Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield.
The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed.
The research can be found here:

Jenkins Brute Force Scans

Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)

Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527

Weathering the internet storm. [Research Saturday]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

As part of our series on the 2024 NICE Conference, we turn our focus to the Business Roundtable. This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap. Business Roundtable is an association of chief executive officers of America’s leading companies working to promote a thriving U.S. economy and expanded opportunity for all Americans through sound public policy. 
The Business Roundtable launched its Cybersecurity Workforce Corporate Initiative in December of 2022. In coordination with its members and inputs from experts at Department of Commerce’s National Initiative for Cybersecurity Education (NICE), it recently released a Cybersecurity Workforce Playbook to help employers create entry points to cybersecurity careers and strengthen cybersecurity talent pipelines across various industries and sectors.
Simone Petrella, N2K President, speaks with Erin White, Business Roundtable's Senior Director, Corporate Initiatives, about the Cybersecurity Workforce Corporate Initiative, the recently released Cybersecurity Workforce Playbook, key takeaways for the private sector, and how the Business Roundtable and NICE are working together to support these initiatives.
Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Stay tuned for our coverage of the 2024 NICE Conference.

Solution Spotlight on the 2024 NICE Conference: Business Roundtable.

Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware.
This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the URL and protocol resource for the JNDI network connection."
The research can be found here:
New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

1700 IPs and counting. [Research Saturday]

Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber and cryptologists worldwide for the nation. Diane encourages those who love to learn to join the multidisciplinary cybersecurity field. Our thanks to Diane for sharing her story with us.

Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]

Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians’ personal info for sale on the dark web. The BBC’s pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud’s Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow’s fake-news puppet.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, we hear from Chip Witt, SpyCloud's SVP, Product Management, discussing navigating the threat of digital identity exposure. To learn more, check out SpyCloud’s Annual Identity Exposure Report 2024. 

Selected Reading
Senate chairman wants new White House-led panel to streamline federal cyber rules (The Record)
Data Leak Exposes Business Leaders and Top Celebrity Data (Hackread)
Information of Hundreds of European Politicians Found on Dark Web (SecurityWeek)
BBC Pension Scheme Breached, Exposing Employee Data (Infosecurity Magazine)
OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops (CSO Online)
Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (Ars Technica)
Pirated Microsoft Office delivers malware cocktail on systems (Bleeping Computer)
UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says (The Record)
Once a Sheriff’s Deputy in Florida, Now a Source of Disinformation From Russia (The New York Times) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

New cybersecurity bill aims to untangle federal regulations.

Operation Endgame takes down malware operations around the globe. A major botnet operator is arrested. Ticketmaster’s massive data breach is confirmed, and so is Google’s SEO algorithm leak. Journalists and activists in Europe were targeted with Pegasus spyware. Okta warns users of credential stuffing attacks. NIST hopes to clear out the NVD backlog. On our Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. LightSpy surveillance malware comes to macOS. ChatGPT briefly gets a god mode.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security.

Threat Vector
In this Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Greg brings a wealth of knowledge from his military background and applies a disciplined, adaptive approach to securing one of America's most vibrant educational institutions. You can listen to David and Greg’s full discussion here. 

Selected Reading
Police seize malware loader servers, arrest four cybercriminals (Bleeping Computer)
Is Your Computer Part of ‘The Largest Botnet Ever?’ (Krebs on Security)
Ticketmaster hacked. Breach affects more than half a billion users. (Mashable)
Google confirms the leaked Search documents are real (The Verge)
Phones of journalists and activists in Europe targeted with Pegasus (CyberScoop)
Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication (SecurityWeek)
NIST says NVD will be back on track by September 2024 (Help Net Security)
macOS version of elusive 'LightSpy' spyware tool discovered (Bleeping Computer)
Hacker Releases Jailbroken "Godmode" Version of ChatGPT (Futurism) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Weathering the internet storm. [Research Saturday]

Download our free app to listen on your phone