CyberWire Daily

3271 Odcinki

1. An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.

   Opublikowany: 5.04.2021
2. Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

   Opublikowany: 4.04.2021
3. Ezuri: Regenerating a different kind of target. [Research Saturday]

   Opublikowany: 3.04.2021
4. Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.

   Opublikowany: 2.04.2021
5. Holiday Bear’s tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.

   Opublikowany: 1.04.2021
6. Cyberespionage and influence operations. Reading the US State Department’s mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.

   Opublikowany: 31.03.2021
7. US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.

   Opublikowany: 30.03.2021
8. Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.

   Opublikowany: 29.03.2021
9. Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

   Opublikowany: 28.03.2021
10. How are we doing in the industrial sector? [Research Saturday]

    Opublikowany: 27.03.2021
11. Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.

    Opublikowany: 26.03.2021
12. Mamba ransomware’s evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.

    Opublikowany: 25.03.2021
13. Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. What’s on your mind, crooks?

    Opublikowany: 24.03.2021
14. Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail

    Opublikowany: 24.03.2021
15. Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikTok’s privacy. A manga site goes down.

    Opublikowany: 23.03.2021
16. Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.

    Opublikowany: 22.03.2021
17. Kevin Magee: Focus on the archer. (CSO) [Career Notes]

    Opublikowany: 21.03.2021
18. BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]

    Opublikowany: 20.03.2021
19. Cyberespionage against Finland. Moscow’s displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.

    Opublikowany: 19.03.2021
20. Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.

    Opublikowany: 18.03.2021