CyberWire Daily

A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

On today’s guest slot, N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. They touch upon the SEC reporting requirements and how testing is never done. Rick and Steve caught up at AWS re:Inforce 2024. 

US indicts alleged North Korean state hacker for ransomware attacks on hospitals (The Record) 

North Korean Military Hacker Indicted for String of US Attacks (Metacurity)

CrowdStrike says over 97% of Windows sensors back online (Reuters)

Threat Actors leveraging the recent CrowdStrike update outage (FortiGuard Labs) 

Cyber-security firm rejects $23bn Google takeover (BBC)

ECB's cyber security test shows 'room for improvement' for banks (Reuters)  

France launches large-scale operation to fight cyber spying ahead of Olympics (The Record) 

Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit (Forbidden Stories)  

KOSA, COPPA 2.0 Likely to Pass U.S. Senate (Inside Privacy) 

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them (WIRED) 

North Korean Fake IT Worker FAQ (KnowBe4) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A North Korean hacking group targets healthcare, energy and finance. Leaked Leidos documents surface on the dark web. A Middle Eastern financial institution suffered a record-breaking DDoS attack. The latest tally on the fallout from the Crowdstrike outage. A cybersecurity audit of HHS reveals significant cloud security gaps. Docker patches a critical vulnerability for the second time. Google announced enhanced protections for Chrome users. In our latest Threat Vector segment, David Moulton speaks with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks. If you’re heading to Paris for the Summer Olympics, smile for the AI cameras. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, engages with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks, particularly focusing on vishing and smishing. 

As election season heats up, these threats are becoming more sophisticated, exploiting our reliance on mobile devices and psychological tactics. Sama provides expert insights into the latest trends, the psychological manipulations used in these attacks, and the specific challenges they pose to individuals and the democratic process. You can listen to Threat Vector every Thursday starting next week on the N2K CyberWire network. Check out the full episode with David and Sama here. 

Mandiant: North Korean Hackers Targeting Healthcare, Energy (BankInfo Security)

Data pilfered from Pentagon IT supplier Leidos (The Register)

DDoS Attack Lasted for 6 Days, Record created for the duration of the Cyberattack (Cyber Security News)

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure (CrowdStrike)

Fortune 500 stands to lost $5bn plus from CrowdStrike incident (Computer Weekly)

HHS audit finds serious gaps in cloud security at agency office (SC Media)

Docker re-fixes a critical authorization bypass vulnerability (CSO Online)

Google Boosts Chrome Protections Against Malicious Files (SecurityWeek)

At The 2024 Summer Olympics, AI Is Watching You (WIRED) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last week’s major incident. The Breachforums database reveals threat actor OPSEC. Windows Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast.” Researchers wonder if proving you’re human proves profitable for Google. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast," talking about what to expect on Bluehat on the N2K media network. You can catch the podcast every other Wednesday. Their latest episode launching today can be found here. 

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub (WIRED)

CrowdStrike blames test software for taking down 8.5 million Windows machines (The Verge)

BreachForums v1 database leak is an OPSEC test for hackers (Bleeping Computer)

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (Dark Reading)

Schneider Regional Medical Center hit by ransomware attack (Beyond Machines)

New phishing report names and shames TLDs, registrars (The Verge)

FTC Issues Orders to Eight Companies Seeking Information on Surveillance Pricing (FTC)

Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys (The Record)

How a North Korean Fake IT Worker Tried to Infiltrate Us (KnowBe4)

Forget security – Google's reCAPTCHA v2 is exploiting users for profit (The Register) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

UK law enforcement relieves DigitalStress. Congress summons Crowdstrike’s CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleet’s innovation process. Target’s in-store AI misses the mark. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article. 

Prolific DDoS Marketplace Shut Down by UK Law Enforcement (Infosecurity Magazine)

Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O. (The New York Times)

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter (WIRED)

Telegram zero-day for Android allowed malicious files to masquerade as videos (The Record)

Chinese Cyberespionage Group Expands Malware Arsenal (GovInfo Security)

Google rolls back decision to kill third-party cookies in Chrome (Bleeping Computer)

FCC, Tracfone Wireless reach $16M cyber and privacy settlement (CyberScoop)

Wiz rejects Google’s $23 billion takeover in favor of IPO (The Verge)

Target Employees Hate Its New AI Chatbot (Forbes)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks.  Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack. 

This week on N2K Pro’s CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here. 

Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity)

Suspected Scattered Spider Member Arrested in UK (SecurityWeek)

DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record)

SocGholish malware used to spread AsyncRAT malware (Security Affairs)

California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek)

Finance: Secret Bank Ratings Show US Regulator’s Concern on Handling Risk (Bloomberg)

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs)

Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews)

Internships can be a gold mine for cybersecurity hiring (CSO Online)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst.

Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.

Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate.

Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire.

Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant.

Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup. James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications. We thank James for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain.

This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement.

The research can be found here:

• Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgänger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2K’s CSO Rick Howard speaks with AWS’ CISO Chris Betz about strong security cultures and AI. A look inside the world’s largest live-fire cyber-defense exercise. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Dave is joined by Andy Ellis, to discuss today’s top story on the CrowdStrike-induced Microsoft outage.

N2K’s CSO Rick Howard recently caught up with AWS’ CISO Chris Betz at the AWS re:Inforce 2024 event. They  discuss strong security cultures and AI. You can watch Chris’ keynote from the event here. Read Chris’ blog post, “How the unique culture of security at AWS makes a difference.”

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World (WIRED)

Counting the Costs of the Microsoft-CrowdStrike Outage (The New York Times)

Major Microsoft 365 outage caused by Azure configuration change (Bleeping Computer)

Most of SolarWinds hacking suit filed by SEC dismissed (SC Magazine)

Ransomware Remains a Major Threat to Energy (BankInfoSecurity)

Investigation prompts European hosting companies to suspend accounts linked to Russian disinfo (The Record)

MediSecure Data Breach Impacts 12.9 Million Individuals (SecurityWeek)

Russians plead guilty to involvement in LockBit ransomware attacks (Bleeping Computer)

Inside the world’s largest ‘live-fire’ cyber-defense exercise (CSO Online)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK’s NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." 

Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary)

Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer)

UK national blood stocks in 'very fragile' state following ransomware attack (The Record)

Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek)

Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek)

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs)

WazirX reports security breach at crypto exchange following $230 million 'suspicious transfer' (TechCrunch)

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts (Wiz Blog)

Jail time for operators of DDoS service used to crash thousands of devices (Cybernews)

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says (TechCrunch)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices