CyberWire Daily

2656 Episodo

1. Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]

   Publicado: 9/10/2022
2. Google Drive used for malware? [Research Saturday]

   Publicado: 8/10/2022
3. A US EO addresses EU data privacy concerns. China’s favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.

   Publicado: 7/10/2022
4. CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.

   Publicado: 7/10/2022
5. Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.

   Publicado: 6/10/2022
6. Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.

   Publicado: 5/10/2022
7. CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.

   Publicado: 4/10/2022
8. CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.

   Publicado: 4/10/2022
9. Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.

   Publicado: 3/10/2022
10. The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]

    Publicado: 2/10/2022
11. Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

    Publicado: 2/10/2022
12. Targeting your browser bookmarks? [Research Saturday]

    Publicado: 1/10/2022
13. Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.

    Publicado: 30/9/2022
14. Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

    Publicado: 29/9/2022
15. DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.

    Publicado: 28/9/2022
16. Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.

    Publicado: 27/9/2022
17. Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.

    Publicado: 26/9/2022
18. Adam Marrè: Learning to be a leader. [CISO] [Career Notes]

    Publicado: 25/9/2022
19. Keeping an eye on RDS vulnerabilities. [Research Saturday]

    Publicado: 24/9/2022
20. Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.

    Publicado: 23/9/2022