Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files.

Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.
The original research can be found here:
 https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html

Steganography enables sophisticated OceanLotus payloads. [Research Saturday]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

A major Phishing-as-a-service operation gets taken down by international law enforcement. US election officials are warned of nation-state influence operations. The house votes to limit the feds’ purchase of citizens personal data. A Michigan healthcare provider suffered a ransomware attack. Critical infrastructure providers struggle to trust cybersecurity tools. Cloudflare reports on DDoS. Kaspersky uncovers new Android banking malware. Kubernetes cryptominers leverage previously patched flaws. The Massachusetts Attorney General emphasizes the responsible use of AI. Our guest Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Colorado passes a law to keep big tech out of our heads. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest and podcast partner Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Are your employees faking their badge swipes?

Selected Reading
LabHost phishing service with 40,000 domains disrupted, 37 arrested (Bleeping Computer)
US Election Officials Told to Prepare for Nation-State Influence Campa (Infosecurity Magazine)
House votes in favor of curtailing government transactions with data brokers (The Record)
180k Impacted by Data Breach at Michigan Healthcare Organization (SecurityWeek)
Trust in Cyber Takes a Knock as CNI Budgets Flatline (Infosecurity Magazine)
DDoS threat report for 2024 Q1 (Cloudflare) 
SoumniBot malware exploits Android bugs to evade detection (Bleeping Computer)
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (Bleeping Computer)
Massachusetts official warns AI systems subject to consumer protection, anti-bias laws (AP News)
Your Brain Waves Are Up for Sale. A New Law Wants to Change That (NY Times)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

From phishing to felony.

A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a Saturday night special. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for Domain 2, Asset Security. 

Resources:
Domain 2, Asset Security
Identify and securely provision information assets, establish handling requirements, manage the data lifecycle, and apply data security controls to comply with applicable laws.

2.1 Identify and classify information and assets

2.2 Establish information and asset handling requirements

2.3 Provision resources securely

2.4 Manage data lifecycle

2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))

2.6 Determine data security controls and compliance requirements

Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you’re confident and successful on exam day.

Selected Reading
Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities (WIRED)
T-Mobile, Verizon workers get texts offering $300 for SIM swaps (Bleeping Computer)
PuTTY SSH client flaw allows recovery of cryptographic private keys (Bleeping Computer) 
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials (Talos Intelligence)
Ivanti Patches Two Critical Avalanche Flaws in Major Update (Infosecurity Magazine)
Omni Hotels confirms data compromise in apparent ransomware attack (SC Media)
Steganography Campaign Targets Global Enterprises (GovInfo Security)
Nebraska man allegedly defrauded cloud providers of millions via cryptojacking (The Record)
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (The Record)
‘Junk gun’ ransomware: Peashooters can still pack a punch (Sophos News) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The rebirth of Russia's cyber warfare.

Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental telehealth service provider. Open Source foundations call for caution after social engineering attempts. The NSA shares guidance for securing AI systems. IntelBroker claims to have hit a US geospatial intelligence firm. The UK clamps down on deepfakes. Hard-coded passwords provide the key to smart-lock vulnerabilities. On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). A Law Firm’s Misclick Ends 21 Years of Matrimony. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC).

Selected Reading
Cisco Duo MFA logs exposed in third-party data breach (ITPro)
Casino operator MGM sues FTC to block probe into 2023 hack (Reuters)
Open Source Leaders Warn of XZ Utils-Like Takeover Attempts (Infosecurity Magazine)
FTC Bans Online Mental Health Firm From Sharing Certain Data (GovInfo Security)
New NSA guidance identifies need to update AI systems to address changing risks, bolster security (Industrial Cyber)
IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data (HackRead) 
Creating sexually explicit deepfakes to become a criminal offence (BBC)
CISA warns of critical vulnerability in Chirp smart locks (The Register)
Wrong couple divorced after computer error by law firm Vardag's (BBC)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Weathering the phishing front.

Palo Alto Networks releases hotfixes for an exploited zero-day. Delinea issues an urgent update for a critical flaw. Giant Tiger data is leaked online. A European semiconductor manufacturer deals with a data breach. Roku suffers its second breach of the year. Operators of the Hive RAT face charges.  A former Amazon security engineer gets three years in prison for hacking cryptocurrency exchanges. Zambian officials arrest 77 in a scam call center crack down. Our guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division describes dual ransomware. And Rob Boyce, Managing Director at Accenture, shares his thoughts on security testing of generative AI. And selling Pokemon cheats leaves one man in Japan feeling like he had a run-in with a Scaldiburn.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Today, we have two guests, Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division discussing dual ransomware. Followed by Rob Boyce, Managing Director at Accenture, sharing some thoughts on security testing of generative AI.
Selected Reading
Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge (SecurityWeek)
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (Help Net Security)
Hacker claims Giant Tiger data breach, leaks 2.8M records online (Bleeping Computer)
Press statement: Nexperia IT Breach (Nexperia)
Roku issues warning over massive customer account breach (ITPro)
Two People Arrested in Australia and US for Development and Sale of Hive RAT (SecurityWeek)
Ex-Amazon engineer gets 3 years for hacking crypto exchanges (Bleeping Computer)
Zambia arrests 77 people in swoop on "scam" call centre (Bitdefender)
Japanese Police Arrest 36-Year-Old Man on Suspicion of Tampering With Pokémon Violet Save Data (IGN) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Hunting vulnerabilities.

You can learn more about AWS in Orbit at space.n2k.com/aws.
N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11. 
Our guests today are ​​Clint Crosier, Director at AWS Aerospace and Satellite, and Jim Tran, Vice President of Government Solutions at Iridium.
AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram.
Selected Reading
AWS Aerospace and Satellite
Audience Survey
We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.
Want to join us for an interview?
Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.
T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Steganography enables sophisticated OceanLotus payloads. [Research Saturday]

Download our free app to listen on your phone