CyberWire Daily

Gary Brickhouse, CISO from GuidePoint Security, sits down to share his story, looking back over the last 25 years of his career working for Fortune 100 companies, including Disney. He shares that every role he has had, he’s had to grow into and how each one was a pivotal point in his technical career. Gary ended up transitioning to a different organization and says how it was really compliance that was the transitional sort of moment for him as he grew into different roles. He says, “What I found was sort of just, riding the wave of growth and opportunity and trying to take advantage of it along the way." He shares some advice for new people entering the industry, saying that he wants to help shatter the myth that you have to be technical to get into this field. We thank Gary for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice." Ultra-wideband (UWB) is a rapidly-growing radio technology that, according to the UWB Alliance, is forecasted to drive sales volumes exceeding one billion devices annually by 2025.In an effort to strengthen the security of devices utilizing UWB, Nozomi Networks Labs conducted a security assessment of two popular UWB RTLS solutions available on the market. Their research reveals 0-day vulnerabilities and other weaknesses that, if exploited, could allow an attacker to gain full access to all sensitive location data exchanged over-the-air.The research can be found here:UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice Learn more about your ad choices. Visit megaphone.fm/adchoices

Flight-planning services are affected by cyberattack, as are Danish rail service. A BEC gang impersonates international law firms. Effects of the hybrid war on action in cyberspace. Deepen Desai from Zscaler examines the evolution of the X-FILES Stealer. CyberWire Space Correspondent Maria Varmazis has an analysis of the Starlink situation in Ukraine. And a sad, final farewell to Vitali Kremez, gone far too soon.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/213Selected reading.Boeing subsidiary Jeppesen's services impacted by cyber incident (Reuters)BREAKING: Boeing's Jeppesen Subsidiary Hit With Potential Ransomware Attack (Live and Let's Fly)Danish train standstill on Saturday caused by cyber attack (Reuters)Cyber incident at Boeing subsidiary causes flight planning disruptions (The Record by Recorded Future)Crimson Kingsnake: BEC Group Impersonates International Law Firms in… (Abnormal Security)New Crimson Kingsnake gang impersonates law firms in BEC attacks (BleepingComputer) Ukraine war, geopolitics fuelling cybersecurity attacks -EU agency (Reuters) Microsoft Extends Aid for Ukraine's Wartime Tech Innovation (SecurityWeek) Evaluating the International Support to Ukrainian Cyber Defense (Carnegie Endowment for International Peace)Cyber community mourns renowned researcher Vitali Kremez (The Record by Recorded Future)Remembering Vitali Kremez, Threat Intelligence Researcher (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn’t think cyberspace was the property of the East India Company. Or something like that.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/212Selected reading.Abusing Microsoft Customer Voice to Send Phishing Links (Avanan) Emotet botnet starts blasting malware again after 5 month break (BleepingComputer) Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne) RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry) Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek) Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts’ Cybersecurity 202 has the latest on election security. A visit to the CyberWire’s Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/211Selected reading.OpenSSL patched today. (CyberWire)OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two ‘high’ severity vulnerabilities (The Record by Recorded Future)OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security)Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog)OpenSSL Vulnerability Patch Released (Sectigo® Official)Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion)OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software)Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin)Discussions of CISA’s part in elections and the JCDC. (CyberWire)U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters) XDR data reveals threat trends. (CyberWire)What happens to a gift card given to a scammer? (CyberWire)How Russia’s war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch) Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/210Selected reading.Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) OHow The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security) New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion)Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog)The impact of exploitable misconfigurations on network security within US Federal organizations (Titania)Liz Truss's personal phone hacked by Putin's spies (Mail Online) OTruss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters) Liz Truss phone hack claim prompts calls for investigation (BBC News) Russian spies hacked Truss's personal phone (Computing)Government urged to investigate report Liz Truss’s phone was hacked (the Guardian)Ministers creating ‘wild west’ conditions with use of personal phones (the Guardian)Suella Braverman admits sending official documents to personal email six times (The Telegraph) Ukraine War: UK reveals £6m package for cyber defence (BBC News)DNS Threat Report — Q3 2022 (Akamai) Learn more about your ad choices. Visit megaphone.fm/adchoices

Leading European metals producer is hit with malware. Cooperative defense in cyberspace. A Ukrainian ally describes its exposure to Russian cyberattacks. Former UK Prime Minister Truss's phone may have been compromised. CISA sees a complex threat environment, but no specific threat to US elections. The Australian Defence network sustains ransomware attack. The three finalists in the DataTribe Challenge share insights on the competition. Rick Howard previews the new season of CSO Perspectives. And a look at threat trends.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/209Selected reading.Aurubis says it was hit in wider cyberattack on metals industry (Reuters)Copper Giant Aurubis Shuts Down Systems Due to Cyberattack (SecurityWeek)Inside a US military cyber team’s defence of Ukraine (BBC News) Ukraine's cyber power shows value of public-private partnership (Nikkei Asia) Latvian President: Only the West’s Weakness Can Provoke Russia (Foreign Policy) Latvia’s cyberspace faces new challenges amid war in Ukraine (The Record by Recorded Future)Worries build about winter cyber threats in Ukraine (POLITICO)Liz Truss's personal phone hacked by Putin's spies (Mail Online)Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters)Liz Truss phone hack claim prompts calls for investigation (BBC News)Russian spies hacked Truss's personal phone (Computing)Government urged to investigate report Liz Truss’s phone was hacked (the Guardian)Ministers creating ‘wild west’ conditions with use of personal phones (the Guardian)'Complex threat environment' ahead of midterm elections, top cybersecurity official says (Reuters)CISA chief sees no "specific or credible threats" to election infrastructure (CBS News)For cyber experts, disinformation overshadows cyberthreats in midterms (Washington Post)Australian Defence Department caught up in ransomware attack (ABC)Cyber-attack on Australian defence contractor may have exposed private communications between ADF members (the Guardian)Cyber Threat Reports (Deep Instinct)Deep Instinct releases its 2022 Interim Cyber Threat Study. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Jenny Brinkley, Director of AWS Security at Amazon Web Services (AWS), sits down to share her empowering story working through the ranks, and even co-founding her own company. While she did not have a typical upbringing in the industry, she credits her parents for ending up where she is now, as they told her that she could do anything and she decided as she was growing up that she could. She had the opportunity to co-found a small startup before selling it to AWS. She says that working in her position is like a rollercoaster, as no one thing is like the other, saying her highs are high and her lows are low. Being a woman in cybersecurity, she is working to empower more women in the field, Jenny says, "I think that we're living in such an interesting time where empathy, kindness, compassion, honesty, partnership in the security space, I mean, heck for any industry, but really for security and cyber security roles today, it's, it's the life blood and to be underestimated, especially as a female or because, you know, my background doesn't follow a cookie cutter pattern of what individuals think of when they think of individuals in security roles." We thank Jenny for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fede Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thousands of routers." The team at Faraday found a vulnerability that made it to DEFCON 30, labeling it high severity. With more and more people working from home for their companies, the research team went looking for where there may be vulnerabilities as employees are working from home.The research states that the team was "seeking and reporting security vulnerabilities in IoT devices, which led to the finding of an exploitable bug in a consumer-grade router popular in Argentina." They also stated in the research that it was escalating quickly and shares about how protecting home networks is important while working remotely.The research can be found here:A vulnerability in Realtek´s SDK for eCos OS: pwning thousands of routers Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Poland’s and Slovakia’s parliaments. The US 2022 National Defense Strategy is out. Insights from SecurityWeek’s ICS Cyber Security Conference. The importance of zero-trust in industrial environments. Malek Ben Salem from Accenture on machine language security and safety. Our guest is Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware. And CISA issues four more ICS Advisories.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/208Selected reading.Computer networks of parliaments in Poland and Slovakia paralyzed by cyberattacks (Euro Weekly News)Slovak, Polish Parliaments Hit By Cyber Attacks (Barron's)Slovak parliament suspends voting due to suspected cyberattack (Reuters)"Also from Russia" - cyber attack on parliaments in Poland and Slovakia - Today Times Live (Today Times Live)2022 National Defense Strategy (US Department of Defense)2022 NDS Fact Sheet | Integrated Deterrence (US Department of Defense) Discussing cyberattacks vs system failures. (CyberWire) Zero-trust in ICS environments. (CyberWire)SANS 2022 Survey: The State of OT/ICS Cybersecurity in 2022 and Beyond | Nozomi Networks (Nozomi Networks)CISA Releases Four Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices