Podcasts about volt typhoon

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states. This episode is also available on Youtube. Show notes The Record, Volt Typhoon was not successful Sand in the gears: Sabotage in world politics by Joshua Rovner, Rory Cormac and Lennart Maschmeyer

In this episode of the mnemonic security podcast, we take a closer look at a tension that remains invisible to most of us, yet is very real: the quiet conflict unfolding within our critical infrastructure.This topic gave us the perfect excuse to once again invite one of our favorite guests, for the fourth time, Joe Slowik. Joe brings over 15 years of experience in cyber threat intelligence (CTI), detection engineering, and incident response, with expertise in industrial control systems (ICS), operational technology (OT), and critical infrastructure environments. He currently serves as Director of Cybersecurity Alerting Strategy at Dataminr.In his conversation with Robby, Joe explores the threats posed by Volt Typhoon, a state-sponsored Chinese cyber operation known for targeting critical infrastructure, primarily in the United States. They discuss the origins and activities of the group, recent operations, and Joe also shares his research into what this group has the potential to achieve based on their current operations and proven capabilities.The discussion also covers Joe's broader research into China's cyber eco-system and how it has evolved, including the country's extensive network of research institutions, companies, and lesser known contractors. Joe also shares his observations about current trends in the OT industry, insights into his upcoming areas of research within OT, and his perspective on where the field is heading.Send us a text

In 2024, there were 440,000 detected cyber threats to critical infrastructure, and the U.S. Critical Infrastructure experienced a surge in attacks, including the Volt Typhoon and Chinese Telecom Network Infiltration. For 2025, projections indicate 30% of critical infrastructure organizations will experience a security breach, and major attacks on the sector are expected to continue, according to Gartner.As we welcome 2026, what would a maturing artificial intelligence present to critical infrastructure, and how should CISOs strengthen their cybersecurity strategies to reflect the evolving technology, regulatory, geopolitical and business landscape in the coming years.Joining us on PodChats for FutureCISO is Lim Hsin Yin, vice president of sales for ASEAN at Cohesity for her views on the topic of Resilience in Action: Critical Infrastructure Defence.1.       What is Cohesity?2.       How robust are enterprises' data resilience strategies in Asia—including immutable backups, air-gapped copies, and recovery drills—in ensuring operational continuity after ransomware or destructive cyber-attacks? What KPIs are being used to measure its effectiveness?3.       To what extent have enterprises in ASEAN integrated IT and OT security teams, tools, and processes to achieve unified threat visibility and coordinated response across our entire critical infrastructure estates, especially considering legacy systems prevalent in the region?4.       How are CISOs continuously re-evaluating and managing third-party and supply chain risks—especially for vendors linked to OT environments—to prevent breaches similar to regional supply chain attacks like MOVEit or airport data centre infiltrations?5.       What zero-trust and segmentation measures have CISOs prioritised to protect industrial control systems (ICS) and OT environments against increasingly sophisticated hacktivist and state-backed threat actors targeting ASEAN and Hong Kong critical infrastructure?6.       How are enterprises leveraging real-time, cross-border threat intelligence sharing within ASEAN to detect and disrupt pre-positioning and advanced persistent threats (APTs), as exemplified by campaigns like Volt Typhoon?Coming into 2026, what are you expecting as far as critical infrastructure defense, and what should operators of critical infrastructure be taking in terms of their defense structure? 

This week we talk about cyberespionage, China, and asymmetrical leverage.We also discuss political firings, hardware infiltration, and Five Eyes.Recommended Book: The Fourth Turning Is Here by Neil HoweTranscriptIn the year 2000, then-General Secretary of the Chinese Communist Party, Jiang Zemin (jong ZEM-in), approved a plan to develop so-called “cyber coercive capabilities”—the infrastructure for offensive hacking—partly as a consequence of aggressive actions by the US, which among other things had recently bombed the Chinese embassy in Belgrade as part of the NATO campaign in Yugoslavia.The US was a nuclear power with immense military capabilities that far outshone those of China, and the idea was that the Chinese government needed some kind of asymmetrical means of achieving leverage against the US and its allies to counter that. Personal tech and the internet were still relatively young in 2000—the first iPhone wouldn't be released for another seven years, for context—but there was enough going on in the cyber-intelligence world that it seemed like a good point of leverage to aim for.The early 2000s Chairman of the CCP, Hu Jintao, backed this ambition, citing the burgeoning threat of instability-inducing online variables, like those that sparked the color revolutions across Europe and Asia, and attack strategies similar to Israel's Stuxnet cyberattack on Iran as justification, though China's growing economic dependence on its technological know-how was also part of the equation; it could evolve its capacity in this space relatively quickly, and it had valuable stuff that was targetable by foreign cyberattacks, so it was probably a good idea to increase their defenses, while also increasing their ability to hit foreign targets in this way—that was the logic here.The next CCP Chairman, Xi Jinping, doubled-down on this effort, saying that in the cyber world, everyone else was using air strikes and China was still using swords and spears, so they needed to up their game substantially and rapidly.That ambition seems to have been realized: though China is still reportedly regularly infiltrated by foreign entities like the US's CIA, China's cybersecurity firms and state-affiliated hacker groups have become serious players on the international stage, pulling off incredibly complex hacks of foreign governments and infrastructure, including a campaign called Volt Typhoon, which seems to have started sometime in or before 2021, but which wasn't discovered by US entities until 2024. This campaign saw Chinese hackers infiltrating all sorts of US agencies and infrastructure, initially using malware, and then entwining themselves with the operating systems used by their targets, quietly syphoning off data, credentials, and other useful bits of information, slowly but surely becoming even more interwoven with the fabric of these systems, and doing so stealthily in order to remain undetected for years.This effort allowed hackers to glean information about the US's defenses in the continental US and in Guam, while also helping them breach public infrastructure, like Singapore's telecommunications company, Singtel. It's been suggested that, as with many Chinese cyberattacks, this incursion was a long-game play, meant to give the Chinese government the option of both using private data about private US citizens, soldiers, and people in government for manipulation or blackmail purposes, or to shut down important infrastructure, like communications channels or electrical grids, in the event of a future military conflict.What I'd like to talk about today is another, even bigger and reportedly more successful long-term hack by the Chinese government, and one that might be even more disruptive, should there ever be a military conflict between China and one of the impacted governments, or their allies.—Salt Typhoon is the name that's been given to a so-called '“advanced persistent threat actor,” which is a formal way of saying hacker or hacker group, by Microsoft, which plays a big role in the cybersecurity world, especially at this scale, a scale involving not just independent hackers, but government-level cyberespionage groups.This group is generally understood to be run out of the Chinese Ministry of State Security, or MSS, and though it's not usually possible to say something like that for certain, hence the “generally understood” component of that statement, often everyone kind of knows who's doing what, but it's imprudent to say so with 100% certainty, as cyberespionage, like many other sorts of spy stuff, is meant to be a gray area where governments can knock each other around without leading to a shooting war. If anyone were to say with absolute certainty, yes, China is hacking us, and it's definitely the government, and they're doing a really good job of it, stealing all our stuff and putting us at risk, that would either require the targeted government to launch some sort of counterstrike against China, or would leave that targeted government looking weak, and thus prone to more such incursions and attacks, alongside any loss of face they might suffer.So there's a lot of hand-waving and alluding in this sphere of diplomacy and security, but it's basically understood that Salt Typhoon is run by China, and it's thought that they've been operating since at least 2020.Their prime function seems to be stealing as much classified data as they can from governments around the world, and scooping up all sorts of intellectual property from corporations, too.China's notorious for collecting this kind of IP and then giving it to Chinese companies, which have become really good at using such IP, copying it, making it cheaper, and sometimes improving upon it in other ways, as well. This government-corporation collaboration model is fundamental to the operation of China's economy, and the dynamic between its government, it's military, its intelligence services, and its companies, all of which work together in various ways.It's estimated that Salt Typhoon has infiltrated more than 200 targets in more than 80 countries, and alongside corporate entities like AT&T and Verizon, they also managed to scoop up private text messages from Kamala Harris' and Donald Trump's presidential campaigns in 2024, using hacks against phone services to do so.Three main Chinese tech companies allegedly helped Salt Typhoon infiltrate foreign telecommunications companies and internet service providers, alongside hotel, transportation, and other sorts of entities, which allowed them to not just grab text messages, but also track people, keeping tabs on their movements, which again, might be helpful in future blackmail or even assassination operations.Those three companies seem to be real-deal, actual companies, not just fronts for Chinese intelligence, but the government was able to use them, and the services and products they provide, to sneak malicious code into all kinds of vital infrastructure and all sorts of foreign corporations and agencies—which seems to support concerns from several years ago about dealing with Chinese tech companies like Huawei; some governments decided not to work with them, especially in building-out their 5G communications infrastructure, due to the possibility that the Chinese government might use these ostensibly private companies as a means of getting espionage software or devices into these communications channels or energy grids. The low prices Huawei offered just wasn't worth the risk.The US government announced back in 2024 that Salt Typhoon had infiltrated a bunch of US telecommunications companies and broadband networks, and that routers manufactured by Cisco were also compromised by this group. The group was also able to get into ISP services that US law enforcement and intelligence services use to conduct court-authorized wiretaps; so they weren't just spying on individuals, they were also spying on other government's spies and those they were spying on.Despite all these pretty alarming findings, in the midst of the investigation into these hacks, the second US Trump administration fired the government's Cyber Safety Review Board, which was thus unable to complete its investigation into Salt Typhoon's intrusion.The FBI has since issued a large bounty for information about those involved in Salt Typhoon, but that only addresses the issue indirectly, and there's still a lot we don't know about this group, the extent of their hacking, and where else they might still be embedded, in part because the administration fired those looking into it, reportedly because the administration didn't like this group also looking into Moscow's alleged interference in the 2016 presidential election, and Salt Typhoon's potential interference with the 2024 presidential election, both of which Trump won.The US government has denied these firings are in any way political, saying they intend to focus on cyber offense rather than defense, and pointing out that the current approach to investigating these sorts of things was imperfect; which is something that most outside organizations would agree on.That said, there are concerns that these firings, and other actions against the US's cyberthreat defensive capabilities, are revenge moves against people and groups that have said the 2020 presidential election, which Trump lost to Joe Biden, was the most secure and best-run election in US history; which flies in the face of Trump's preferred narrative that he won in 2020—something he's fond of repeating, though without evidence, and with a vast body of evidence against his claim.The US has also begun pulling away from long-time allies that it has previously collaborated with in the cyberespionage and cyberdefense sphere, including its Five Eyes partners, the UK, Canada, Australia, and New Zealand.Since Tulsi Gabbard was installed as the Director of National Intelligence by Trump's new administration, US intelligence services have been instructed to withhold information about negotiations with Russia and Ukraine from these allies; something that's worrying intelligence experts, partly because this move seems to mostly favor Russia, and partly because it represents one more wall, of many, that the administration seems to be erecting between the US and these allies. Gabbard herself is also said to be incredibly pro-Russian, so while that may not be influencing this decision, it's easy to understand why many allies and analysts are concerned that her loyalties might be divided in this matter.So what we have is a situation in which political considerations and concerns, alongside divided priorities and loyalties within several governments, but the US in particular right now, might be changing the layout of, and perhaps even weakening, cybersecurity and cyberespionage services at the very moment these services might be most necessary, because a foreign government has managed to install itself in all kinds of agencies, infrastructure, and corporations.That presence could allow China to milk these entities for information and stolen intellectual property, but it could also put the Chinese government in a very favorable position, should some kind of conflict break out, including but not limited to an invasion of Taiwan; if the US's electrical grids or telecommunications services go down, or the country's military is unable to coordinate with itself, or with its allies in the Pacific, at the moment China invades, there's a non-zero chance that would impact the success of that invasion in China's favor.Again, this is a pretty shadowy playing field even at the best of times, but right now there seems to be a lot happening in the cyberespionage space, and many of the foundations that were in place until just recently, are also being shaken, shattered, or replaced, which makes this an even more tumultuous, uncertain moment, with heightened risks for everybody, though maybe the opposite for those attacking these now more-vulnerable bits of infrastructure and vital entities.Show Noteshttps://www.nbcnews.com/tech/security/china-used-three-private-companies-hack-global-telecoms-us-says-rcna227543https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDFhttps://www.nytimes.com/2025/04/05/us/politics/trump-loomer-haugh-cyberattacks-elections.htmlhttps://www.france24.com/en/americas/20250826-has-the-us-shut-its-five-eyes-allies-out-of-intelligence-on-ukraine-russia-peace-talkshttps://www.axios.com/2025/09/04/china-salt-typhoon-fbi-advisory-us-datahttps://www.wsj.com/politics/national-security/chinese-spies-hit-more-than-80-countries-in-salt-typhoon-breach-fbi-reveals-59b2108fhttp://axios.com/2025/08/02/china-usa-cyberattacks-microsoft-sharepointhttps://www.axios.com/2024/12/03/salt-typhoon-china-phone-hackshttps://www.nytimes.com/2025/09/04/world/asia/china-hack-salt-typhoon.htmlhttps://www.euronews.com/2025/09/04/trump-and-jd-vance-among-targets-of-major-chinese-cyberattack-investigators-sayhttps://www.congress.gov/crs-product/IF12798https://www.fcc.gov/document/implications-salt-typhoon-attack-and-fcc-responsehttps://en.wikipedia.org/wiki/Salt_Typhoonhttps://en.wikipedia.org/wiki/2024_global_telecommunications_hackhttps://en.wikipedia.org/wiki/Chinese_interference_in_the_2024_United_States_electionshttps://www.theregister.com/2025/08/28/how_does_china_keep_stealing/https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4287371/nsa-and-others-provide-guidance-to-counter-china-state-sponsored-actors-targeti/https://chooser.crossref.org/?doi=10.2307%2Fjj.16040335https://en.wikipedia.org/wiki/Cyberwarfare_and_Chinahttps://en.wikipedia.org/wiki/Volt_Typhoon This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

Enjoying the content? Let us know your feedback!Today's episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We'll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you'll understand why this group is considered one of the top cyber threats facing critical infrastructure today—globally and in the West.- https://www.cyber.nj.gov: VOLT TYPHOON APT A Strategic Threat Assessment- https://www.cisa.gov: PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical InfrastructureBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

For the ad-free version of this episode, subscribe to Politicology+ at https://politicology.com/plus In this episode, Ron Steslow and Isaac Stone Fish (founder and CEO of Strategy Risks) discuss China's influence and the risks associated with corporate exposure to the Chinese Communist Party They explore the shifting public perception of China, the implications of leadership conflicts in major companies like Intel, and the strategic decisions surrounding chip sales by Nvidia and AMD.  Then, they delve into the significant cybersecurity threats posed by China which have targeted U.S. infrastructure.  They discuss the vulnerabilities of the U.S. in the face of potential military conflicts and the broader implications of modern warfare, including economic and information warfare.  Later, Isaac dives into how Hollywood's portrayal of China and Chinese people impacts  public perception. They discuss: (3:00) Corporate exposure to China (5:50) Business and the CCP  (8:55)Shifting public views on China  (11:59) Intel Chief's conflicts in China (15:02) Nvidia and AMD (18:02) Supply chain risks  (20:58) China's global strategy and U.S. response (31:07) Volt Typhoon and Salt Typhoon (34:07) The vulnerability of U.S. infrastructure (38:01) Rethinking modern warfare (40:35) Hollywood's role in perception of China  (46:28) Decoupling from China  (54:14) The TikTok dilemma  Not yet a Politicology+ member? Don't miss all the extra episodes on the private, ad-free version of this podcast. Upgrade now at politicology.com/plus. Contribute to Politicology at politicology.com/donate Find our sponsor links and promo codes here: https://bit.ly/44uAGZ8 Send your questions and ideas to podcast@politicology.com or leave a voicemail at ‪(703) 239-3068‬ Follow Ron and Isaac on Twitter: https://twitter.com/RonSteslow https://x.com/isaacstonefish Learn more about your ad choices. Visit megaphone.fm/adchoices

The Chinese hackers behind the massive telecommunications sector breach are “largely contained” and “dormant” in the networks, “locked into the location they're in” and “not actively infiltrating information,” the top FBI cyber official told CyberScoop. But Brett Leatherman, new leader of the FBI Cyber division, said in a recent interview that doesn't mean the hackers, known as Salt Typhoon, no longer pose a threat. While there's been some debate about whether Salt Typhoon should be getting more attention than fellow Chinese hackers Volt Typhoon — whom federal officials have said are prepositioned in U.S. critical infrastructure, poised for destructive action in the event of a conflict with the United States — Leatherman said the groups aren't as different as some think. The number of telecommunications companies victimized in the United States stands at nine, according to Leatherman. The Pentagon's artificial intelligence acceleration hub recently moved to terminate its chief technology officer role and directorate after reviews associated with the Trump administration's spending and staff reductions campaign revealed inefficiencies, budget materials for fiscal 2026 reveal. Details on the decision are sparse in the documents, but officials wrote that the Chief Digital and AI Office's CTO “no longer exists or manages resources.” President Donald Trump directed federal agencies at the start of his second term to drastically reduce their workforces and assess existing contracts, with aims to ultimately cut back on what his team views as wasteful spending and inefficiencies. The efforts have included initiatives overseen by Department of Government Efficiency, or DOGE, teams. While AI is a major priority for the U.S. government under Trump, since then, the Pentagon's CDAO has seen an exodus of senior leaders and other technical employees. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Please enjoy this encore of Research Saturday. This week we are joined by ⁠⁠Silas Cutler⁠⁠, Principal Security Researcher at ⁠⁠Censys⁠⁠, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: ⁠⁠Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Research Saturday. This week we are joined by ⁠Silas Cutler⁠, Principal Security Researcher at ⁠Censys⁠, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: ⁠Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

ถ้าผมบอกว่า สงครามครั้งต่อไป อาจจะไม่ได้สู้กันด้วยรถถัง ขีปนาวุธ หรือเครื่องบินรบ แต่เป็นการต่อสู้กันผ่านหน้าจอคอมพิวเตอร์ ด้วยการคลิกเมาส์เพียงไม่กี่ครั้ง คุณจะเชื่อไหมครับ สงครามที่ว่านี้ไม่ได้เกิดขึ้นในสนามรบที่ห่างไกล แต่มันอาจจะกำลังเกิดขึ้นอยู่บนเครือข่ายอินเทอร์เน็ตที่เราใช้กันอยู่ทุกวัน และเป้าหมายของมันก็คือสิ่งที่เราพึ่งพิงในการใช้ชีวิต ตั้งแต่ไฟฟ้า ประปา การสื่อสาร ไปจนถึงระบบธนาคาร เรื่องนี้ไม่ใช่พล็อตหนังไซไฟครับ แต่มันคือความเป็นจริงของโลกในศตวรรษที่ 21 ที่เรียกว่า “สงครามไซเบอร์” และถ้าพูดถึงผู้เล่นคนสำคัญในสนามรบแห่งใหม่นี้ มีชื่อหนึ่งที่โดดเด่นขึ้นมาจนมหาอำนาจทั่วโลกต้องหันมาจับตามองอย่างไม่กะพริบตา นั่นก็คือ “จีน” วันนี้เราจะมาเล่าเรื่องราวการผงาดขึ้นมาเป็นมหาอำนาจทางไซเบอร์ของจีน พวกเขาสร้างกองทัพแฮกเกอร์ที่ใหญ่ที่สุดในโลกขึ้นมาได้อย่างไร และทำไมปฏิบัติการของพวกเขาถึงน่ากลัวกว่าที่เราคิด… เลือกฟังกันได้เลยนะครับ อย่าลืมกด Follow ติดตาม PodCast ช่อง Geek Forever's Podcast ของผมกันด้วยนะครับ #สงครามไซเบอร์ #ความมั่นคงปลอดภัยไซเบอร์ #แฮกเกอร์ #จีน #สหรัฐ #ข่าวต่างประเทศ #เทคโนโลยี #สารคดี #เล่าเรื่อง #ความรู้รอบตัว #ภูมิรัฐศาสตร์ #ไซเบอร์ #จารกรรมข้อมูล #VoltTyphoon #ISoon #CyberWarfare #Hacker #China #USA #geekstory #geekforeverpodcast

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 64: Volt TyphoonPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhile cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there's increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch,  managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In recent years, the United States has sustained some of the most severe cyber threats in recent history– from the Russian-government directed hack SolarWinds to China's prepositioning in U.S. critical infrastructure for future sabotage attacks through groups like Volt Typhoon. The Cybersecurity Infrastructure Security Agency (CISA) is responsible for responding to, and protecting against these attacks.  How do leaders steer through cyber crises, build trust, and chart a path forward? In conversation with Dr. Brianna Rosen, Just Security Senior Fellow and Director of the AI and Emerging Technologies Initiative, Jen Easterly, who just completed a transformative tenure as Director of CISA under the Biden Administration, unpacks the challenges, breakthroughs, and lessons from the front lines of America's cybersecurity efforts.  Jen Easterly   Just Security's Cybersecurity coverage Empathy Matters: Leadership in Cyber by Jen Easterly ( 2019) 

While cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there's increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch,  managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.

Join Jim and Greg for 3 Martini Lunch as they discuss the Trump vs. Musk social media melee on Thursday and what it means for the fate of the Big Beautiful Bill, some House Democrats actually appearing to do something productive, and the probe into the Biden administration's use of the autopen.First, they take you step-by step through the quick disintegration of the Donald Trump-Elon Musk friendship: from Musk calling the siganture GOP legislation a "disgusting abomination" to Trump calling Elon crazy and threatening to void his government contracts to Elon saying Trump is in the Epstein report and agreeing that Trump should be impeached. Jim says they both have valid points concerning the legislation but suspects the overall impact of this fight will be bad for conservatives.Next, they're stunned to find a few House Democrats actually focusing on something that deserves attention. New York Rep. Ritchie Torres and several of his colleagues are asking Homeland Security and the Director of National Intelligence for an update on their investigations into China's sinister cyber terrorism in the Volt Typhoon and Typhoon Salt attacks. There's no evidence the Trump administration isn't investigating these attacks, but it's always good to keep keep a very close eye on China.Finally, they examine the investigation into the Biden administration using the autopen to sign pardons, executive orders, and more. While it's likely Biden misunderstood or forgot much of what he signed, and possible things were signed in his name, they suspect it's going to be hard to prove that things were enacted without his consent - unless the Biden staffers start revealing more as their infighting gets more intense.Please visit our great sponsors:Upgrade your skincare routine with Caldera Lab and see the difference.  Visit https://CalderaLab.com/3ML and use code 3ML at checkout for 20% off your first order. If your revenues are at least in the seven figures, download the free e-book from NetSuite, “Navigating Global Trade: 3 Insights for Leaders” at https://Netsuite.com/Martini

Podcast: Cyber Focus (LS 24 · TOP 10% what is this?)Episode: The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard CapdeviellePub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special RSA Conference edition of Cyber Focus, host Frank Cilluffo sits down with Edgard Capdevielle, President and CEO of Nozomi Networks, to unpack the evolving landscape of operational technology (OT) cybersecurity. Together, they explore how digital transformation and the convergence of IT and OT are reshaping the threat environment for critical infrastructure. Capdevielle outlines the three major phases of the OT security market, reflects on the role of AI and legacy systems, and explains why visibility remains foundational to cybersecurity. The conversation also highlights the growing risk from nation-state actors, the breakdown of air gap assumptions, and the tangible steps owner-operators must take to build resilience. Main Topics Covered: Defining the three phases of OT cybersecurity market maturity The impact of digital transformation and IT/OT convergence Why visibility remains the top concern for infrastructure operators The role of AI in passive detection and firmware profiling Nation-state threats, air gap fallacies, and Volt Typhoon's implications Practical steps for operators to improve risk visibility and resilience Key Quotes: “Digital transformation is a one-way street. We're only going to automate more — automate everything — and IT and OT are only going to converge more.” — Edgard Capdevielle “You cannot protect what you can't see. So having a layer of visibility is number one.” — Edgard Capdevielle “Air gapping has been our number one enemy because it's not real… It's brought a level of comfort that is not good for us.” — Edgard Capdevielle Relevant Links and Resources: Nozomi Networks Guest Bio: Edgard Capdevielle is President and CEO of Nozomi Networks, a global leader in OT and IoT cybersecurity. He has a background in computer science and more than two decades of experience in cybersecurity and enterprise technology. Prior to joining Nozomi in 2016, he held leadership roles at Imperva and EMC (including post-acquisition work with Data Domain) and has served as an investor and advisor to several successful startups in the security space.The podcast and artwork embedded on this page are from McCrary Institute, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Donate (no account necessary) | Subscribe (account required) Join Bryan Dean Wright, former CIA Operations Officer, as he breaks down today's biggest stories shaping America and the world. Trump's Mystery Announcement: Gaza Takeover or Drug Price War? – Trump hints at an “earth-shattering” reveal, with two possible bombshells emerging: a U.S.-led interim government in Gaza after Israel's offensive, or a sweeping executive order to slash prescription drug prices by tying them to international rates. Biden's Gaza Pier Scandal Much Worse Than Reported – A Pentagon IG report reveals 62 U.S. troops were injured and one killed in Biden's failed Gaza pier mission, far more than the three injuries publicly disclosed. The $230M humanitarian project was poorly planned and politically motivated, according to insiders. U.S. Spies Ordered to Target Greenland – Trump instructs the CIA and NSA to gather intel on Greenland's leadership and sway local officials to favor a Compact of Free Association with the U.S. The effort, driven by Arctic security concerns, aims to counter rising Chinese and Russian military activity in the region. DARPA Deploys AI to Defend U.S. Infrastructure – In a response to Chinese cyber threats like Volt Typhoon, the Pentagon launches a high-stakes AI competition this summer to secure American utilities and critical infrastructure. U.S. Hypersonic Weapons Testing Breakthrough – A successful test of the reusable Talon-A2 hypersonic aircraft marks a major step forward for U.S. missile defense and offense. The vehicle hit Mach 5 speeds, helping the U.S. catch up to China and Russia in this vital arms race. "And you shall know the truth, and the truth shall make you free." - John 8:32

In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about: The latest developments in the Signalgate scandal Why America needs to be more aggressive in responding to Volt Typhoon How tariffs are affecting American alliances Why the Five Eyes alliance is sacrosanct This episode is available on Youtube Show notes

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. Cast: Thomas Rid (https://sais.jhu.edu/users/trid2), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) and Ryan Naraine (https://twitter.com/ryanaraine). Costin Raiu (https://twitter.com/craiu) is away this week.

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

The U.S. military has a vested interest in the security of the nation's critical transportation infrastructure. During a conflict, America's adversaries are likely to attack U.S. critical infrastructure in an attempt to constrain Washington's policy options, including its capacity to mobilize the armed forces. Over the past year, the intelligence community has revealed how deeply Chinese hackers known as Volt Typhoon penetrated U.S. transportation, energy, and water systems. Meanwhile, other Chinese Communist Party (CCP) malicious cyber operations, including Flax Typhoon, hijacked cameras and routers. Salt Typhoon burrowed deep into U.S. telecommunications networks; Silk Typhoon compromised U.S. Treasury networks.These hacks have uncovered a dangerous truth: the cybersecurity of the critical air, rail, and maritime infrastructure that underpins U.S. military mobility is insufficient. In addition to enabling disruption, compromising critical infrastructure would allow U.S. adversaries to amass information about the movement of goods and military equipment – and impede America's ability to deploy, supply, and sustain large forces.To explore these themes and more, the Foundation for Defense of Democracies hosts Gen. (Ret.) Mike Minihan, former commander, Air Mobility Command; RADM (Ret.) Mark Montgomery, senior director, FDD's Center on Cyber and Technology Innovation; and Annie Fixler, director and research fellow, FDD's Center on Cyber and Technology Innovation. The conversation is moderated by Bradley Bowman, senior director, FDD's Center on Military and Political Power.For more, check out: https://www.fdd.org/events/2025/04/17/persistent-access-persistent-threat-ensuring-military-mobility-against-malicious-cyber-actors/

What personal information was compromised in the Hertz breach?The breach exposed customer names, birth dates, contact info, driver's licenses, payment cards, and some Social Security numbers. It stemmed from a cyberattack on Cleo, a third-party vendor previously targeted in a mass-hacking campaign.How is air travel changing, and what are the privacy implications?ICAO aims to replace boarding passes with digital travel credentials using facial recognition and mobile passport data. While data is reportedly deleted quickly, the expansion of biometric surveillance raises major privacy and security concerns.Why is the EU giving staff burner phones for U.S. trips?To mitigate potential U.S. surveillance risks, the EU is issuing burner phones to officials visiting for IMF/World Bank meetings—echoing similar precautions for China and Ukraine. It signals growing distrust in transatlantic cybersecurity.How are North Korean hackers using LinkedIn?Groups like Lazarus use fake recruiter profiles to trick targets into opening malware-laden job materials. These campaigns steal credentials and crypto, funding North Korea's sanctioned activities and highlighting the rise of social engineering threats.Why is Let's Encrypt shortening TLS certificate lifespans?Let's Encrypt now issues 6-day certificates, down from 90. Benefits include improved security and automation; drawbacks involve more frequent renewals, which could create dependency on issuing infrastructure.What is the "Smishing Triad" targeting now?This group has moved from fake delivery texts to targeting banks via iMessage and RCS phishing. They steal banking info to load stolen cards into mobile wallets, illustrating more advanced and lucrative phishing tactics.What's the significance of China acknowledging U.S. infrastructure hacks?China's tacit admission of involvement in Volt Typhoon cyberattacks marks a shift in tone. The U.S. sees these as strategic signals, intensifying concerns about critical infrastructure security amid geopolitical tension.What is Android's new auto-reboot security feature?Android phones will now reboot automatically after three days of inactivity. This clears memory, closes apps, and requires re-authentication—reducing the risk of unauthorized access.

Tom Uren and Patrick Gray discuss Trump's order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much. The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure. This episode is also available on Youtube. Show notes

In this week's episode of China Insider, Miles Yu investigates the recent fatal crash involving the Xiaomi SU7 EV that left three university students dead while the autonomous navigation system was activated. Next, we discuss China's Ministry of Foreign Affair's response to increased U.S. tariffs and what the invocation of Maoist rhetoric means as trade tensions escalate between the two countries. Lastly, Miles analyzes the Volt Typhoon cyberattack efforts against critical U.S. infrastructure, and what this series of widespread attacks means for a potential future conflict involving Taiwan.China Insider is a weekly podcast project from Hudson Institute's China Center, hosted by China Center Director and Senior Fellow, Dr. Miles Yu, who provides weekly news that mainstream American outlets often miss, as well as in-depth commentary and analysis on the China challenge and the free world's future.

While America's eyes are elsewhere, a bombshell Wall Street Journal report reveals China has openly admitted to cyberattacks on critical U.S. infrastructure — water systems, ports, airports, even nuclear plants. In a secret December meeting, Chinese officials confessed to launching the series of attacks known as Volt Typhoon as punishment for U.S. support of Taiwan. The Biden administration's stunned reaction, Trump's shaky response, and the media's silence raise urgent questions: Are we already under digital siege? And can we afford to keep letting our enemy build the tech our lives depend on?

CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, discussing "Vibe Security," similar to “Vibe Coding” where security teams overly rely on AI to do their job. Selected Reading Trump administration planning major workforce cuts at CISA (The Record) Cybersecurity industry falls silent as Trump turns ire on SentinelOne (Reuters) Russian hackers attack Western military mission using malicious drive (Bleeping Computer) China Admitted to US That It Conducted Volt Typhoon Attacks: Report (SecurityWeek) US to sign Pall Mall pact aimed at countering spyware abuses (The Record) US lab testing provider exposed health data of 1.6 million people (Bleeping Computer) Amazon EC2 instance metadata targeted in SSRF attacks (SC Media) Vulnerability in OttoKit WordPress Plugin Exploited in the Wild (SecurityWeek) Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed (Cyber Security News) Experts Debate: Do AI Chatbots Truly Understand? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Network Infraxploit Our undergraduate intern, Matthew Gorman, wrote up a walk through of CVE-2018-0171, an older Cisco vulnerability, that is still actively being exploited. For example, VOLT TYPHOON recently exploited this problem. https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844 Windows Update Issues / Windows 10 Update Microsoft updated its "Release Health" notes with details regarding issues users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update. https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521 https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5 Dell Updates Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem. https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248 Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL. https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:This is the FBI, open up. China's Volt Typhoon is on your network - The Register.Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.Landlord arrested after tenant discovers hidden camera in rented room - PBSO.Hidden Cameras: What Travelers Need to Know - The New York Times.Shakespeare insults t-shirt - Royal Shakespeare Company.OAS Exhibitions - Oxford Art Society.Carole's “Rusty Sage” - Bluesky.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world's most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the

March 19, 2025: Troy Ament, Industry Leader for Healthcare at Palo Alto Networks Joins Drex for the News. The conversation delves into the importance of establishing relationships with law enforcement before a crisis occurs and why including them in tabletop exercises is crucial. Troy examines why threat actors deliberately target healthcare systems during weekend hours when staffing is minimal. From DDoS attacks serving as distractions to threat actors contacting board members directly, this episode provides an insider's view of today's cybersecurity landscape.Key Points:03:03 The FBI and Cyber Threats07:36 Ransomware Attack Patterns12:31 Distributed Denial of Service (DDoS) Attacks15:52 Personal and Organizational CybersecurityNews Articles:This is the FBI, open up. China's Volt Typhoon is on your networkInvestigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcementX suffered a DDoS attack. Its CEO and security researchers can't agree on who did it.Subscribe: This Week HealthTwitter: This Week HealthLinkedIn: This Week HealthDonate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Click-Fix Phish, Volt Typhoon lurking in electric company more than 300 days, Do we want AI to make Medical decisions yet? AI Search getting it wrong 60% of the time, EZPAss Scam, Consequences of Technology, Alternative to M365, Communication issues with Adobe issue with my Scanner, Do Scammers look at search history?

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-459

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-459

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-459

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-459

The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraine's annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. Selected Reading US communications regulator to create council to counter China technology threats (Financial Times) ‘People Are Scared': Inside CISA as It Reels From Trump's Purge (WIRED) CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts (The Record) Arizona Secretary of State Proposes Alternative to Defunded National Election Security Program (Democracy Docket) China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (SecurityWeek) Chinese cyberspies backdoor Juniper routers for stealthy access (Bleeping Computer) At Ukraine's major cyber conference, Europe takes center stage over US (The Record) Facebook discloses FreeType 2 flaw exploited in attacks (Bleeping Computer) New North Korean Android spyware slips onto Google Play (Bleeping Computer) NHS Trust IT head: ‘Our attack surface was much bigger than we thought' (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Korea's massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This week's episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon. This episode is also available on Youtube. Show notes Sygnia Preliminary Bybit Investigation Report Verichains Bybit Incident Investigation Preliminary Report North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated) Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News Elon Musk's Starlink Is Keeping Modern Slavery Compounds Online | WIRED U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security Google Password Manager finally syncs to iOS—here's how - Ars Technica Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive London member of ‘Com' network convicted of making indecent images of children | The Record from Recorded Future News Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight

Rob Joyce, founder of Joyce Cyber LLC, joins Jeanne Meserve for a critical conversation on the latest Chinese cyber threats, including Volt Typhoon, Salt Typhoon, and the TP-Link router vulnerability. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scsp222.substack.com

Countering adversaries in the cyber domain requires the Navy to harness information at the speed of technological innovation. During AFCEA West in San Diego, California, Vice Adm. Craig Clapperton, commander of U.S. Fleet Cyber Command and Navy Space Command, discussed how he is approaching the evolving landscape of cyber threats and developing strategies to counter them in his dual-hat role. From recent cyber incidents like SolarWinds and Volt Typhoon, to the role of emerging technologies like AI, Clapperton dives into the complexities of modern cyber warfare and explains how he's eyeing collaboration with industry partners and allies, recruiting top cyber talent and staying ahead of adversaries in a rapidly changing digital environment.

Forecast: TikTok storm clears out as critical infrastructure takes a hit from FortiGate downpours. ‍ In this episode of Storm⚡️Watch, we explore the dramatic conclusion of TikTok's presence in the United States and its unexpected return. The saga, which began in 2019 with initial government scrutiny, culminated in a series of significant events in January 2025, including the Supreme Court's unanimous decision to uphold the federal ban law and TikTok's brief operational shutdown. We'll discuss the emergence of alternative platforms like Xiaohongshu (REDNote) in the U.S. market and examine recent security concerns, including Remy's investigation into potential backdoor vulnerabilities. The conversation then shifts to a major cybersecurity operation where the Justice Department and FBI successfully removed malware deployed by China-backed hackers using PlugX. We'll share insights from CISA Director Jen Easterly's recent comments on the Salt Typhoon campaign and their approach to tracking cyber threats. A significant portion of our discussion focuses on the FortiGate configuration leak incident. The Belsen Group's release of sensitive data from over 15,000 FortiGate devices has exposed critical infrastructure vulnerabilities across multiple countries. The leak, stemming from a 2022 authentication bypass vulnerability (CVE-2022-40684), primarily affected devices in Mexico and the UAE, with configuration files containing firewall rules, VPN credentials, and digital certificates being exposed. We wrap up with an analysis of recent Volt Typhoon activities and their implications for global cybersecurity, along with some suspicious thoughts from GreyNoise. This episode provides crucial insights into the evolving landscape of international cyber threats and the continuous challenges faced by security professionals worldwide. Storm Watch Homepage >> Learn more about GreyNoise >>  

Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

US intelligence officials say that a hacking campaign known as “Volt Typhoon” has the potential to disrupt critical infrastructure systems in Guam — a significant hub for the US military that holds particular importance in US-China relations. On today’s Big Take DC podcast, Bloomberg national security reporter Katrina Manson shares what she’s learned about the threat and how it could limit America’s ability to push back if China were to invade Taiwan. Read more: The US’s Worst Fears of Chinese Hacking Are on Display in GuamSee omnystudio.com/listener for privacy information.

Forecast: Cyber conditions are turbulent with two major Chinese state-sponsored storms impacting U.S. infrastructure, with aftershocks expected into mid-January. ‍ In today's episode of Storm Watch, we cover two major cybersecurity incidents that have significantly impacted U.S. infrastructure. The BeyondTrust breach, initially discovered in early December 2024, involved a compromised Remote Support SaaS API key that allowed attackers to reset passwords and access workstations remotely. The Treasury Department was notably affected, with attackers accessing unclassified documents in the Office of Financial Research and Office of Foreign Assets Control. The incident exposed critical vulnerabilities, including a severe command injection flaw with a CVSS score of 9.8, and over 13,500 BeyondTrust instances remain exposed online. The conversation then shifts to the extensive telecommunications breaches known as the Salt Typhoon campaign, where Chinese state actors successfully infiltrated nine major U.S. telecom companies. This sophisticated espionage operation gained the capability to geolocate millions of individuals and potentially record phone calls, though actual communication interception was limited to fewer than 100 high-profile targets. The breach revealed shocking security lapses, such as a single administrator account having access to over 100,000 routers and the use of primitive passwords like "1111" for management systems. Major carriers including AT&T, Verizon, and Lumen Technologies were among the affected companies, with varying degrees of impact and response effectiveness. T-Mobile stands out for their quick detection and mitigation of the attack. In response to these incidents, the FCC is preparing to vote on new cybersecurity regulations by mid-January 2025, while the White House has outlined key areas for improvement including configuration management, vulnerability management, network segmentation, and enhanced information sharing across the sector. The episode wraps up with insights from recent Censys Rapid Response posts and the latest GreyNoise blog entry about profiling benign internet scanners in 2024, along with VulnCheck's analysis of the most dangerous software weaknesses and a discussion of the Four-Faith Industrial Router vulnerability being exploited in the wild. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne's Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations. They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China's Ministry of State Security and People's Liberation Army. It's a very dense hour of conversation! This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney. This episode is also available on Youtube. Show notes

Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity's “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions. We also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek). Honorary buddy: Steven Adair (https://twitter.com/sadair) (Volexity)

Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. Plus, discussion on hina's cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

We start focusing on the resurgence of the state-sponsored cyber espionage group Volt Typhoon. This group has been targeting critical infrastructure, particularly outdated devices like Cisco and Netgear routers, and has successfully compromised a significant percentage of these devices in a short time frame. The episode highlights the vulnerabilities in the energy sector, where third-party breaches account for a substantial portion of incidents, emphasizing the need for improved vendor responsibility and proactive security measures.Host Dave Sobel also covers the progress of the Secure by Design initiative led by CISA, which has seen over 100 companies commit to adopting secure development practices. This movement is gaining traction as organizations recognize the importance of reducing vulnerabilities in software. Additionally, the Transportation Security Administration has proposed new cybersecurity regulations aimed at protecting high-risk pipelines and railroad operators, mandating the establishment of cyber risk management programs and timely reporting of incidents.The episode shifts focus to Microsoft, which is implementing a price hike on various services, including a 25% increase for Teams Phone and up to a 40% increase for Power BI. This move is part of Microsoft's strategy to align pricing across its services, reflecting the growing usage of premium features among enterprise customers. Sobel notes the significance of these changes in the context of the broader IT landscape, particularly as Windows 11 ISO media for ARM64 PCs becomes available, allowing for clean installations on compatible devices.Finally, Sobel discusses the evolving role of IT consultancies, which are increasingly focusing on artificial intelligence, data governance, and platform integration as they prepare for 2025. The episode highlights the importance of clean and accessible data in leveraging AI technologies and the need for organizations to modernize their legacy systems. Sobel concludes with reflections on the ethical implications of AI in creative industries, citing a controversial AI-generated interview by a Polish radio station and the positive use of AI in restoring the voice of country music legend Randy Travis. Four things to know today00:00 Volt Typhoon Resurfaces with Advanced Attacks on Critical Infrastructure, Exploiting Legacy Routers02:48 CISA and TSA Cybersecurity Efforts as Secure-by-Design and NIST Framework Gain Ground06:14 Microsoft's Price Hike Targets Monthly Subscriptions and Premium Services, Teams Phone to Rise 25%09:32 IT Consultancies Double Down on AI, Data, and Integration as Organizations Modernize for 2025  Supported by:  https://timezest.com/mspradio/https://www.coreview.com/msp  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Dakota Cary, Strategic Advisory Consultant at SentinelOne, joins Lawfare Senior Editor Eugenia Lostri, to discuss his article on U.S. attempts to deter Chinese hacking group Volt Typhoon. They talk about why Volt Typhoon won't stop its intrusions against critical infrastructure, whether other hacking groups can be deterred, and where we should focus our attention to counter malicious activity.Materials discussed during the episode:"Exploring Chinese Thinking on Deterrence in the Not-So-New Space and Cyber Domains," by Nathan Beauchamp-MustafagaFinal Report of the Defense Science Board (DSB) Task Force on Cyber Deterrence, February 2017The Atlantic Council report, "Adapting US strategy to account for China's transformation into a peer nuclear power," by David O. Shullman, John K. Culver, Kitsch Liao, and Samantha WongTo receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Donate (no account necessary) | Subscribe (account required) In the August 13th episode of The Wright Report, former CIA Officer Bryan Dean Wright delves into six explosive stories that reveal the secrets shaping the world today. Venezuela's Secret Deal: A clandestine negotiation between the U.S. and Venezuela's dictator Nicolás Maduro could change the future of millions of Venezuelans on the brink of fleeing their country. Cartel Intrigue in Mexico: The shocking capture of a Mexican cartel leader could expose deep corruption within Mexico's government, leaving the Biden administration with critical decisions to make. Top Secret Arrest: The arrest of a Turkish-born U.S. Air Force contractor caught with thousands of classified documents raises questions about espionage and national security. China's Cyber Threat: Despite U.S. efforts, China's notorious hacking group, Volt Typhoon, continues to pose a grave threat to America's critical infrastructure. Rising Cancer Rates: Alarming new data shows a surge in cancer diagnoses among young Americans, with obesity suspected as a major culprit. A Miracle in Israel: In the midst of war, a miraculous survival of cocoa saplings in Israel could hold the key to securing the global chocolate supply. Join Bryan Dean Wright as he uncovers the secrets that matter, offering sharp analysis and thought-provoking opinions on the global stage. "And you shall know the truth, and the truth shall make you free." - John 8:32