CyberWire Daily

3094 Episodes

1. Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.

   Published: 4/20/2023
2. CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.

   Published: 4/20/2023
3. Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”

   Published: 4/19/2023
4. A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]

   Published: 4/19/2023
5. Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.

   Published: 4/18/2023
6. Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?

   Published: 4/17/2023
7. Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]

   Published: 4/16/2023
8. New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]

   Published: 4/15/2023
9. "Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.

   Published: 4/14/2023
10. Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.

    Published: 4/13/2023
11. Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.

    Published: 4/12/2023
12. IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.

    Published: 4/11/2023
13. A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.

    Published: 4/10/2023
14. Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]

    Published: 4/9/2023
15. A dark side to LLMs. [Research Saturday]

    Published: 4/8/2023
16. Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.

    Published: 4/7/2023
17. New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.

    Published: 4/6/2023
18. Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.

    Published: 4/5/2023
19. Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.

    Published: 4/4/2023
20. "Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.

    Published: 4/3/2023