Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors.
Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings.
The research can be found here - 
 https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Nansh0u not your normal cryptominer. [Research Saturday]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU.  Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here. 

Selected Reading
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED)
Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital)
Android TVs Can Expose User Email Inboxes (404 Media)
FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek)
Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice)
Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer)
Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record)
New Brokewell malware takes over Android devices, steals data (Bleeping Computer)
Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek)
Meta could face further squeeze on surveillance ads model in EU (TechCrunch)
Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The shadowy adversary in Cisco's crosshairs.

The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guests
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes:

Cryptographic life cycle

Cryptographic method

Public key infrastructure (PKI).


Industry Voices
On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. 

Selected Reading
Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers)
Congress passes bill that could ban TikTok after years of false starts (Washington Post)
Russian hackers claim cyberattack on Indiana water plant (The Record)
Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.)
Global attacker median dwell time continues to fall (Help Net Security)
New Password Cracking Analysis Targets Bcrypt (SecurityWeek)
North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine)
​​Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer)
Sweden's liquor shelves to run empty this week due to ransomware attack (The Record)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Iran's covert cyber operations exposed.

The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain.

Selected Reading
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs)
UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek)
Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine)
HHS strengthens privacy protections for reproductive health patients and providers (The Record)
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab)
Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader) 
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek)
The creepy sound of online trackers (Axbom) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Visa crackdown against spyware swindlers.

Section 702 gets another two years.  MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT.

Selected Reading
Warrantless spying powers extended to 2026 with Biden’s signature (The Record)
MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security)
CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine)
Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers)
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns  (The Record)
GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer)
Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer)
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber)
Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Renewed surveillance sparks controversy.

Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.

Nansh0u not your normal cryptominer. [Research Saturday]

Download our free app to listen on your phone