Play Episode Listen Later Jul 17, 2022 28:41 Very Popular


On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday – Stuxnet, the Ukraine Power Grid Attack – were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus – and then took things to the next level with Double Extortion Ransomware. When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak data if they don't receive payment. We've seen with ransomware groups like Maze that they will follow through with publishing private information if not paid. In the first part of the show, Rick Howard, the CyberWire's CSO, Chief Analyst, and Senior Fellow, talks with Wayne Moore, Simply Business' CISO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Nathan Hunstad, episode sponsor Code42's Deputy CISO. They discuss how classic ransomware protection such as offsite backups are no longer enough. They explain that Double Extortion means that you need to understand what data has been stolen and weigh the cost of paying with the cost of your data going public.

The CyberWire
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.

The CyberWire

Play Episode Listen Later Jul 11, 2022 27:21 Very Popular


More deniable DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. A callback phishing campaign impersonates security companies. The Anubis Network is back. Thomas Etheridge from CrowdStrike on the importance of outside threat hunting. Rick Howard weighs in on sentient AI. And a ransomware gang ups the ante. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/130 Selected reading. Pro-Russian cybercriminals briefly DDoS Congress.gov (CyberScoop) Lithuania's state-owned energy group hit by 'biggest cyber attack in a decade' (lrt.lt) Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Russian ‘Hacktivists' Are Causing Trouble Far Beyond Ukraine (Wired - 07-11-2022)  Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News) Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop) Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies (CrowdStrike) Anubis Networks is back with new C2 server (Security Affairs) BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands(Help Net Security) Resecurity - BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands (Resecurity)

CSO Perspectives (public)
Enterprise encryption around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Jul 11, 2022 22:48


Enterprise encryption is a cybersecurity first principle strategy. Encryption is like mortar to our first principle wall. It holds together resilience and zero trust for material data. Rick explains the history of famous cryptographic techniques, dives into SolarWinds as an example of zero trust and encryption failure, and identifies some strategies to help implement encryption for data at rest and data in motion. The Hash Table reveals a risk-based approach to deploying encryption and makes a solid case for extensive enterprise encryption to defend against ransomware extortion. With Rick Howard, the Cyberwire's CSO and Chief Analyst, joined by Don Welch, the Penn State University Interim VP for IT and CIO, and Wayne Moore, the Simply Business CISO discuss Enterprise encryption as a first principle strategy. Cybersecurity professional development and continued education. You will learn about: cryptographic techniques, data at rest and in motion, encryption for data islands, open source and commercial encryption tools, protection against ransomware and extortion. CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more encryption and cybersecurity first principles resources, check the topic essay.

CSO Perspectives (public)
Enterprise encryption and cybersecurity first principles.

CSO Perspectives (public)

Play Episode Listen Later Jul 4, 2022 22:46


Enterprise encryption is a cybersecurity first principle strategy. Encryption is like mortar to our first principle wall. It holds together resilience and zero trust for material data. Rick explains the history of famous cryptographic techniques, dives into SolarWinds as an example of zero trust and encryption failure, and identifies some strategies to help implement encryption for data at rest and data in motion. Cybersecurity professional development and continued education. You will learn about: cryptographic techniques, data at rest and in motion, encryption for data islands, open source and commercial encryption tools, protection against ransomware and extortion. CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more encryption and cybersecurity first principles resources, check the topic essay.

The CyberWire
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.

The CyberWire

Play Episode Listen Later Jun 30, 2022 30:35 Very Popular


Killnet hits Norwegian websites. Hacktivists are tied to Russia's government. Amunet as a case study in C2C market differentiation. C2C commodification extends to script kiddies. Andrea Little Limbago from Interos examines borderless data. Rick Howard speaks with Cody Chamberlain from NetSPI on Breach Communication. Roscosmos publishes locations of Western defense facilities…and subsequently says it sustained a DDoS attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/125 Selected reading. Pro-Russian hacker group says it attacked Norway (The Independent Barents Observer) Cyberattack hits Norway, pro-Russian hacker group fingered (AP NEWS) Norway blames "pro-Russian group" for cyber attack (Reuters) Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists' (Bloomberg) Market Differentiation: Cybercriminal Forums' Unusual Features Designed To Attract Users (Digital Shadows) Minors Use Discord Servers to Earn Extra Pocket Money Through Spreading Malware (PR Newswire) Russia publishes Pentagon coordinates, says Western satellites 'work for our enemy' (Reuters) Russian Space Agency Targeted in Cyberattack (Wall Street Journal) Cyberattack hits Russian space agency site after sharing NATO photos (Jerusalem Post)

The CyberWire
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.

The CyberWire

Play Episode Listen Later Jun 27, 2022 25:15 Very Popular


Lithuania sustains a major DDoS attack. Lessons from NotPetya. Conti's brand appears to have gone into hiding. Online extortion now tends to skip the ransomware proper. Josh Ray from Accenture on how social engineering is evolving for underground threat actors. Rick Howard looks at Chaos Engineering. US financial institutions conduct a coordinated cybersecurity exercise. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/122 Selected reading. Russia's Killnet hacker group says it attacked Lithuania (Reuters) The hacker group KillNet has published an ultimatum to the Lithuanian authorities (TDPel Media)  5 years after NotPetya: Lessons learned (CSO Online)  The cyber security impact of Operation Russia by Anonymous (ComputerWeekly) Conti ransomware finally shuts down data leak, negotiation sites (BleepingComputer) The Conti Enterprise: ransomware gang that published data belonging to 850 companies (Group-IB) Fake copyright infringement emails install LockBit ransomware (BleepingComputer) NCC Group Monthly Threat Pulse – May 2022 (NCC Group) We're now truly in the era of ransomware as pure extortion without the encryption (Register) Wall Street Banks Quietly Test Cyber Defenses at Treasury's Direction (Bloomberg)

CSO Perspectives (public)
CxO professional development.

CSO Perspectives (public)

Play Episode Listen Later Jun 27, 2022 27:44


Rick Howard, the CyberWire's CSO and Chief Analyst, is joined by Hash Table members Gary McAlum, former USAA CSO, and Dawn Cappelli, the Rockwell Automation CISO, to discuss CxO professional development.

The CyberWire
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it ain't so, Dmitry.

The CyberWire

Play Episode Listen Later Jun 22, 2022 29:55 Very Popular


Fancy Bear sighted in Ukrainian in-boxes. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT is active in European and Asian networks. ICEFALL ICS vulnerabilities described. CISA issues ICS vulnerability advisories. Europol makes nine collars. Andrea Little Limbago from Interos on The global state of data protection and sharing. Rick Howard speaks with Michelangelo Sidagni from NopSec on the Future of Vulnerability Management. We are shocked, shocked, to hear of corruption in the FSB For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/119 Selected reading. Ukrainian cybersecurity officials disclose two new hacking campaigns (CyberScoop)  Ukraine Warns of New Malware Campaign Tied to Russian Hackers (Bloomberg Law)  Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware (BleepingComputer)  Opinion How Russia's vaunted cyber capabilities were frustrated in Ukraine (Washington Post)  New Toddycat APT Targets MS Exchange Servers in Europe and Asia (Infosecurity Magazine)  Microsoft Exchange servers hacked by new ToddyCat APT gang (BleepingComputer) OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout) From Basecamp to Icefall: Secure by Design OT Makes Little Headway (SecurityWeek) Dozens of vulnerabilities threaten major OT device makers (Cybersecurity Dive)  CISA releases 6 Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency)  Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands (Europol) Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера (TASS)

Hacking Humans
Intrusion Kill Chain (noun) [Word Notes]

Hacking Humans

Play Episode Listen Later Jun 21, 2022 7:16


A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain Audio reference link: "Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.

CSO Perspectives (public)
How to buy security products.

CSO Perspectives (public)

Play Episode Listen Later Jun 20, 2022 23:00


Rick Howard, the Cyberwire's CSO and Chief Analyst, is joined by Hash Table members Helen Patton, CISO for Duo Security's Advisory, and Nikk Gilbert, CISO for the Cherokee Nation Businesses, to discuss how to buy security products.

The CyberWire
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the war's effect on the underworld.

The CyberWire

Play Episode Listen Later Jun 14, 2022 26:39 Very Popular


Dealing with the GRU's exploitation of the Follina vulnerabilities. SeaFlower uses stolen seed phrases to rifle cryptocurrency wallets. Ukraine moves sensitive data abroad. Anonymous claims to have hacked Russia's drone suppliers and to have hit sensitive targets in Belarus. Rick Howard reports on an NSA briefing at the RSA Conference. Our guest is Ricardo Amper from Incode with a look at biometrics in sports stadiums. And the effects of war on the cyber underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/114 Selected reading. Follina flaw being exploited by Russian hackers, info stealers (Computing)  Chinese Hackers Adding Backdoor to iOS, Android Web3 Wallets in 'SeaFlower' Campaign (SecurityWeek) How SeaFlower...installs backdoors in iOS/Android web3 wallets to steal your seed phrase (Medium)  Ukraine Has Begun Moving Sensitive Data Outside Its Borders (Wall Street Journal)  Anonymous claims hack on Russian drones (Computing)  How the Cybercrime Landscape has been Changed following the Russia-Ukraine War (Kela)

The CyberWire
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.

The CyberWire

Play Episode Listen Later Jun 13, 2022 27:00 Very Popular


A Chinese APT deploys a new cyberespionage tool. Hacktivism roils India after a politician's remarks about the Prophet. Ukraine reports a "massive" spam campaign against the country's media organizations. A Russian court fines Wikimedia for "disinformation." From the NSA's Cybersecurity Collaboration Center our guests are Morgan Adamski and Josh Zaritsky. Rick Howard sets the cyber sand table on Colonial Pipeline. And the Martians haven't landed, and the Right Honorable Mr. Johnson is still PM. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/113 Selected reading. CERT-UA warns of cyberattack on Ukrainian media (Interfax-Ukraine) Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer) Massive cyber attack on media organizations of Ukraine using the malicious program CrescentImp (CERT-UA # 4797) (CERT-UA) Wikimedia Foundation appeals Russian fine over Ukraine war articles (The Verge) GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (Unit42) Prophet remark: Slew of cyber attacks on Indian govt, private sites (The Times of India) 70 Indian government, private websites face international cyber attacks over Prophet row (The Times of India) Channel 4 faces Ofcom probe over 'emergency news' stunt to promote cyber attack drama The Undeclared War (INews)

The CyberWire
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus

The CyberWire

Play Episode Listen Later Jun 7, 2022 26:55 Very Popular


DDoS as a weapon in a hybrid war. Resilience in the defense of critical infrastructure. Offensive cyber operations against Russia. LockBit claims to have hit Mandiant, but their claim looks baseless. Rick Howard joins us with thoughts on trends he's tracking at the RSA conference. Our guest is Dr. Diane Janosek from NSA with insights on personal resilience. Effects of ransomware on businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/109 Selected reading. Ukraine at D+102: Ukraine's SSSCIP on cyber war. (The CyberWire)  Major DDoS attacks increasing after invasion of Ukraine (SearchSecurity)  The Russia–Ukraine War: Ukraine's resistance in the face of hybrid warfare (Observer Research Foundation) Ukraine Symposium - U.S. Offensive Cyber Operations in Support of Ukraine (Lieber Institute: Articles of War)  Russia ready to cooperate with all states in cyber domain (UNI India) LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it (CyberScoop) Mandiant: “No evidence” we were hacked by LockBit ransomware (BleepingComputer)  Cybereason Ransomware True Cost to Business Study Reveals Organizations Pay Multiple Ransom Demands (Cybereason) Average Ransom Payment Up 71% This Year, Approaches $1 Million (Palo Alto Networks Blog)

The CyberWire
Defining the intruder's dilemma. [CyberWire-X]

The CyberWire

Play Episode Listen Later Jun 5, 2022 33:55 Very Popular


For this Cyberwire-X episode, we are talking about the failure of perimeter defense as an architecture where, since the 1990s when it was invented, the plan was to keep everything out. That model never really worked that well since we had to poke holes in the perimeter to allow employees, contractors, and partners to do legitimate business with us. Those same holes could be exploited by the bad guys, too. The question is, what are we doing instead? What is the security architecture, the strategy, and the tactics that we are all using today that is more secure than perimeter defense? In the first part of the show, Rick Howard, the CyberWire's CSO, Chief Analyst, and Senior Fellow, talks with Jerry Archer, the Sallie Mae CSO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Mike Ernst, episode sponsor ExtraHop's Vice President of Sales Engineering, to discuss Software Defined Perimeter and intrusion kill chain prevention strategy.

The CyberWire
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Conti's toxic branding. Happy birthday, US Cyber Command.

The CyberWire

Play Episode Listen Later May 23, 2022 24:25 Very Popular


There's a new loader identified in wiper campaigns. President Putin complains of sanctions and cyberattacks, and vows to increase Russia's cybersecurity. Coordinated inauthenticity at scale. Killnet crows large over Italian operations. Conti's dissolution doesn't mean its operators' disappearance. Rick Howard looks at software defined perimeters. Dinah Davis from Arctic Wolf on how ransomware groups are upping their game to nation state levels. And happy birthday, US Cyber Command...but we're not necessarily wishing you a moonshot for your birthday present. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/98 Selected reading. Sandworm uses a new version of ArguePatch to attack targets in Ukraine (WeLiveSecurity)  Putin complains about barrage of cyberattacks (Military Times) Putin promises to bolster Russia's IT security in face of cyber attacks (Reuters) Russia keeps getting hacked (Mashable)  Putin is bringing his disinformation war to Ukraine (Newsweek)  Putin is bringing his disinformation war to Ukraine (Newsweek) Russian government procured powerful botnet to shift social media trending topics (The Record by Recorded Future) Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns (The Hacker News)  Russian Hackers Claim Responsibility for Attacks on Italian Government Websites (Wall Street Journal) Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet (Infosecurity Magazine)  DisCONTInued: The End of Conti's Brand Marks New Chapter For Cybercrime Landscape (AdvIntel)  Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there (The Record by Recorded Future) Could a Cyber Attack Overthrow a Government? Conti Ransomware Group Now Threatening To Topple Costa Rican Government if Ransom Not Paid (CPO Magazine)  Fears grow after ransomware attack on Costa Rica escalates (TechCrunch)  US Cyber Command's birthday (US Cyber Command) U.S. Needs New 'Manhattan Project' to Avoid Cyber Catastrophe | Opinion (Newsweek) Cyber pros are fed up with talk about a cyber-Manhattan Project (Washington Post)

The CyberWire
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities atively exploited. TDI clarifies data incident. Robo-calling the Kremlin.

The CyberWire

Play Episode Listen Later May 19, 2022 30:49 Very Popular


Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare –Truth, Tactics and Strategies”. Robo-calling the Kremlin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant)  CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) Emergency Directive 22-03 (CISA)  Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA)  Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA)  CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire)  Additional facts: TDI data security event (Texas Department of Insurance)  This Hacktivist Site Lets You Prank Call Russian Officials (Wired) 

The CyberWire
Privateering goes fully political. Compromised robots? Conti's campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.

The CyberWire

Play Episode Listen Later May 18, 2022 25:33 Very Popular


Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "international" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her book “Security Metrics, a Beginner's Guide”. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a “reset.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Chaos Ransomware Variant Sides with Russia (Fortinet Blog) Did hackers commandeer surveillance robots at a Russian airport? (The Daily Dot)  Russian Hacking Cartel Attacks Costa Rican Government Agencies (New York Times)  Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts (CyberScoop)  "We will overthrow the government" - Does Conti have help inside Costa Rica? (Tech Monitor)  Costa Ricans scrambled to pay taxes by hand after cyberattack took down country's collection system (Yahoo)  Ethiopia faces new cyberattacks on its Nile dam (Al-Monitor)  Cyber Insurers Raise Rates Amid a Surge in Costly Hacks (Wall Street Journal)

The CyberWire
Russian cyber threats and NATO's Article 5. Conti says it's going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.

The CyberWire

Play Episode Listen Later May 17, 2022 28:20


An assessment of the Russian cyber threat. NATO's Article 5 in cyberspace. Conti's ransomware attack against Costa Rica spreads, in scope and effect. Bluetooth vulnerabilities demonstrated in proof-of-concept. CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Joe Carrigan looks at updates to the FIDO alliance. Rick Howard and Ben Rothke discuss author Andrew Stewart's book "A Vulnerable System: The History of Information Security in the Computer Age". And,the doctor was in, but wow, was he also way out of line. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/95 Selected reading. Russia Planned a Major Military Overhaul. Ukraine Shows the Result. (New York Times)  The Cyberwar Against Pro-Ukrainian Countries is Real. Here's What to Do (CSO Online)  Collective cyber defence and attack: NATO's Article 5 after the Ukraine conflict (European Leadership Network)  Cyber attack on Costa Rica grows as more agencies hit, president says (Reuters) Ransomware gang threatens to ‘overthrow' new Costa Rica government, raises demand to $20 million (The Record by Recorded Future)  Hacker Shows Off a Way to Unlock Tesla Models, Start Cars (Bloomberg) NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk (NCC Group)  Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks (NCC Group Research)  Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks (NCC Group Research) Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks (NCC Group Research)  Alert (AA22-137A) Weak Security Controls and Practices Routinely Exploited for Initial Access (CISA) Hacker and Ransomware Designer Charged for Use and Sale of Ransomware, and Profit Sharing Arrangements with Cybercriminals (U.S. Attorney's Office for the Eastern District of New York)  US prosecutors allege Venezuelan doctor is ransomware mastermind (ZDNet)  'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says (The Record by Recorded Future)  U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (The Hacker News)

The CyberWire
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia's hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.

The CyberWire

Play Episode Listen Later May 16, 2022 25:17


Users are advised to patch Zyxel firewalls. Battlefield failure and popular morale in Russia's hybrid war. Nuisance-level hacktivism in the hybrid war. Sweden and Finland move closer to NATO membership; concern over possible Russian cyberattacks rises. Intelligence, disinformation, or wishful thinking? Conti calls for rebellion in Costa Rica. PayOrGrief is just rebranded DoppelPaymer. Anonymous action in Sri Lanka seems indiscriminate and counterproductive. Dinah Davis from Arctic Wolf examines cyber security for startups. Rick Howard looks at two factor authentication. And a judge says cryptocurrency can't be used to evade sanctions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/94 Selected reading. Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (SecurityWeek)  Zyxel security advisory for OS command injection vulnerability of firewalls (Zyxel)  Growing evidence of a military disaster on the Donets pierces a pro-Russian bubble. (New York Times)  OpRussia update: Anonymous breached other organizations (Security Affairs)  Italy prevents pro-Russian hacker attacks during Eurovision contest (Reuters)  Finland, Sweden's NATO moves prompt fears of Russian cyberattacks (The Hill)  Coup to remove cancer-stricken Putin underway in Russia, Ukrainian intelligence chief says (Fortune)  Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn't pay (SC Magazine)  Anonymous wanted to help Sri Lankans. Their hacks put many in grave danger (Rest of World)  U.S. issues charges in first criminal cryptocurrency sanctions case (Washington Post)

The CyberWire
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russia's hybrid war. That apology? The Kremlin takes it back.

The CyberWire

Play Episode Listen Later May 9, 2022 26:22


The US Treasury Department sanctions a cryptocurrency mixer. Rewards for Justice is interested in Conti. US tractor manufacturer AGCO was hit by a ransomware attack. Russian hacktivism hits German targets and threatens the UK. A Russian diplomatic account was apparently hijacked. Tracking Cobalt Strike servers used against Ukraine. Dinah Davis from Arctic Wolf defends against DDOS attacks. Rick Howard looks at Single Sign On. And no apology for you, Mr. Bennett. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/89 Selected reading. U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats (U.S. Department of the Treasury) Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice (United States Department of State) AGCO ransomware attack disrupts tractor sales during U.S. planting season (Reuters) Agricultural equipment maker AGCO reports ransomware attack (The Record by Recorded Future) Russia's chief diplomat in Scotland condemns Ukraine invasion in social media post (The Telegraph)   Pro-Russian Hackers Hit German Government Sites, Spiegel Says (Bloomberg) Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine (IronNet) Russia tensions with Israel may intensify as Kremlin denies Putin's apology (Newsweek)

The CyberWire
The future of security validation – what next? [CyberWire-X]

The CyberWire

Play Episode Listen Later May 3, 2022 28:47 Very Popular


Security executives need visibility into their real cyber risk in real time. But with the flood of vulnerability alerts, how can organizations pinpoint impactful security gaps? To meet this challenge, security teams are shifting to an exploit-centric approach to security validation to expose potential threats from ransomware, leaked credentials, phishing, & more.  On this episode, of CyberWire-X, we explore how automation can help teams make this shift to prioritize remediation based on bottom line business impact. Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, discusses the topic with Rick Doten, CISO, Carolina Complete Health and CyberWire Hash Table member, while Dave Bittner, CyberWire podcast host, engages with Sponsor Pentera's Jay Mar-Tang, Sales Engineering Manager for the Americas, about automated security validation.

The CyberWire
Cyber sabotage and cyberespionage. Updates on Russia's hybrid war against Ukraine. REvil seems to have returned.

The CyberWire

Play Episode Listen Later May 2, 2022 25:19


Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week's DDoS incident was retaliation for Bucharest's support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop)  Russian hackers compromise embassy emails to target governments (BleepingComputer)  Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR)  Feared Russian cyberattacks against US have yet to materialize (C4ISRNet) Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post)  A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer) Ukraine's Digital Fight Goes Global (Foreign Affairs) Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future)  REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)