Share CyberWire Daily
Share to email
Share to Facebook
Share to X
By N2K Networks
4.8
954954 ratings
The podcast currently has 3,141 episodes available.
Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection.
The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
Researchers uncover a critical Windows zero-day. An alleged Ukrainian cyberattack targets one of Russia’s largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Joining Dave today is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release.
New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes)
Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record)
BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media)
U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer)
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register)
SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityWeek)
Mitel MiCollab zero-day and PoC exploit unveiled (Help Net Security)
Atrium Health Data Breach Impacts 585,000 People (SecurityWeek)
Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News)
US arrests Scattered Spider suspect linked to telecom hacks (Bleeping Computer)
Nebraska Man pleads guilty to $3.5 million cryptojacking scheme (Bleeping Computer)
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Europol dismantles the Manson cybercrime market. Operation Destabilise stops two major Russian-speaking money laundering networks. New details emerge on China’s attacks on U.S. telecoms. Black Lotus Labs uncovers a covert campaign by the Russian-based threat actor “Secret Blizzard”. Cisco issues patches for a high impact bootloader vulnerability. Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities. Payroll Pirates target HR payroll systems to redirect employee funds .Pegasus spyware may be more prevalent than previously believed. Our guest today is Jon France, CISO at ISC2, with insights from the ISC2 2024 Workforce Study. How businesses can lose customers one tip at a time.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Our guest today is Jon France, CISO at ISC2, sharing the ISC2 2024 Workforce Study. You can read the press release about the report here and dig into the details of the report itself here.
50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement (SecurityWeek)
UK’s NCA Disrupts Multibillion-Dollar Russian Money Launderers (Infosecurity Magazine)
The White House reveals at least 8 U.S. telecom firms impacted by China’s Salt Typhoon cyberattack (Fast Company)
Senators implore Department of Defense to expand the use of Matrix (Element)
Snowblind: The Invisible Hand of Secret Blizzard (Lumen)
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage (Microsoft Security)
Russian Hackers Exploit Rival Attackers’ Infrastructure for Espionage (Infosecurity Magazine)
Bootloader Vulnerability Impacts Over 100 Cisco Switches (SecurityWeek)
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks (Trend Micro)
Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam (Silent Push)
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples (iVerify)
How a Russian man’s harrowing tale shows the physical dangers of spyware (CyberScoop)
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric’s remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google’s December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today’s CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management.
This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today’s question comes from N2K’s CompTIA® A+ Core Exam 1 Practice Test (Core Exam 2 Practice Test is also available on our site).
Have a question that you’d like to see covered? Email us at [email protected]. Check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.
Additional sources: www.comptia.org
International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging Service (SOCRadar)
German Police Shutter Country’s Largest Dark Web Market (Infosecurity Magazine)
10/10 directory traversal bug hits SailPoint's IdentityIQ (The Register)
Solana Web3.js Library Backdoored in Supply Chain Attack (SecurityWeek)
SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code (Cyber Security News)
16 Zero-Days Uncovered in Fuji Electric Monitoring Software (GovInfo Security)
Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability (Hackread)
VulnerabilitiesCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks (SecurityWeek)
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog (SecurityAffairs)
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts (GB Hacker)
Android's December 2024 Security Update Patches 14 Vulnerabilities (SecurityWeek)
FTC accuses data brokers of improperly selling location info (The Register)
Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack (Infosecurity Magazine)
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More than 760,000 see their personal data exposed on the BreachForums cybercrime forum. The new head of the UK’s NCSC warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau (CFPB) looks to prevent data brokers from selling Americans’ personal and financial information. A U.S. government and energy sector contractor discloses a ransomware attack. The “smoked ham” Windows backdoor is being actively deployed. A new report warns of overreliance on Chinese-made LIDAR technology. SmokeLoader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built-in DDoS attack capabilities. On our Threat Vector segment, we preview this week’s episode where host David Moulton goes Behind the Scenes with Palo Alto Networks CIO and CISO. ChatGPT has a Voldemort moment.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
On our Threat Vector segment, we preview this week’s episode where host David Moulton goes “Behind the Scenes with Palo Alto Networks CIO and CISO Securing Business Success with Frictionless Cybersecurity.” Meerah Rajavel, CIO of Palo Alto Networks, and Niall Browne, CISO of the organization, join David to discuss the importance of aligning IT strategy with cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.
760,000 Employee Records From Several Major Firms Leaked Online (SecurityWeek)
UK cyber chief warns country is ‘widely underestimating’ risks from cyberattacks (The Record)
US agency proposes new rule blocking data brokers from selling Americans' sensitive personal data (TechCrunch)
US government contractor ENGlobal says operations are ‘limited’ following cyberattack (TechCrunch)
New Windows Backdoor Security Warning For Bing, Dropbox, Google Users (Forbes)
Chinese LIDAR Dominance a Cybersecurity Threat, Warns Think Tank (Infosecurity Magazine)
SmokeLoader Attack Targets Companies in Taiwan (FortiGuard Labs)
Korea arrests CEO for adding DDoS feature to satellite receivers (Bleeping Computer)
Do Your Passwords Meet the Proposed New Federal Guidelines? (Wall Street Journal)
These names cause ChatGPT to break, and it's due to AI hallucinations ( TechSpot)
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A major cybercrime crackdown by Interpol nabs hundreds of suspects and millions in stolen funds. Zabbix has disclosed a critical SQL injection vulnerability. A novel phishing campaign exploits Microsoft Word’s file recovery feature. Researchers track the Rockstar 2FA phishing toolkit. Critical vulnerabilities are found in Advantech’s industrial wireless access points. North Korea’s Kimsuky hacking group shifts their tactics. The U.N. forms an advisory body to address growing threats to critical undersea cable infrastructure.The U.K. is laser-focused on AI security research. Russian authorities arrest the Wazawaka ransomware affiliate. Our guest is Marshall Heilman, CEO of DTEX Systems, sharing his experience with a nation-state actor's attempt to gain employment at his company. OpenAI opens the door for encrudification.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Our guest is Marshall Heilman, CEO of DTEX Systems, discussing how HR can spot fake IT workers and sharing their own experience with a nation-state actor's attempt to gain employment at his company. You can read DTEX Systems findings here.
Global Police Arrest 5500 in $400m Cyber-Fraud Crackdown (Infosecurity Magazine)
Critical Vulnerability Found in Zabbix Network Monitoring Tool (SecurityWeek)
Novel phishing campaign uses corrupted Word documents to evade security (Bleeping Computer)
"Rockstar 2FA" Phishing-as-a-Service Steals Microsoft 365 Credentials Via AiTM Attacks (Cyber Security News)
Warning: Patch Advantech Industrial Wireless Access Points (GovInfo Security)
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks (Cyber Security News)
UN, international orgs create advisory body for submarine cables after incidents (The Record)
U.K. launches AI security lab to combat nation-state cyber threats (SC Media)
Ransomware suspect Wazawaka reportedly arrested by Russia (SC World)
OpenAI explores advertising as it steps up revenue drive (Financial Times)
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode, where we are joined by Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson, as she shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and leadership positions, the ratio of women had dropped dramatically. She noted at this time that it took a lot of energy to be different. Debra shared that each time she had challenges in her career, she learned from them. She offers advice of taking risks earlier in your career as you don't know what it could lead to. And, we thank Debra for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode:
Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him.
The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
T-Minus Space Daily Podcast Host Maria Varmazis was asked to host a fireside chat with Sci-Fi legend Ronald D. Moore at the Beyond Earth Symposium in Washington DC. Ronald D. Moore is an American screenwriter and television producer. He is best known for his work on Star Trek, the re-imagined Battlestar Galactica and For All Mankind TV series.
Check out the full conversation on our YouTube Page here!
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram.
We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day.
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
Please send your pitch to [email protected] and include your name, affiliation, and topic proposal.
T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode:
On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2K President Simone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The podcast currently has 3,141 episodes available.
1,923 Listeners
347 Listeners
610 Listeners
359 Listeners
159 Listeners
301 Listeners
380 Listeners
917 Listeners
7,664 Listeners
139 Listeners
185 Listeners
299 Listeners
67 Listeners
113 Listeners
34 Listeners