Podcasts about spycloud

Our feature guest this week is CW Walker from SpyCloud, interviewed by Frank Victory. News from DIA, the Colorado EDC, Outside, Inc, Urban Sky, Cliexa, Affineon, Webroot, Virtual Armour, Ping Identity, Optiv, Red Canary and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver airport reveals new look, construction end date for Great Hall project Colorado eyes more than 1,500 jobs in state bids to lure companies to Jefferson, Mesa counties Outside expands its outdoors media empire with acquisition of booking software developer Denver company to hire dozens, expand headquarters after funding infusion Denver startup raises $2.8M to bring AI to doctors' offices Denver AI startup tackling physician burnout raises $5M Is your whole digital life protected? 4 ways to address common vulnerabilities Cybersecurity Challenges in the Age of Remote Work Manual vs. Automated Threat Hunting Methods: Finding the Right Approach Fraud Starts with Identity Crime, Not Financial Loss CopyObjection: Fending off ransomware in AWS Upcoming Events: Check out the full calendar Kirkpatrick Price - Winter Park Ski Event - 3/4-3/5 NCC - NICE Local Stakeholders Engagement Event - 3/7 2025 Rocky Mountain Collegiate Cyber Defense Competition (RMCCDC) - 3/7-8 Denver ISSA - March Chapter Meeting - 3/12 ISACA Denver - March Meeting (Online) - 3/20 ISSA Pikes Peak - Chapter Meeting - 3/26 SANS AI Cybersecurity Summit - 3/31-4/7 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

SHOWNOTES: - https://forum.closednetwork.io/t/episode-43-spycloud-rising-why-apple-the-fbi-and-the-uk-want-your-keys/145/1Website / Donations / Support - https://closednetwork.io/support/BTC Lightning Donations - closednetwork@getalby.com / simon@primal.netThank You Patreons! -https://www.patreon.com/closednetworkMichael Bates - Privacy Bad AssRichard G. - Privacy Bad AssDaniel J Martin - Privacy Bad AssTimothy Kelley - Privacy AdvocateHutch - Privacy AdvocateTOP LIGHTNING BOOSTERS !!! THANK YOU !!! @bon - 3,456 sats @wartime - 333 sats @fortydeaux 44 satsThank You To Our Moderators:Unintelligentseven - Follow on NOSTR primal.net/p/npub15rp9gyw346fmcxgdlgp2y9a2xua9ujdk9nzumflshkwjsc7wepwqnh354dMaddestMax - Follow on NOSTR primal.net/p/npub133yzwsqfgvsuxd4clvkgupshzhjn52v837dlud6gjk4tu2c7grqq3sxavtClosed Network Forum - https://forum.closednetwork.ioJoin Our Matrix Channels!Main - https://matrix.to/#/#closedntwrk:matrix.orgOff Topic - https://matrix.to/#/#closednetworkofftopic:matrix.orgJoin Our Mastodon server!Closed Network Privacy Podcast MastodonFollow Simon On The SocialsMastodon - Simon :verified: (@simon@closednetwork.social) - Closed Network SocialNOSTR - Public Address - npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 - primal.net/simonTwitter / X - @ClosedNtwrkInstagram - https://www.instagram.com/closednetworkpodcast/YouTube - https://www.youtube.com/@closednetworkEmail - simon@closednetwork.ioMastodon hosted on closednetwork.socialClosed Network Social

In this OODAcast, Bob Gourley interviews Trevor Hilligoss from SpyCloud, diving into his career trajectory from the U.S. Army to cybercrime intelligence. Hilligoss shares his unconventional path, starting as a forward observer in the Army before transitioning to law enforcement and later working with the FBI's Joint Ransomware Task Force. He explains how his investigative experience led him to SpyCloud, a company dedicated to collecting intelligence on cybercriminals and using it to prevent attacks. The discussion highlights how cyber threats evolve and why proactive intelligence is crucial in countering criminal activities. Hilligoss explains SpyCloud's unique role in cyber defense, which involves infiltrating underground forums and gathering stolen data to identify vulnerabilities before criminals can exploit them. He emphasizes the growing challenge of session hijacking, malware-driven credential theft, and the commoditization of cybercrime, where even low-skilled actors can execute sophisticated attacks using readily available tools. He underscores the importance of disrupting cybercriminals by exposing their identities and dismantling their infrastructure, rather than solely relying on traditional law enforcement methods. The conversation also explores how enterprises, governments, and small businesses can leverage SpyCloud's intelligence to protect their networks. The episode concludes with a discussion on fraud, particularly scams targeting elderly victims, and the need for stronger industry-wide defenses. Hilligoss expresses optimism about the future of cybersecurity, citing increased collaboration between public and private sectors and innovative disruption techniques, such as name-and-shame campaigns and cybercriminal takedowns. He encourages a mindset of making cybercrime as difficult and costly as possible for bad actors, reinforcing the importance of staying ahead of evolving threats. For more on SpyCloud see: SpyCloud.com

This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China's Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases. Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape. The research can be found here: “Pantsless Data”: Decoding Chinese Cybercrime TTPs A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem China's Surveillance State Is Selling Citizen Data as a Side Hustle Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China's Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases. Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape. The research can be found here: “Pantsless Data”: Decoding Chinese Cybercrime TTPs A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem China's Surveillance State Is Selling Citizen Data as a Side Hustle Learn more about your ad choices. Visit megaphone.fm/adchoices

What does it take to stop a trillion-dollar criminal enterprise? Damon Fleury, Chief Product Officer of SpyCloud, dives into the murky world of cybercrime and the economy driving it. Fleury shares his journey from code and network stacks to facing off against an elaborate cybercrime ecosystem — one that's as organized as a traditional business but designed purely to exploit and harm. Discover how SpyCloud turns the tables on cybercriminals, enabling companies to actively access stolen data from within hacker communities. Damon explains how this invaluable intelligence can enable proactive defenses, prevent ransomware attacks, and disrupt cybercrime operations before they gain a foothold. Damon: www.linkedin.com/in/damonfleury SpyCloud: spycloud.com Jon: www.linkedin.com/in/jon-mclachlan Sasha: www.linkedin.com/in/aliaksandr-sinkevich YSecurity: www.ysecurity.io/

Fraudology is presented by Sardine.In this episode of the Fraudology Podcast, Karisse Hendrick dives into the latest trends and developments in online fraud, providing valuable insights for e-commerce professionals and fraud fighters. How cybercriminals are shifting away from Telegram to new platforms like Meta's Threads, highlighting the evolving landscape of digital fraud. She discusses a recent SpyCloud report detailing how fraudsters are exploiting Threads' features to advertise stolen credit card information and other sensitive data. The episode also covers the Wall Street Journal's examination of retailers cracking down on returns, with companies like Saks Fifth Avenue and Zara implementing stricter policies to combat return fraud. Karisse offers practical advice for merchants considering return fees, emphasizing the importance of proper transaction linking to avoid chargebacks. Additionally, she shares news of the takedown of Popeye Tools, a major cybercrime marketplace, and alerts listeners to the "Star 72" phone scam targeting bank customers. For fraud professionals seeking to stay ahead of the curve, this episode provides a comprehensive overview of current fraud trends and strategies to mitigate risks.Tune in to Fraudology for expert analysis and actionable insights to protect your business from evolving fraud threats.Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast semi weekly, on Tuesdays and Thursdays.

Blue Yonder continues to grapple with ransomware attack. AI-powered scams surge this shopping season. Gaming engine exploited to deliver malware. Chinese hackers ride the router wave. TikTok's beauty filter ban. Redefining cybersecurity education for the future. On our Industry Voices segment, Dave sits down with Damon Fleury, SpyCloud's Chief Product Officer to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest Damon Fleury, SpyCloud's Chief Product Officer, joins Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. Selected Reading Kevin Beaumont (@GossiTheDog) on Mastodon (Mastodon) Advanced Cyberthreats Targeting Holiday Shoppers (FortiGuard Labs)  Black Friday Gets a Fakeover: Fake Stores Spike 110% by Using LLMs this Holiday Shopping Season (Netcraft) The Exploitation of Gaming Engines: A New Dimension in Cybercrime (Check Point Software)  T-Mobile Engineers Spotted Hackers Running Commands on Routers (Bloomberg Law)   TikTok will block beauty filters for teens over mental health concerns (The Verge) Australia passes bill banning social media for children under 16 (The Washington Post) CISA debuts new cybersecurity training platform (Federal News Network)  African cybercrime crackdown culminates in 1,006 captured and cuffed (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell. In this episode: Striking a balance  Will we see a talent exodus? Playing by the same rules This is an organizational responsibility Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

Researchers reveal upgraded Qilin ransomware-as-a-service CISA adds Microsoft SharePoint flaw to its KEV catalog Rhysida ransoms Easterseals Thanks to today's episode sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you'll want to see – plus confirms some stark truths: that the industry you're in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Find the stories behind the headlines at CISOseries.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud. In this episode: A holistic view Adding sophistication to identity Your employees can help Cracking the code Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

CISA proposes new security requirements for personal data Fortinet patches actively exploited zero-day UK report on Cyber Essentials certification Thanks to today's episode sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud's latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines.

Four cyber companies fined for SolarWinds disclosure failures Zendesk helps Internet Archive after hacker breached email system Samsung zero-day under active exploit Thanks to today's episode sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud's new report at spycloud.com/headlines.

Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today's episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics.

Microsoft warns it lost some customers' security logs for a month Omni Family Health data breach impacts almost half a million individuals Internet Archive breached again through stolen access tokens Thanks to today's episode sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company's ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Find the stories behind the headlines at CISOseries.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC. In this episode: Don't underestimate the quality of life benefits We're still learning What is the case for return-to-office? Moving past gimmicks Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

In this episode, Trevor Hilligoss, VP of SpyCloud Labs, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found here: MALWARE AND RANSOMWARE DEFENSE REPORT Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Trevor Hilligoss, VP of SpyCloud Labs, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found here: MALWARE AND RANSOMWARE DEFENSE REPORT Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare blocks largest recorded DDoS attack Adobe Commerce and Magento stores compromised by CosmicSting bug DOJ and Microsoft take down 107 domains used in Star Blizzard phishing attacks Huge thanks to our sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you'll want to see – plus confirms some stark truths: that the industry you're in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com

Russian authorities arrest nearly 100 cybercriminals in raid Northern Ireland police fined for exposing officer identities Rackspace breach sparks vendor blame game Huge thanks to our sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud's latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com

UK ties LockBit affiliate to Evil Corp Public records systems riddled with security flaws Ransomware disrupts emergency services at Texas hospital Huge thanks to our sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud's new report at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com

T-Mobile data breaches cost company $31.5 million Iranian hackers charged for targeting 2024 U.S. election Deepfake scam hits U.S. senate Huge thanks to our sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics. Get the story behind the headlines at CISOSeries.com

Recall redesign: reinforced and removable Embargo moves ransomware attacks to cloud environments Dallas suburb deals with ransomware attack Huge thanks to our sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company's ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Get the story behind the headlines at CISOSeries.com

On August 1st, 2024, a class action lawsuit was filed against Jerico Pictures, Inc. otherwise known as National Public Data, alleging a massive data breach that appears to impact nearly all Americans. SpyCloud, a leader in helping businesses avoid cybercrime, reported that their team was able to access and analyze the data and confirmed that 277 million distinct social security numbers were included in the breach. Given the current population of the United States is about 337 million people, most individuals should assume their information was included. When data breaches like this happen, what should everyday Americans do to reduce the risk that they become the victim of identity theft? In the past, most individuals were careful to avoid giving out their data and then simply hoped that their identity would not be compromised. With the size and frequency of recent breaches, this is no longer a viable strategy. Individuals must assume that their data is available to identity thieves. In this month's podcast, we discuss the steps individuals should be taking now to actively reduce the risk of becoming a victim of identity theft in light of the National Public Data security breach. If you are interested in learning more about how to protect yourself financially from identity thieves, we think you'll enjoy this episode. Thanks for listening! For more details on protecting yourself from identity theft, check out our blog post covering the same topic at https://pw-wm.com/learn/financial-planning/avoiding-identity-theft-when-your-data-is-exposed/

Interpol pursues West African cybercrime groups. Bassett Furniture shuts down manufacturing following a ransomware attack. A gastroenterologist group notifies patients of a data breach. An Apache HugeGraph flaw is being actively exploited. Octo Tempest updates its toolkit. Satori uncovers evil twin campaigns on Google Play. The cost of the Change Healthcare breach crosses the two billion dollar mark. Cybersecurity venture funding saw a surge last quarter. Cyber regulatory agencies face legal challenges. On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins us to talk about exploring the intricate world of cybercrime enablement services. Fighting disinformation is easier said than done.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins Dave to talk about exploring the intricate world of cybercrime enablement services. You can find out more about SpyCloud's “How the Threat Actors at SpaxMedia Distribute Malware Globally” here.   Selected Reading Global Police Swoop on Black Axe Cybercrime Syndicate (Infosecurity Magazine) Furniture giant shuts down manufacturing facilities after ransomware attack (The Record) MNGI Digestive Health Data Breach Impacts 765,000 Individuals (SecurityWeek) Apache HugeGraph Vulnerability Exploited in Wild (SecurityWeek) Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal (Security Affairs) Report Identifies More Than 250 Evil Twin Mobile Applications (Security Boulevard) Change Healthcare's Breach Costs Could Reach $2.5 Billion (GovInfo Security) Cybersecurity Funding Jumps 144% In Q2 (Crunchbase) The US Supreme Court Kneecapped US Cyber Strategy (WIRED) Even the Best Tools to Fight Disinformation Are Not Enough (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians' personal info for sale on the dark web. The BBC's pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud's Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow's fake-news puppet. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we hear from Chip Witt, SpyCloud's SVP, Product Management, discussing navigating the threat of digital identity exposure. To learn more, check out SpyCloud's Annual Identity Exposure Report 2024.  Selected Reading Senate chairman wants new White House-led panel to streamline federal cyber rules (The Record) Data Leak Exposes Business Leaders and Top Celebrity Data (Hackread) Information of Hundreds of European Politicians Found on Dark Web (SecurityWeek) BBC Pension Scheme Breached, Exposing Employee Data (Infosecurity Magazine) OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops (CSO Online) Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (Ars Technica) Pirated Microsoft Office delivers malware cocktail on systems (Bleeping Computer) UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says (The Record) Once a Sheriff's Deputy in Florida, Now a Source of Disinformation From Russia (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: What are the things that raise red flags that you're about to experience an attack? What signals set off your Spidey sense that things could go sideways? What are the early warning signs an attack is underway? Did you learn anything new? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource. In this episode: How do you actually focus your patching efforts on the vulnerabilities that are seen as universally holding the most risk? With limited resources, is it possible to "patch all the things"? How do we focus patching efforts to fix the most vital issues quickly? What are the risks we're dealing with? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

Manufacturing industry tops cyber extortion trend Google's RETVec the latest warrior on bad emails Zyxel warns of vulnerabilities in NAS devices Huge thanks to our sponsor, SpyCloud  New research from SpyCloud reveals a critical discovery: nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. These infostealers exfiltrate authentication data from infected systems to aid follow-on attacks – everything from passwords to 2FA codes, and even cookies that enable session hijacking without the need for credentials at all. SpyCloud specializes in recapturing and remediating data siphoned from infostealers to protect businesses and their users from cybercrime. Get SpyCloud's new research and check your malware exposure at spycloud.com/ciso. For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business and your customers, so you can take action on exposed authentication data to prevent ransomware, session hijacking, account takeover, and online fraud. With knowledge of the specific data criminals have in hand – like credentials, cookies, and PII compromised by breaches and malware infections – security teams have better visibility into the expanding attack surface that puts their organization at risk of cyberattacks and can respond quickly with SpyCloud's automated solutions. Find out what cybercriminals know about your business by visiting spycloud.com/ciso to get your free exposure report. That's spycloud.com/ciso. All links and the video of this episode can be found on CISO Series.com  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM. In this episode: Does generative AI come with a new set of risks? How can we address these risks to take advantage of its benefits? How do we approach a much desired technology we're not so sure how we should secure? How can we take what we've learned from past technological advances and apply it to mitigate risks with generative AI? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All Okta customers exposed in breach JAXA hit by cyberattack OpenAI's chatbots leak secrets Huge thanks to our sponsor, SpyCloud  For some people ignorance is bliss – but that's not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company's darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud's focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.

Ransomware gang busted in Ukraine by international operation North Texas water utility hit with cyberattack Former Uber CISO speaks out after 6-year silence Huge thanks to our sponsor, SpyCloud  SpyCloud has discovered that infostealer malware infections are an early warning signal for ransomware. In fact, nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. Are you thinking about infostealers as a precursor to ransomware? SpyCloud believes that knowing what criminals have stolen from your managed, unmanaged and undermanaged infected machines is step one to stopping ransomware attacks. Get SpyCloud's new research on this topic and check your company's exposure from malware infections at spycloud.com/ciso. For the stories behind the headlines, visit CISOseries.com.

International AI agreement PA water utility hit by cyberattack Ukraine claims cyber attack against Russian aviation Huge thanks to our sponsor, SpyCloud  Our sponsor today, SpyCloud, wants us to pay attention to a ransomware precursor that's not being talked about enough: infostealer malware. If you think you're covered by endpoint protection and anti-virus solutions, think again. The SpyCloud team discovered that the presence of infostealers including Racoon, Vidar, and Redline on machines accessing work applications may indicate a likely future ransomware attack. They believe the first step in thwarting ransomware lies in knowing the data criminals have stolen from malware-infected systems and remediating it quickly. Get SpyCloud's new research and check your malware exposure at spycloud.com/ciso.

London & Zurich, and Fidelity National Financial attacks Royal Family's hospital and Vanderbilt University Med Center suffer cybersecurity incidents Gulf Air exposed to data breach Huge thanks to our sponsor, SpyCloud  For some people ignorance is bliss – but that's not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company's darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud's focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.

In this livestream, I talked to Ryan Saunders - Manager of Security Operations at SpyCloud, about how he used the Cribl Reference Architecture to build a scalable deployment. He explained how this approach enabled SpyCloud to grow alongside its evolving needs without requiring significant rework. The reference architecture also facilitated a repeatable data-onboarding process, reducing administrative time and allowing the team to focus on critical security and data analysis tasks. SpyCloud is a cloud-native organization that generates enormous amounts of data — from hosted email and EDR, sales solutions, and the rest of their sprawling cloud architecture. Before implementing Cribl Stream, they had too many sources and too little time to figure out how to integrate all of them. Saving Valuable Engineering Time Traditional on-prem environments can have many sources, but they generally come from a single area that makes it possible to capture them with a single set of agents. Because of their sprawling cloud architecture, Ryan and his team didn't have that luxury. During our conversation, Ryan pointed out that engineers come to work at SpyCloud to work in security, not to become a data butler. They don't necessarily know how to architect large data pipelines — they just pull the data in and go to work on it. To that end, the first problem they solved with Cribl Stream was streamlining the process of bringing sources into their detection analytics platform. Data now flows in natively from a source like AWS instead of via a TA or other inefficient, incomplete method. Flexibility in Scaling Security Architecture SpyCloud can't afford to have data held up in processing — once all their data comes in, it needs to be processed immediately so their security detections fire in real-time. Cribl's Reference Architecture played a very important role in onboarding their sources and getting things to operate seamlessly. There are times when Ryan and his team get little to no advance notice of a new product or customer, so there may not be much time to add to their logging pipeline. Without Cribl Stream, planning and execution may take weeks or months. But the right tools and a properly designed architecture allow them to scale up in minutes, if not automatically. Splitting Up Worker Groups Spycloud separates worker groups based on data volume workflow and as a way to mitigate risk. Instead of having one large worker group, they have a separate one on the internet with open ports, so they're able to fail small and manage their blast radius. It's good practice to split up your worker groups not only by load, but also by connection type and according to your security needs. When I asked Ryan if he was concerned about the management overhead of having a bunch of worker groups, he compared the experience to his days as a Splunk admin. Setting up different indexer clusters was a nightmare because maintenance efforts only scaled linearly. With worker groups, there's one interface to manage everything. Ryan can copy settings by cloning a worker group, or add and remove pipelines from different worker groups — all from one interface. He sums it up quite nicely: “The biggest win for us with Cribl Stream is that we can upgrade everything from one single pane of glass. I don't have to go out and plan a 12-hour overnight weekend upgrade of my indexers. I just click upgrade in that worker group, and it happens.” - Ryan Saunders, Manager of Security Operations at SpyCloud Taking Advantage of Cribl Edge Ryan and the team at SpyCloud also have Cribl Edge deployed as a log collection agent on all their servers. They have a dozen Edge fleets collecting data that's sent back to Cribl Stream for processing. Managing fleets in Cribl Edge is just as easy as managing worker groups in Cribl Stream. They have the flexibility to control separate configurations for Windows, Linux, production tests, and other products within the same interface. SpyCloud also uses Cribl Edge to consolidate logging agents within the organization because it's easier for them to have one agent that multiple teams can control. His team sends the data they need for security to their own tools, and their DevOps teams can extract the operations data they need as well. Everyone can control and manage their data however they see fit, so it's a win for everybody. Best Practices for a Scalable Cribl Stream Deployment Ryan has many years of experience using Cribl's tools within different organizations and environments, so he has learned some very valuable lessons along the way. His first deployment involved trying to run Kubernetes in a large environment with one giant worker group — so he quickly learned about the importance of splitting them up. You want to be able to do this easily, especially in highly regulated environments. Multinational organizations may not be able to commingle data or send it across national borders. Companies processing healthcare data have strict requirements for handling PII. Even if you don't fall into either of these categories today, business growth or regulatory requirements might change that, so you'll need to be able to adjust quickly to split certain data out. Taking advantage of auto-scaling has also proven beneficial for Ryan, and everyone can take advantage of it — just don't forget to create limits. You want to avoid scaling up until an AWS region explodes, so you don't wake up one night and find 1000 Kubernetes nodes running because something went sideways. Explaining that bill won't be much fun the next day. Watch the full livestream to see more on how SpyCloud uses Cribl Stream and Cribl Edge to streamline the onboarding process and get more visibility and insights from their business data. You'll also learn how to use the Cribl Reference Architectures as a starting point for a scalable deployment so you can reduce administrative time and free up your team to focus on critical security and data analysis tasks. More Videos in our Cribl Reference Architecture Series Introduction to the Cribl Stream Reference Architecture How the All in One Worker Group Fits Into the Cribl Stream Reference Architecture Scaling Syslog Scaling Effectively for a High Volume of Agents  

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi's YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner's Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It's good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they'll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens you're infrastructure from the ground up with a zero trust posture. ThreatLocker's allow-listing give you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provices zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.   This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them! There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments. This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them! It's no secret that the attack surface is increasing and the best defense is one that's matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry's most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.  Segment Resources: https://www.safebreach.com/safebreach-labs/  This segment is sponsored by SafeBreach. Visit https://securityweekly.com/safebreachbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-330

Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.   This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them! There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments. This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them! It's no secret that the attack surface is increasing and the best defense is one that's matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry's most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.  Segment Resources: https://www.safebreach.com/safebreach-labs/  This segment is sponsored by SafeBreach. Visit https://securityweekly.com/safebreachbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-330

There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D Show Notes: https://securityweekly.com/esw-330 

There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D Show Notes: https://securityweekly.com/esw-330 

In this episode, we chat with James Shank, a technology professional with over 20 years of experience in network security, community building, and fighting online threats.James is a member of the NANOG Programming Committee, the founder of the Internet Fire Brigade Society, and a former employee of Team Cymru. James is currently happy to be the Director of Data Product Strategy at SpyCloud.We talk with James about his passion for serving people through technology, and how he got involved in various projects and communities that aim to make the internet safer and more secure. We also discuss his views on certifications, storytelling, and overcoming imposter syndrome in different stages of his career.Join us for this insightful and inspiring conversation with James Shank..-“The end goal really isn't the routing of packets. At the end of the day, we're not serving technology directly, we're serving people.-James' Links:LinkedInInternetfire.orgAcutisventures.com--Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)! We'd love it if you connected with us at the links below: The ISN LinkedIn group (community): https://www.linkedin.com/groups/14098596/ The ISN on Twitter: https://twitter.com/ImposterNetwork Zoë on Twitter: https://twitter.com/RoseSecOps Chris on Twitter: https://twitter.com/ChrisGrundemann Make it a great day.

With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat. In this episode of CyberWire-X, N2K's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud's Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact.

SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites see abuse by malicious actors. A look into identity security trends. People may be overconfident in their ability to detect deepfakes. Deepen Desai from Zscaler describes a campaign targeting Facebook users. CW Walker from Spycloud outlines identity exposure in the Fortune 1000. And a blurring of the lines between criminal, hacktivist, and strategic motivations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/104 Selected reading. SeroXen RAT for sale (AT&T Cybersecurity) Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users (The Hacker News) DogeRAT: The Android Malware Campaign Targeting Users Across Multiple Industries (CloudSek) Ghost Sites: Stealing Data From Deactivated Salesforce Communities (Varonis) 2023 Trends in Securing Digital Identities (Identity Defined Security Alliance) Jumio 2023 Online Identity Consumer Study (Jumio) Void Rabisu's Use of RomCom Backdoor Shows a Growing Shift in Threat Actors' Goals (Trend Micro) Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware (The Hacker News)

Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about “fast idiots” from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM scams and lost or stolen credit cards including his own sons ATM nightmare. Dave's scary story is on the latest hot topic in the cyber industry: AI, and how families are being scammed by believable voice AI to sound like loved ones. Listener Michael shares this week's catch of the day on an IRS scam he came across in his email. Links to stories: Chase Bank didn't believe customers with accounts drained by ATM 'tap' feature scam Lost or Stolen Credit, ATM, and Debit Cards Family targeted by AI scam using loved one's voice Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Fraudology is presented by Spec.Last week, Karisse talked about 2 major data breaches that she speculated could lead to an increase in specific fraud method attempts. The next day, she read a LinkedIn post challenging the opinion that data breaches lead to more online fraud. And this caused her to challenge her long-held belief in today's episode of Fraudology.Throughout this episode, you'll hear facts, data, and anecdotes from different perspectives to try to determine (once & for all?) if some or most online fraud is due to a data breach at some time. Or, is all of the information about every single consumer at the ready of cybercriminals when they want it?Also discussed: An update from last week's episode on the news of 100s of millions of Twitter account details exposed, as now they have been publicly circulated, with more risks than online fraud/identity theft alone.https://www.wired.com/story/twitter-leak-200-million-user-email-addresses/Report cited on data beach data from SpyCloud 2022:https://spycloud.com/resource/2022-annual-identity-exposure-report/ (FYI- email address, name & company name required to download)Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast semi weekly, on Tuesdays and Thursdays.