POPULARITY
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Chinese-speaking threat actors are targeting Japan with a massive phishing campaign using a sneaky new kit called CoGUI, which has hit organizations with over 170 million messages in a single month. The campaign mimics trusted brands like Amazon, PayPay, and Rakuten to steal login and payment info—lining up with warnings from Japan's Financial Services Agency about attackers cashing out and buying Chinese stocks. While the CoGUI kit is slick with its evasion tricks and browser profiling, your hosts are hot on its trail with new detections to help stop the phishing frenzy.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Quintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.
This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block." Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block." Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.
Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI's role in Canada's next election. Scammers target Singapore's PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women's History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this special International Women's Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, Gianna Whitver, CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez, Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare, Project Management Specialist and Content Developer at N2K Networks, and host of CertByte, Ann Lang, Project Manager at N2K Networks, Jennifer Eiben, Executive Producer at N2K Networks, and Maria Varmazis, host of the T-Minus Space Daily show at N2K Networks for their achievements, resilience, and the invaluable contributions they make to keeping our digital world secure. Selected Reading Russian crypto exchange Garantex's website taken down in apparent law enforcement operation (The Record) Data breach at Japanese telecom giant NTT hits 18,000 companies (BleepingComputer) Malvertising campaign leads to info stealers hosted on GitHub (Microsoft) Canadian intelligence agency warns of threat AI poses to upcoming elections (The Record) Deepfakes of Singapore PM Used to Sell Crypto, Residency Program (Bloomberg) Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets (SecurityWeek) Magecart: How Akamai Protected a Global Retailer Against a Live Attack (Akamai) Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets (BleepingComputer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability. The research can be found here: Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability. The research can be found here: Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode and since it is February (the month of love as Selena calls it), we talk about romance scams known throughout the security world as pig butchering. And, Rick's experiencing a bit of a Cyber Groundhog Day in his newly-realized retirement.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode and since it is February (the month of love as Selena calls it), we talk about romance scams known throughout the security world as pig butchering. And, Rick's experiencing a bit of a Cyber Groundhog Day in his newly-realized retirement.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what's next in 2025.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what's next in 2025.
Please enjoy this encore episode of Only Malware in the Building. Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright! Learn more about your ad choices. Visit megaphone.fm/adchoices
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Proofpoint senior threat intelligence analyst Selena Larson about the rise of Attacker-in-the-Middle phishing and ClickFix social engineering campaigns. Show notes Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright!
Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright!
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We'll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We'll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.
Welcome, witches, wizards, and cybersecurity sleuths! You've entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of today's most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into how Proofpoint researchers uncovered an espionage campaign casting custom malware known as "Voldemort" in August 2024. The Dark Arts practitioner behind this campaign targeted global organizations, disguising themselves as mundane tax authorities and weaving clever enchantments like using Google Sheets for command and control (C2). While their ultimate motive remains as shadowy as a cursed Horcrux, this malware is built for intelligence gathering and is primed to unleash additional attacks — likely summoning something even darker, like Cobalt Strike. Prepare your wands, and let's dive into this tale of digital sorcery!
Welcome, witches, wizards, and cybersecurity sleuths! You've entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of today's most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into how Proofpoint researchers uncovered an espionage campaign casting custom malware known as "Voldemort" in August 2024. The Dark Arts practitioner behind this campaign targeted global organizations, disguising themselves as mundane tax authorities and weaving clever enchantments like using Google Sheets for command and control (C2). While their ultimate motive remains as shadowy as a cursed Horcrux, this malware is built for intelligence gathering and is primed to unleash additional attacks — likely summoning something even darker, like Cobalt Strike. Prepare your wands, and let's dive into this tale of digital sorcery!
Scammers are good at manipulating teens. Join host Yanely Espinal and Proofpoint's Selena Larson to learn how to stay ahead of the scammers. Think you're financially inclined? Dig deeper into the world of cybersecurity: This article in Vox talks about the prevalence of scams amongst Gen Z Learn about common types of scams 4 online scams teens are falling for and how to avoid them Are you in an educational setting? Here's a handy listening guide. Thanks for listening to this episode of “Financially Inclined”! We'd love to hear what you learned from it or any questions you'd like us to answer in a future episode. You can shoot us an email at financiallyinclined@marketplace.org or tell us using this online form. This podcast is presented in partnership with Greenlight: the money app for teens — with investing. For a limited time, our listeners can earn $10 when they sign up today for a Greenlight account.
Scammers are good at manipulating teens. Join host Yanely Espinal and Proofpoint's Selena Larson to learn how to stay ahead of the scammers. Think you're financially inclined? Dig deeper into the world of cybersecurity: This article in Vox talks about the prevalence of scams amongst Gen Z Learn about common types of scams 4 online scams teens are falling for and how to avoid them Are you in an educational setting? Here's a handy listening guide. Thanks for listening to this episode of “Financially Inclined”! We'd love to hear what you learned from it or any questions you'd like us to answer in a future episode. You can shoot us an email at financiallyinclined@marketplace.org or tell us using this online form. This podcast is presented in partnership with Greenlight: the money app for teens — with investing. For a limited time, our listeners can earn $10 when they sign up today for a Greenlight account.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the use of AI in cyberattacks Proofpoint recently released two articles on two cyber campaigns: one by the group UNK_SweetSpecter targeting U.S. organizations involved in AI with the SugarGh0st RAT, and another by TA547 targeting German organizations with Rhadamanthys malware. Today we look at what the focus of threat actor objectives are and what that means for defenders.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the use of AI in cyberattacks Proofpoint recently released two articles on two cyber campaigns: one by the group UNK_SweetSpecter targeting U.S. organizations involved in AI with the SugarGh0st RAT, and another by TA547 targeting German organizations with Rhadamanthys malware. Today we look at what the focus of threat actor objectives are and what that means for defenders. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement. The research can be found here: Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement. The research can be found here: Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor's spinning web of activity means for the overall landscape. And be sure to check out the latest episode of Only Malware in the Building here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "Operation Endgame." Operation Endgame is a strategy by Western law enforcement to counter Russian cybercriminals through psychological tactics. This involves creating distrust among hackers, exposing their internal communications, and dismantling their anonymity to hinder their operations. You can find more information on Operation Endgame here. Today we look at the new tactics used to disrupt these criminals by eroding trust among them and undermining their anonymity.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "Operation Endgame." Operation Endgame is a strategy by Western law enforcement to counter Russian cybercriminals through psychological tactics. This involves creating distrust among hackers, exposing their internal communications, and dismantling their anonymity to hinder their operations. You can find more information on Operation Endgame here. Today we look at the new tactics used to disrupt these criminals by eroding trust among them and undermining their anonymity. Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware disrupts London hospitals. Researchers discover serious vulnerabilities in Progress' Telerik Report Server and Atlassian Confluence Data Center and Server. Over three million people are affected by a breach at a debt collection agency. A report finds Rural hospitals vulnerable to ransomware. An Australian mining firm finds some of its data on the Dark Web. Google patches 37 Android vulnerabilities. Russian threat actors target the Summer Olympics in Paris. On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. The Amazon rainforest goes online. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. You can learn more about Sonrai's work in this area by reviewing their Quantifying Cloud Access Risk: Overprivileged Identities and Zombie Identities report. Selected Reading Critical incident declared as ransomware attack disrupts multiple London hospitals (The Record) CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server (Tenable) Atlassian's Confluence hit with critical remote code execution bugs (CSO Online) Debt collection agency FBCS leaks information of 3 million US citizens (Malwarebytes) Rural hospitals are particularly vulnerable to ransomware, report finds (CyberScoop) Australian rare earths miner hit by cybersecurity breach (Mining Weekly) 37 Vulnerabilities Patched in Android (SecurityWeek) Russia used fake AI Tom Cruise in Olympic disinformation campaign (Computer Weekly) The Internet's Final Frontier: Remote Amazon Tribes (New York Times) Listen to our newest podcast, “Only Malware in the Building.” N2K and Proofpoint have teamed up to launch “Only Malware in the Building,” the newest podcast on the N2K CyberWire network. Each month our hosts Selena Larson, Proofpoint's staff threat researcher, and N2K's Rick Howard and Dave Bittner, explore the mysteries around today's most intriguing cyber threats. Listen to the first episode and subscribe now. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor's spinning web of activity means for the overall landscape.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor's spinning web of activity means for the overall landscape. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Proofpoint senior threat intelligence analyst Selena Larson about the latest changes in the threat actor landscape in the aftermath of several law enforcement takedowns and Microsoft tech stack changes. Show notes DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns.
Today's episode of Marketplace Tech is all about financial scams: how they work, what kinds of technology scammers use, and how to spot a scam before you fall victim to one. We're passing the microphone to victims of scams to tell their stories and then breaking down how the scammers pulled it off with Marketplace's Lily Jamali and Selena Larson, staff threat researcher at Proofpoint. Support our nonprofit newsroom today and pick up a fun thank-you gift like our new Shrinkflation mini tote bag or the fan favorite KaiPA pint glass!
Today's episode of Marketplace Tech is all about financial scams: how they work, what kinds of technology scammers use, and how to spot a scam before you fall victim to one. We're passing the microphone to victims of scams to tell their stories and then breaking down how the scammers pulled it off with Marketplace's Lily Jamali and Selena Larson, staff threat researcher at Proofpoint. Support our nonprofit newsroom today and pick up a fun thank-you gift like our new Shrinkflation mini tote bag or the fan favorite KaiPA pint glass!
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. The research can be found here: Bumblebee Buzzes Back in Black Learn more about your ad choices. Visit megaphone.fm/adchoices
This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. The research can be found here: Bumblebee Buzzes Back in Black Learn more about your ad choices. Visit megaphone.fm/adchoices
In this Risky Business News sponsor interview Tom Uren talks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, about the state of play in the cybercrime ecosystem. People and organisations are getting better at protecting themselves from scams and compromises, but criminals will use every possible avenue to reach people and scam them.
Selena Larson and Tim Utzig discussing "Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down." Joe and Dave share a bit of follow up this week, they discuss Hawaii fire scams, and listener Steve writes in regarding some comments about the recent scammer quiz Joe and Dave took, lastly listener John writes in and shares his thoughts on a discussion a couple weeks ago regarding Google Maps. Joe has two stories this week, one is regarding how Joe was close to being scammed by a fake website, the second story is from listener George who wrote in this week sharing about the Bank of Ireland and the latest banking scam causing a technical issue tricking people into thinking they had money, when they really didn't. Dave's story is from the FBI, on a new scam where people are being tricked through mobile beta-testing applications. Our catch of the day comes from listener Richard, who writes in with a "a new tip on Crypto." Links to stories: Bank of Ireland glitch let customers withdraw money they didn't have Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
In the latest episode of WE'RE IN!, Selena Larson shares insights into malicious hackers and scammers she's tracking as senior threat intelligence analyst for Proofpoint. Business email compromise, ransomware, sextortion, multi-factor authentication bypass techniques – dealing with the onslaught of modern cyberthreats “is very much like playing whack-a-mole,” she said. By unpacking attackers' motivations and psychological profiles, defenders can train themselves and their teams to avoid falling into common traps. -------More reasons you should listen: * Hear Selena discuss what makes threat intelligence actionable, versus extra noise for a SOC* Find out about an alarming cyber espionage campaign that recently targeted journalists* Learn why Selena despises evil TOADs – “telephone-oriented attack delivery” attacks
Threat actors are disarming their victims with a new approach: The long game. Instead of asking for money or gift cards upfront, they build a connection and confidence until they cash in on the big payout. In this episode of Discarded, Selena Larson and Crista Giering are joined by Proofpoint team members: Tim Kromphardt, Email Fraud Researcher, and Genina Po, Threat Analyst, to discuss socially engineered attacks and how victims are tricked. Join us as we discuss:Understanding what pig butchering isHow the scam blindsides victimsThe evolution of the fraud from China to other countries in AsiaResources mentioned: https://www.rappler.com/business/chinese-mafia-trafficking-filipinos-lure-lonely-professionals-cryptocurrency-scam/https://finance.yahoo.com/news/chinese-mafia-forcing-filipinos-crypto-034555327.htmlhttps://www.youtube.com/watch?v=720qUBQZJZ0https://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-traffickingKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!
In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint. Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious.Join us as we discuss:The most boring malware and common threat actor mistakesNew developments in Ukraine and the Global SouthA proliferation of mobile malware and sports-related attacksKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!
Five Minute Forecast for the week of October 10th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Pro-Russia attackers ground several U.S. airport websites 1.2 million credit cards given away in dark web marketing promotion Crypto thieves strike it big after a breach at Binance And senior threat intelligence analyst Selena Larson shares key insights from a comprehensive review of pandemic-related social engineering.
Five Minute Forecast for the week of August 8th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. U.S. and Australian cybersecurity agencies reveal last year's most prolific malware Cloud software giant Twilio hit with a sophisticated SMS phishing attack Security flaws could allow attackers to send fake messages through the Emergency Alert System And senior threat intelligence analyst Selena Larson joins us to discuss a new malware campaign targeting cryptocurrency and decentralized finance.
Five Minute Forecast for the week of August 1st. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. The FCC says SMS phishing attacks are on the rise and targeting U.S. consumers A new phishing-as-a-service platform targets big name banks New data shows a second quarter decline in average ransomware payments And senior threat intelligence analyst Selena Larson joins us to discuss how Microsoft's macro blocking policy is affecting the threat landscape.
Five Minute Forecast for the week of June 27th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. FTC advises LGBTQ+ dating app users to beware of cyber extortion Lockbit ransomware gets into the bug bounty game UK delivery services Yodel is hit by cyber attack Joining us is Selena Larson from the Proofpoint Threat Research team, to discuss the latest news on social engineering strategies.
If you asked for M&M's and received Skittles, you might pop a few in your mouth, but it won't take long to realize something's off. This is exactly what's happening with RTF files: Instead of the intended attachment, unaware companies are delivering these files and realizing later that they were actually malicious. On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Michael Raggi, Senior Threat Research Engineer at Proofpoint, about RTF files, template injection, and campaigns using the technique in an effort to make sure customers aren't being surprised with “Skittles.” Join us as we discuss: The importance of template injection Campaigns using the technique Widespread adoption of the RTF injection Mitigating and monitoring the technique Resource mentioned: https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.
You can buy a phish kit online for 10 bucks. But beware, since it'll probably come back to bite you in ways you might not expect. In this episode, hosts Selena Larson and Crista Giering chat with Jared Peck, Senior Threat Researcher at Proofpoint, about the pros and cons of phish kits — and why there's no honor among thieves. Join us as we discuss: What a phish kit is and how it works Ways a phish kit relates to MFA tokens and other authorizations Monetization, credentials for initial access, and the attack chain How organizations and people can defend against phishing attacks Resource mentioned: Have Money for a Latte? Then You Too Can Buy a Phish Kit | Proofpoint US For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.
If you asked for M&M's and received Skittles, you might pop a few in your mouth, but it won't take long to realize something's off. This is exactly what's happening with RTF files: Instead of the intended attachment, unaware companies are delivering these files and realizing later that they were actually malicious. On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Michael Raggi, Senior Threat Research Engineer at Proofpoint, about RTF files, template injection, and campaigns using the technique in an effort to make sure customers aren't being surprised with “Skittles.” Join us as we discuss: The importance of template injection Campaigns using the technique Widespread adoption of the RTF injection Mitigating and monitoring the technique Resource mentioned: https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread https://www.youtube.com/watch?v=bqyOtkibGro&feature=youtu.be https://twitter.com/sansforensics/status/1470901574717382663 For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.
Five Minute Forecast for the week of December 6th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Hundreds of thousands of patient records stolen from Planned Parenthood Thieves make off with a $200 million haul in the latest crypto heist Labor activists communicate with service industry workers through hacked point-of-sale printers Joining us is Proofpoint Senior Threat Intelligence Analyst, Selena Larson, for an update on pandemic-themed cyber attacks.
Have you ever been bitten by a TOAD? No, we're not talking about the marsh-dwelling amphibian. We're discussing telephone oriented attack deliveries (TOADs) in which scammers use real phone numbers to gain access to information and accounts. TOADS represent an atypical — but very poisonous — online threat especially to men in the 20-50 age range. Featuring believable fake invoices and U.S.-based phone numbers, these scammers can hop off with hundreds or thousands of your dollars. On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Tim Kromphardt, Email Threat Researcher at Proofpoint, about TOADS, how to avoid them, bait them, or report them. Join us as we discuss: The two kinds of TOAD threats How investigators locate and shut down TOAD scammers What the scambaiting community does Where and how to report a TOAD attack Resources mentioned: Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.
Five Minute Forecast for the week of November 22nd. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Emotet back from the dead almost a year after shutdown Six million routers left at risk in the U.K. GoDaddy breach exposes data of 1.2 million customers Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, for an update on North Korea-aligned threat activity.
Five Minute Forecast for the week of November 1st. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Israeli businesses hit by attacks from state-sponsored cyber criminals German police set their sights on an REvil kingpin HelloKitty ransomware sharpens its claws Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk about a new threat actor impersonating government departments in the Philippines.
APT stands for advanced persistent threat and refers to threat actors who are acting in the interests of other political states. In other words, espionage. In this episode of our #ThreatDigest series, hosts Selena Larson and Crista Giering, Senior Threat Intelligence Analysts at Proofpoint, interview Joshua Miller, Senior Threat Researcher at Proofpoint, about the advanced persistent threat landscape in Iran. Join us as we discuss: Determining whether malware is motivated for finances or for espionage How Iranian threat actors have shifted their strategy since COVID What we can infer about Iranian government priorities from threat actors Why Iranian threat actors are taking more risks Where to start in tracking APTs in the world of cyber threat intelligence Check out the resources we mentioned during the podcast: Operation SpoofedScholars: A Conversation with TA453 BadBlood: TA453 Targets US and Israeli Medical Research Personnel I Knew You Were Trouble: TA456 Targets Defense Contractor Media Coverage Doesn't Deter Actor From Threatening Democratic Voters DHS blames Iran for threatening emails sent to Democratic voters A Cyber Threat Intelligence Self-Study Plan: Part 1 STAR Webcast: Dissecting BadBlood: an Iranian APT Campaign Better Than Binary - Elevating State-Sponsored Attribution via Spectrum of State Responsibility For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player. Listening on a desktop & can't see the links? Just search for Protecting People in your favorite podcast player.
Five Minute Forecast for the week of October 25th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Russia launches new cyber attacks in defiance of U.S. sanctions A cyber criminal gang recruits unwitting security professionals to carry out attacks Evil Corp launches a new strain of ransomware Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk about a legitimate “red team” security tool being used by cyber criminals.
Five Minute Forecast for the week of October 4th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. The U.K. makes plans to strike back against future cyber attacks President Biden rallies international support in the fight against ransomware Six thousand Coinbase customers fall victim to an account recovery vulnerability Joining us is Selena Larson, Proofpoint Senior Threat Analyst, to talk about a series of campaigns by prolific threat actor, TA544.
Gone are the days of 2016 when we saw 12 million ransomware attachments randomly blasted out per day. It's 2021 now, when threat actors selectively deploy ransomware against high value targets across the victim organization's entire network in order to secure initial access. Why is initial access so often overlooked in protecting against the multiplicity of ransomware threats? In the inaugural episode of our Threat Digest series, series hosts Selena Larson and Crista Giering, Senior Threat Intelligence Analysts at Proofpoint, interview Daniel Blackford, Senior Threat Researcher at Proofpoint, about initial access and what can happen afterwards. Join us as we discuss: The evolution of ecrime in the past five years Initial access, dwell time, and the prevalence of Cobalt Strike activity What white glove ransomware treatment is like Tips for protecting your org against multiple malign actors at various stages of an attack Check out the report we mentioned during the podcast: -The First Step: Initial Access Leads to Ransomware For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player. Listening on a desktop & can't see the links? Just search for Protecting People in your favorite podcast player.
Five Minute Forecast for the week of August 30th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Tech's biggest hitters join the fight against cyber attacks Samsung reveals a secret ‘kill switch' hidden in its televisions Attackers are still profiting from fear and doubt over the pandemic Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to discuss how cyber criminals are continuing to use the pandemic in their attacks.
Five Minute Forecast for the week of August 23rd. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Anonymous sources confirm a potentially serious breach at the State Department Data theft puts telecom giants in the spotlight A ransomware gang seeks insider help Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk the insider threat of ransomware.
This week on Moscow Mules and NOP Slides, we have we Selena Larson. This is our first podcast of 2021! We are BACK! Selena sips on a Hamburg Hard Cider. We cover a bunch of topics...too many to mention. But here are just a few: running, Selena's journey into threat intelligence, changing the narrative of "soft skills", COMMUNICATION, certifications, STONKS, Vegan food, Emotet takedown, and ransomware. Dave drinks on an Imperial 3 Scoops from The Answer Brewpub out of our Version 1 podcast glass. Kyle sips on a Pounce from Dancing Gnome out of a Pour Character Wu-Tang glass. Thank you to Selena for being a guest and the great conversation! We hope you enjoy. Please don't forget to subscribe! Disclaimer: The views and expressions of the guests and hosts are their own and not of their employers.
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Podcast: The CyberWireEpisode: Know Thine Enemy - Identifying North American Cyber Threats - Research SaturdayPub date: 2020-01-25The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.The podcast and artwork embedded on this page are from The CyberWire, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective
Podcast: CYBEREpisode: How Scary Is Critical Infrastructure Hacking?Pub date: 2019-11-14Notes from @BEERISAC: CPS/ICS Security Podcast Playlist:Anton Shipulin: "Kudos to Rob Verseijden (@elborro) for a tip on the episode"Some of the most fascinating hacks are the types that don’t just pwn a shady malware company, the trade secrets of America or embarass the Democratic National Committee, but the kinds that target water systems, nuclear power plants and the oil and gas sector.Critical infrastructure hacking was brought into the public psyche by former Secretary of State and CIA director, Leon Panetta, in a much taunted 2012 speech where he warns of a coming “Cyber Pearl Harbour.” On this week’s CYBER we have Selena Larson, a former CNN reporter and cyber threat intelligence analyst working over at Dragos which is a leading cybersecurity company that specializes in critical infrastructure security, to tell us what we should be realistically worried about and if she believes Panetta’s speech has any merit in 2019. See acast.com/privacy for privacy and opt-out information.The podcast and artwork embedded on this page are from VICE, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Some of the most fascinating hacks are the types that don't just pwn a shady malware company, the trade secrets of America or embarass the Democratic National Committee, but the kinds that target water systems, nuclear power plants and the oil and gas sector.Critical infrastructure hacking was brought into the public psyche by former Secretary of State and CIA director, Leon Panetta, in a much taunted 2012 speech where he warns of a coming “Cyber Pearl Harbour.” On this week's CYBER we have Selena Larson, a former CNN reporter and cyber threat intelligence analyst working over at Dragos which is a leading cybersecurity company that specializes in critical infrastructure security, to tell us what we should be realistically worried about and if she believes Panetta's speech has any merit in 2019. See acast.com/privacy for privacy and opt-out information.
Some of the most fascinating hacks are the types that don’t just pwn a shady malware company, the trade secrets of America or embarass the Democratic National Committee, but the kinds that target water systems, nuclear power plants and the oil and gas sector.Critical infrastructure hacking was brought into the public psyche by former Secretary of State and CIA director, Leon Panetta, in a much taunted 2012 speech where he warns of a coming “Cyber Pearl Harbour.” On this week’s CYBER we have Selena Larson, a former CNN reporter and cyber threat intelligence analyst working over at Dragos which is a leading cybersecurity company that specializes in critical infrastructure security, to tell us what we should be realistically worried about and if she believes Panetta’s speech has any merit in 2019. See acast.com/privacy for privacy and opt-out information.
Bio Elissa Shevinsky (@ElissaBeth) is a successful serial entrepreneur, focusing on cybersecurity and cryptocurrency companies. An early employee at Geekcorps (acquired) and Everyday Health (IPO) she was most recently Head of Product at Brave. Shevinsky is also the author of "Lean Out: The Struggle for Gender Equality in Tech and Startup Culture." Little known fact: her first job out of college was as a lobbyist in DC, working to protect the Arctic National Wildlife Refuge. Resources Lean Out: The Struggle for Gender Equality in Tech and Start-Up Culture by Elissa Shevinsky (OR Books: 2015) Mastering Bitcoin: Programming the Open BlockChain by Andreas Antonopoulos (O'Reilly Media: 2017) Mastering Ethereum by Andreas Antonopoulous (O'Reilly Media: forthcoming, 2018) News Roundup Online sex trafficking bill has 60 votes The Senate bill to combat online sex trafficking has the 60 votes it needs to prevent a filibuster. The bipartisan bill, which met initial resistance and then acceptance by large tech companies, seeks to limit an exception in the Communications Decency Act that shields web hosts from liability for illegal content, such as prostitution ads, posted by third parties. The Senate bill would eliminate the exception for websites that knowingly facilitate sex trafficking. Ben Brody has more in Bloomberg. Apple announces security flaws Apple announced last week that all Mac and iOS devices are susceptible to processing system flaws called Spectre and Meltdown. Apple said that, to avoid the possibility of hackers exploiting these vulnerabilities, consumers should avoid downloading anything from anyone other than trusted sources. Selena Larson reports for CNN. Effort to overturn FCC's repeal of net neutrality gains first Republican supporter Senator Ed Markey's effort to overturn the FCC's reversal of the 2015 open internet rules gained its first Republican supporter last week: Senator Susan Collins from Maine. Markey's resolution could now pass the Senate with just one more Republican vote. On Monday, Democrat Claire McCaskill joined the list of the bill's sponsors, bringing the total number of sponsors to 30. John Brodkin has the story in Ars Technica. CEOs urge Congress to protect DREAMERS With the Deferred Action for Childhood Arrivals (DACA) set to expire on March 5th, more than 100 American CEOs sent a joint letter to Congress urging it to pass a bill to allow Dreamers--the children of undocumented immigrants who brought them to the U.S.--to remain in the country. The CEOs, who represented companies as diverse as Google, Apple, Best Buy, Levi Strauss, Facebook, Target, Verizon, Visa and others wrote that the impending expiration of DACA is a crisis. Harper Neidig has the story in the Hill. The Internet Association will sue the FCC over net neutrality The Internet Association--the trade group that represents major tech companies such as Google, Netflix, Facebook and others--announced last week that it would be suing the Federal Communications Commission over its repeal of the 2015 net neutrality rules. Fired Google memo writer sues the company James Damore--the fired Google employee who wrote a controversial memo that played into stereotypes about women, sued Google for treating employees with conservative political views differently from the way it treated liberals working at the company. Harper Neidig reports in the Hill. Pew: Half of Women in STEM jobs experience discrimination Half of women in STEM jobs experience gender-based discrimination at work, according to a new Pew survey. Some 50 percent of women in STEM fields reported that they had been victims of discrimination, compared to 41 percent of women in non-STEM jobs. Cary Funk and Kim Parker wrote the report for Pew. VTech settles with FTC for $650,000 Children's electronic toy maker VTech settled with the Federal Trade Commission for $650,000 on Monday. The FTC alleged that the company had collected kids' private information without the consent of their parents, and then failed to secure the information against hackers. White House sent Car nomination to Congress The White House has nominated Brendan Carr to a five-year term as a Federal Communications Commission Commissioner. Carr's current term expires in June.
Philanthropists in Silicon Valley Want Your Ideas The provincial Silicon Valley that was loathe to step outside of Northern California is practically ancient history. An industry that once shunned Washington, D.C.'s buttoned-up bureaucrats now leads in lobbying and campaign contributions. Increasingly, philanthropists in Silicon Valley are making investments that in many ways are changing the very structure of our institutions. The New York Times is running a series on the institutional investments Silicon Valley titans are making. For example, Netflix's Reed Hastings and Facebook's Mark Zuckerberg are making investments to enhance and experiment with innovative new educational tools and models. Other tech philanthropists have long invested billions to fight more global, humanitarian problems, such as climate change and malaria. They also offer microloans to small businesses in developing nations. The election of Donald Trump to the presidency as not caused the mass tech exodus from Washington that was initially feared. Indeed, while Big Tech and the Trump administration remain worlds apart on net neutrality, there is some common ground. Issues like cybersecurity, government efficiency, and the effect of artificial intelligence on jobs are largely bipartisan. It is now inside-the-beltway institutions that are struggling to tweak their own insular tendencies. What should policy professionals be thinking about as they develop their outreach efforts to philanthropists in Silicon Valley? How does tech sector philanthropy work? The goal of this episodes is to help answer these questions and more as you structure your efforts. Bio Gina Dalma (@ginadalma) is Special Advisor to the CEO and vice president of government relations at the Silicon Valley Community Foundation (SVCF). SVCF is the largest community foundation in the world, with more than $8 billion in assets under management. Gina is responsible for leading SVCF's ongoing lobbying efforts in Sacramento and its emerging efforts in Washington, D.C. SVCF's California lobbying work is currently centered around education, affordable housing, immigration and economic security. In Washington, D.C., SVCF hopes to be a leading voice on topics that have the potential to advance the philanthropic sector. Gina was pivotal in the passage of the California Mathematics Placement Act of 2015, which Gov. Brown signed into law on Oct. 5, 2015. SVCF sponsored this legislation. She serves as a member of the California Department of Education's STEM Taskforce Advisory Committee. She is also a member of the National Common Core Funders Steering Committee and an Advisory Board Member of the Silicon Valley Education Foundation. Prior to her promotion to special advisor in 2015, Gina was SVCF's director of grantmaking. In that role, she led the grantmaking team in using a diverse set of tools, including strategic investments, to solve our region's most challenging problems. She also led SVCF's education grantmaking strategy, as well as the Silicon Valley Common Core Initiative. Prior to joining SVCF, Gina was director of innovation at the Silicon Valley Education Foundation. Before moving to the United States, Gina held several positions related to urban economic development and regulatory economics in the federal and state public sector in Mexico. She holds a Bachelor of Science in economics from ITAM in Mexico City, a Master of Science in economics from the University of London and a Master of Arts in international policy studies from Stanford University. Resources Silicon Valley Community Foundation (SVCF) Parting the Waters: America in the King Years 1954-1963 by Taylor Branch News Roundup FCC's Net Neutrality Initial Comment Window Closes The FCC's initial comment period regarding its proposed rules to overturn the Obama-era net neutrality rules closed on Monday. The comments span the gamut. Some commenters favor overturning the existing rules. Other commenters advocated for new legislation that would replace the FCC's rules. Still others advocated for upholding the existing rules entirely, without new legislation. A couple of data points this week on net neutrality -- Civis Analytics released one showing 81% of Americans are against blocking, throttling, and paid prioritization of some sites over others. Interestingly, Civis Analytics counts Verizon Ventures and Alphabet Chair Eric Schmidt among its investors. Another poll, this one by INCOMPAS and the GOP-polling firm IMGE, showed 72% of Republican voters oppose throttling and blocking sites like Netflix. Further, a Morning Consult released a report showing Senators who support net neutrality enjoy high approval ratings. Massachusetts Senator Ed Markey has a 55% approval rating, and Oregon Senator Ron Wyden has an approval rating of 61%. America's Cybersecurity Issues Intensify Verizon announced that "human error" that resulted in misconfigured security settings caused the personal data of some 6 million Verizon customers to be leaked online. We're talking customer phone numbers, names, and PIN codes. Apparently, an Amazon S3 storage server's settings were set to public instead of private. Selena Larson has the full story at CNN Money. As far as Russia is concerned--President Trump keeps equivocating. One day he says he thinks maybe Russia interfered with the election. The next day, he's publicly less sure. This is all amidst an intensifying investigation that has zeroed in on Trump's son, Donald Jr. Trump senior also met with Russian President Vladimir Putin in Germany 2 weeks ago, as you know, at the G20 Summit in Hamburg. After that meeting, Trump talked about needing to move forward with forming a cybersecurity unit with Russia. President Trump said he had questioned Putin about the hacks and that Putin had vehemently denied them. Republicans and Democrats quickly condemned the president's statements, questioning the president's trust of Russia. Then, 3 days later, the Trump administration moved to limit federal agencies' use of Kaspersky Labs. Kaspersky Labs is the Russia-based cybersecurity firm. Several officials believe the Kaspersky may be a Trojan Horse the Kremlin uses to hack government data. You can find coverage in the Washington Post by Phillip Rucker, as well as Politico, by Eric Geller, and Reuters' Phil Stewart. Meanwhile, Joe Uchill reported in the Hill on a new poll conducted by the cyberscurity firm Carbon Black which shows 1 in 4 voters do not plan on voting due to cybersecurity concerns. Feds Uphold NSA's Gag Orders The gag orders the National Security Agency routinely uses when it requests identifying information from tech companies don't violate the 1st Amendment. That was the holding of a 9th Circuit Court of Appeals decision last week in a matter brought by Cloudflare and Credo Mobile. The companies wanted to notify customers when the National Security Agency obtained their information. The companies argued that notifying customers of such inquiries is their First Amendment right. But the Court disagreed. As long as certain civil liberties protections are in place, those gag orders that prevent companies from notifying customers that the NSA is investigating them are Constitutional. Joe Uchill has the story in the Hill. New Documents Suggest Backpage.com Facilitated Sex Advertising/Trafficking New evidence suggests Backpage.com did know alleged prostitution was going on on its website and that it indeed allegedly helped facilitate it,. Johnathan O'Connell and Tom Jackman report for the Washington Post. Documents show Backpage apparently did things like troll its competitors' websites for sex ads. After finding sex ad buyers, Backpage allegedly had staffers and contractors contact those buyers and offer them free advertising . A 16-year-old girl the FBI says was being trafficked on the site was found dead in a Chicago-area garage on Christmas eve. Again, you can find long form coverage in the Washington Post. To report sex trafficking happening anywhere--you can contact the National Human Trafficking Resource Center at 1-888-373-7888. That's 1-888-373-7888. You can also text HELP or INFO to 233733. That's 233733. And those coordinates are available 24 hours a day 7 days per week. DraftKings/Fanduel Merger a No-Go DraftKings and FanDuel--the two leading fantasy sports sites--have dropped merger talks. The Federal Trade Commission was blocking the merger after finding the merged company would have controlled between 80 and 90% of the fantasy sports market. Ali Breland reports in the Hill. Musk: AI is "Biggest risk we face as a civilization" At a meeting of the National Governor's Association last week, Tesla and SpaceX CEO Elon Musk said Artificial Intelligence is "the biggest risk we face as a civilization". He called for more effective regulations. The Economist also published a report that shows China and the U.S. in head-to-head competition for dominance in the Artificial Intelligence market. The article suggests China may account for up to half of the world's Artificial Intelligence-attributable GDP growth by 2030. By 2030, AI is expected to comprise some $16 trillion of total global GDP. Racist Airbnb host to pay Asian customer $5,000 Finally, Tami Barker, the Airbnb host who denied a UCLA law student her reservation because she is Asian will have to pay $5,000 in damages to the student, Dyne Suh, and take an Asian American studies course. "It's why we have Trump", is what Barker wrote to Suh via the Airbnb app. "I will not allow this country to be told what to do by foreigners," she said.
Last episode I gave you my best picks for tech gifts this year. But what about what NOT to buy! Bad tech not only makes for a disappointing Christmas, it can be deadly. So I turned to Selena Larson at CNN Money for her input on tech related gifts to avoid.