CyberWire Daily

Chief security officer and chief information officer at Relativity, Amanda Fennel shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe strongly that every person has a little cyber warrior inside of them." We thank Amanda for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tushar Richabadas from Barracuda joins Dave Bittner to discuss their findings detailed in their "Threat Spotlight: Attacks on Log4Shell vulnerabilities." Their research shows the percentage of attackers targeting the vulnerabilities, and shows where the dips and spikes are over the course of the past couple of months.The research has also gathered where the attackers main IP addresses are located, with 83% of them located in the United States. They breakdown what this malware can do and how to protect yourself against it. They say "Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks."The research can be found here:Threat Spotlight: Attacks on Log4Shell vulnerabilities Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mother’s Day (and stay safe online).For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/88Selected reading.Mariupol steel mill battle rages as Ukraine repels attacks (Military Times) Why the battle for Mariupol is important for Vladimir Putin. (New York Times)A race against time in Ukraine as Russia advances, West sends weapons (Washington Post)The AP Interview: Belarus admits Russia's war 'drags on' (AP NEWS)Russia’s ally Belarus criticises war effort for ‘dragging on’ (The Telegraph)NSA cyber boss seeks to discourage vigilante hacking against Russia (Defense News)Shields Up: Russian Cyberattacks Headed Our Way (JD Supra)Raspberry Robin gets the worm early (Red Canary) VIP3R: New actor. Old story. Great success. (Menlo Security)Johnson Controls Metasys (CISA) Top 3 Mother’s Day Scam Sites – Be Smart When Buying Gifts (Trend Micro News) Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. And Anonymous leaks emails allegedly belonging to the Nauru Police Force.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/87Selected reading.Russian ally Belarus launches military quick-response drills (Washington Post)Putin’s Ukraine War: Desperate Belarus dictator strikes back (Atlantic Council)Russian ransomware group claims attack on Bulgarian refugee agency (CyberScoop)Russia and Ukraine Conflict Q&A | Cybersixgill (Cybersixgill) Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain (Cequence)Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention (HackRead) Learn more about your ad choices. Visit megaphone.fm/adchoices

An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK’s hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle….For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/86Selected reading.Update on cyber activity in Eastern Europe (Google) Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say (CyberScoop)Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs (The Record by Recorded Future)SolarWinds hackers set up phony media outlets to trick targets (CyberScoop) SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse (Recorded Future) Experts discover a Chinese-APT cyber espionage operation targeting US organizations (VentureBeat)Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason Nocturnus) Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques (Cybereason) Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say (CNN) Researchers tie ransomware families to North Korean cyber-army (The Record by Recorded Future)The Hermit Kingdom’s Ransomware Play (Trellix)New espionage group is targeting corporate M&A (TechCrunch) Cyberespionage Group Targeting M&A, Corporate Transactions Personnel (SecurityWeek) UNC3524: Eye Spy on Your Email (Mandiant) Yokogawa CENTUM and ProSafe-RS (CISA) Cops ignored call to nearby robbery, preferring to hunt Pokémon (Graham Cluley) Learn more about your ad choices. Visit megaphone.fm/adchoices

Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/85Selected reading.Microsoft sees Russian cyberattacks on Ukraine 'getting more and more disruptive' (Inside Defense) Sergey Lavrov claims Hitler had 'Jewish blood' (The Telegraph)Lavrov’s anti-Semitic outburst exposes absurdity of Russia’s “Nazi Ukraine” claims (Atlantic Council) Russia likens Zelensky to Hitler as Mariupol says Russia worse than Nazis (Newsweek) Russia reroutes internet in occupied Ukrainian territory through Russian telcos (The Record by Recorded Future) Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine (Trustwave)Zhadnost ‘stamps’ out Ukrainian National Postal Service’s website. (SecurityScorecard) Industrial cybersecurity researchers, looking for help, go public with unpatched IoT bug (The Record by Recorded Future) Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk (Nozomi Networks)Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (The Hacker News) Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (The Hacker News) New Black Basta Ransomware Possibly Linked to Conti Group (SecurityWeek) Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims (The Hacker News) Conti and Hive ransomware operations: What we learned from these groups' victim chats (Cisco Talos) Conti and Hive ransomware operations: (Cisco Talos) Learn more about your ad choices. Visit megaphone.fm/adchoices

Security executives need visibility into their real cyber risk in real time. But with the flood of vulnerability alerts, how can organizations pinpoint impactful security gaps? To meet this challenge, security teams are shifting to an exploit-centric approach to security validation to expose potential threats from ransomware, leaked credentials, phishing, & more. On this episode, of CyberWire-X, we explore how automation can help teams make this shift to prioritize remediation based on bottom line business impact. Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, discusses the topic with Rick Doten, CISO, Carolina Complete Health and CyberWire Hash Table member, while Dave Bittner, CyberWire podcast host, engages with Sponsor Pentera's Jay Mar-Tang, Sales Engineering Manager for the Americas, about automated security validation. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week’s DDoS incident was retaliation for Bucharest’s support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/84Selected reading.How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop) Russian hackers compromise embassy emails to target governments (BleepingComputer) Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR) Feared Russian cyberattacks against US have yet to materialize (C4ISRNet)Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post) A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer)Ukraine’s Digital Fight Goes Global (Foreign Affairs)Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future) REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

The move to cloud has great potential to improve security, but the required process and cultural changes can be daunting. There are a vast number of critical vulnerabilities that make it to production and demand more effective mitigations. Although “shifting security left” should help, organizations are not able to achieve this quickly enough, and “shifting left” does not account for runtime threats. Organizations must strive to improve the prioritization of vulnerabilities to ensure the most dangerous flaws are fixed early. But even then, some risk will be accepted, and a threat detection and response program is required for full security coverage.On this episode of CyberWire-X, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores how to secure your software development lifecycle, how to use a maturity model like BSIM, where do containers fit in that process, and the Sysdig 2022 Cloud-Native Security and Usage report. Joining Rick on this episode are Tom Quinn, CISO at T. Rowe Price and CyberWire Hash Table member, and from episode sponsor Sysdig is their Director of Thought Leadership, Anna Belak, to discuss their experiences and real world data, as well as practical approaches to managing cloud risk.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become apart of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has one the industry right now, and he even shares about an experience that led him to path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He say's "there's two paths when you have that happen, you can either let it defeat you, or you know, you come back swinging." We thank Jon for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices