CyberWire Daily

3271 Episodo

1. An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

   Publicado: 5/4/2021
2. Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

   Publicado: 4/4/2021
3. Ezuri: Regenerating a different kind of target. [Research Saturday]

   Publicado: 3/4/2021
4. Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

   Publicado: 2/4/2021
5. Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

   Publicado: 1/4/2021
6. Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

   Publicado: 31/3/2021
7. US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

   Publicado: 30/3/2021
8. Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

   Publicado: 29/3/2021
9. Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

   Publicado: 28/3/2021
10. How are we doing in the industrial sector? [Research Saturday]

    Publicado: 27/3/2021
11. Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

    Publicado: 26/3/2021
12. Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

    Publicado: 25/3/2021
13. Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

    Publicado: 24/3/2021
14. Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

    Publicado: 24/3/2021
15. Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

    Publicado: 23/3/2021
16. Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

    Publicado: 22/3/2021
17. Kevin Magee: Focus on the archer. (CSO) [Career Notes]

    Publicado: 21/3/2021
18. BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

    Publicado: 20/3/2021
19. Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

    Publicado: 19/3/2021
20. Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

    Publicado: 18/3/2021