CyberWire Daily

3271 Episodes

1. An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

   Published: 4/5/2021
2. Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

   Published: 4/4/2021
3. Ezuri: Regenerating a different kind of target. [Research Saturday]

   Published: 4/3/2021
4. Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

   Published: 4/2/2021
5. Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

   Published: 4/1/2021
6. Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

   Published: 3/31/2021
7. US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

   Published: 3/30/2021
8. Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

   Published: 3/29/2021
9. Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

   Published: 3/28/2021
10. How are we doing in the industrial sector? [Research Saturday]

    Published: 3/27/2021
11. Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

    Published: 3/26/2021
12. Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

    Published: 3/25/2021
13. Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

    Published: 3/24/2021
14. Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

    Published: 3/24/2021
15. Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

    Published: 3/23/2021
16. Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

    Published: 3/22/2021
17. Kevin Magee: Focus on the archer. (CSO) [Career Notes]

    Published: 3/21/2021
18. BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

    Published: 3/20/2021
19. Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

    Published: 3/19/2021
20. Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

    Published: 3/18/2021