What’s Russia up to in cyberspace, nowadays? Belgium accuses China of cyberespionage. LockBit ransomware spreading through compromised servers. Malek Ben Salem from Accenture explains the Privacy Enhancing Technologies of Federated Learning with Differential Privacy guarantees. Rick Howard speaks with Rob Gurzeev from Cycognito on Data Exploitation. And Micodus GPS tracker vulnerabilities should motivate the user to turn the thing off. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Continued cyber activity in Eastern Europe observed by TAG (Google) Declaration by the High Representative on behalf of the European Union on malicious cyber activities conducted by hackers and hacker groups in the context of Russia’s aggression against Ukraine (European Council) China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors (Federal Public Service Foreign Affairs) Déclaration du porte-parole de l'Ambassade de Chine en Belgique au sujet de la déclaration du gouvernement belge sur les cyberattaques (Embassy of the People's Republic of China in the Kingdom of Belgium) LockBit: Ransomware Puts Servers in the Crosshairs (Broadcom Software Blogs | Threat Intelligence) Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720) (BitSight) CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker (CISA)
A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeting today addresses the cyber workforce. Ben Yelin looks at our right to record police. Our guest is Tim Knudsen, Director of Product Management for Zero Trust at Google Cloud, speaking with Rick Howard. And another trend we’d like to be included out of. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive (Unit 42) Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say (CyberScoop) Russian SVR hackers use Google Drive, Dropbox to evade detection (BleepingComputer) Ukraine’s spy problem runs deeper than Volodymyr Zelensky’s childhood friend (The Telegraph) Albanian government websites go dark after cyberattack (Register) On Google Play, Joker, Facestealer, & Coper Banking Malware (Zscaler) Justice Department seizes $500K from North Korean hackers who targeted US medical organizations (CNN) Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors (US Federal Bureau of Investigation) Announcement of White House National Cyber Workforce and Education Summit | The White House (The White House) Fortinet Announces Free Training Offering for Schools at White House Cyber Workforce and Education Summit (Fortinet) Not your average side hustle: the women making thousands from 'pay pigs' who enjoy being financially dominated (Business Insider)
Ukraine shakes up its security and prosecutorial services. Cyberattacks hit Albania. Advanced persistent threat actors prospect journalists. The GRU is said to be trolling researchers who look into Sandworm. Thomas Etheridge from CrowdStrike on identity management. Our guest is Robin Bell from Egress discussing their Human Activated Risk Report. And CISA opens a liaison office in London. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Ukraine's Zelenskyy fires top security chief and prosecutor (AP NEWS) Zelenskiy Ousts Ukraine’s Security Chief and Top Prosecutor (Bloomberg) Volodymyr Zelensky sacks top aides over 'Russian collaboration' (The Telegraph) A massive cyberattack hit Albania (Security Affairs) Information Systems Are Intact, Says Albanian Government after Cyber Attack (Exit - Explaining Albania) Albania closes down online gov't systems after cyber attack (ANI News). Albania Shuts Down Digital Services and Government Websites after Cyber Attack (Exit - Explaining Albania) Hackers pose as journalists to breach news media org’s networks (BleepingComputer) Cybersecurity Firm: What US Journalists Need To Know About The Foreign Hackers Targeting Them Forbes) Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (Dark Reading)
Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organization’s IT, security, and support infrastructure to ensure they meet customers’ security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field,and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but you never can quite get your hands on it." He shares how he loves the evolving field and that he thrives in a situation where things are constantly changing. We thank Mike for sharing his story.
On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday – Stuxnet, the Ukraine Power Grid Attack – were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus – and then took things to the next level with Double Extortion Ransomware. When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak data if they don’t receive payment. We’ve seen with ransomware groups like Maze that they will follow through with publishing private information if not paid. In the first part of the show, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, talks with Wayne Moore, Simply Business' CISO and CyberWire Hash Table me...
Chad Seaman, Team Lead at Akamai SIRT joins Dave to discuss their research about a record-breaking DDoS Attack. The research says "A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks." Starting in mid-February 2022, security researchers, network operators, and security vendors noticed a spike in DDoS attacks.Researchers started to investigate the spike and determined that the devices that were being abused to launch these attacks are MiCollab and MiVoice Business Express collaboration systems. The research goes into how you can help mitigate the attacks and how Mitel has now released patched software. The research can be found here: CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
Gangland goes to war. Is there a "cyber world war" in progress? Ukraine thinks so.A new North Korean ransomware operation is described, but it’s not yet clear if it’s a state operation or some moonlighting by Pyongyang’s operators. Media organizations remain attractivetargets for state actors. NSA releases guidance on characterizing threats and risks to microelectronics. Betsy Carmelite from Booz Allen talks about why now is the time to plan for post-quantum cryptography. Our guest is Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly discussing her time at CISA and the work of her team. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/135 Selected reading. Inside The Russian Cybergang Thought To Be Attacking Ukraine—The Trickbot Leaks (Forbes) Who is Trickbot? (Cyjax) Who is Trickbot? (Cyjax) NATO and the European Union work together to counter cyber threats (NATO) ...
In this extended interview, CyberWire Daily Podcast host Dave Bittner sits down with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly to discuss her time at CISA and the work of her team. This interview from July 15, 2022 originally aired as a shortened version on the CyberWire Daily Podcast.
An overview of the cyber phase of Russia's hybrid war. Smartphones as sources of targeting information. Lilith enters the ransomware game. ChromeLoader makes a fresh appearance. Honda acknowledges that Rolling-PWN is real (but says it's not as serious as some think). Part two of Carole Theriault’s conversation with Jen Caltrider from Mozilla's Privacy Not Included initiative. Our guest is Josh Yavor of Tessian to discuss Accidental Data Loss Over Email. Aguilty verdict in the Vault 7 case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/134 Selected reading. Ukraine's Cyber Agency Reports Q2 Cyber-Attack Surge (Infosecurity Magazine) 2022 Q2 (SSSCIP) The weaponizing of smartphone location data on the battlefield (Help Net Security) New Lilith ransomware emerges with extortion site, lists first victim (BleepingComputer) A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. New Ransomware Groups on the Rise (Cyble) Cyble analyzes new ransomware families spotted in the wild led by notable examples such as LILITH, RedAlert, and 0Mega. New Lilith ransomware emerges with extortion site, lists first victim (BleepingComputer) New Ransomware Groups on the Rise (Cyble) Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware (The Hacker News) ChromeLoader: New Stubborn Malware Campaign (Unit 42) Honda Admits Hackers Could Unlock Car Doors, Start Engines (SecurityWeek) Honda redesigning latest vehicles to address key fob vulnerabilities (The Record by Recorded Future) Statement Of U.S. Attorney Damian Williams On The Espionage Conviction Of Ex-CIA Programmer Joshua Adam Schulte (US Department of Justice) Ex-C.I.A. Engineer Convicted in Biggest Theft Ever of Agency Secrets (New York Times) Former CIA Staffer Convicted For Massive Data Breach To WikiLeaks (Forbes)
Adversary-in-the-middle sites support business email compromise. Silent validation carding bot discovered. Attempted social engineering at the European Central Bank. Germany puts its shields up. Carole Theriault speaks with Jen Caltrider about Mozilla's *Privacy Not Included initiative. Our guest is Lucia Milica on Proofpoint’sVoice of the CISO report. And Hacktivism in a hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/133 Selected reading. From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (Microsoft Security Blog) PerimeterX Discovers New Silent Validation Carding Bot (PerimeterX) Hackers posing as Merkel target ECB's Lagarde - German source (Reuters) European Central Bank head targeted in hacking attempt (AP NEWS) Cyberangriff auf Spitzenpolitiker: Hacker nutzten Merkels Handynummer, um das Whatsapp-Konto von Lagarde zu knacken (Business Insider) Germany bolsters defenses against Russian cyber threats (Deutsche Welle) Ukraine's cyber army hits Russian cinemas (CyberNews) DDoS attacks surge in popularity in Ukraine — but are they more than a cheap thrill? (The Record by Recorded Future) Microsoft Releases July 2022 Security Updates (CISA) CISA orders agencies to patch new Windows zero-day used in attacks (BleepingComputer) SAP Releases July 2022 Security Updates (CISA) Schneider Electric Easergy P5 and P3 (CISA) Dahua ASI7213X-T1 (CISA)