CyberWire Daily

Software supply chain incidents: FatPipe, PyPi, and IT services generally. A look at recent Iranian operations. The US Federal Reserve publishes its disclosure rules for banks sustaining cyber incidents. CISA issues a set of ICS advisories. Two of the Five Eyes announce plans for continued, even closer cooperation in cyberspace. Johannes Ullrich on attackers abusing "PAM" (Plug Authentication Modules). Our guest is Hatem Naguib, CEO at Barracuda Networks. And a real evil maid seems to have been out and about in Tel Aviv.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/223 Learn more about your ad choices. Visit megaphone.fm/adchoices

Red Curl is a Russophone gang with an unusual target list. North Korea’s TA406 is having a busy year, hacking for intelligence and for profit. Wicked Panda’s getting good at code-signing, and software supply chain attacks are in Beijing’s long-term plans. A spearphishing campaign abuses legitimate collaboration tools. Kevin Magee from Microsoft has an insider’s look at Windows 11 security. Our guest is Kevin Bocek of Venafi to discuss Security Software Build Environments. And selling confiscated cryptocurrency to compensate victims of scams.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/222 Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA, the FBI, the ACSC, and the NCSC issue a joint advisory warning of an Iranian cyber campaign exploiting known vulnerabilities in Fortinet and Microsoft Exchange. A Belarusian connection to Ghostwriter. Candiru tools reported in watering holes. SideCopy’s interest in Afghanistan. RAMP shows an interest in attracting Chinese operators. Josh Ray from Accenture Security digs into the CONTI playbook leak. Our guest is Matt Keeley from Bishop Fox on fuzzing. And Pompompurin wants to sell you leaked Robinhood data.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/221 Learn more about your ad choices. Visit megaphone.fm/adchoices

Older threats, including Emotet and Mirai, are out and about, and an old vulnerability, Rowhammer, gets a fresh proof-of-concept. A new banking Trojan threatens Europe. Intel works on vulnerabilities. CISA advises awareness of recently reported DDS vulnerabilities. Joe Carrigan explains how spearphishers are using customer complaints as bait. Rick Howard epaks with Carlos Vega from Devo on Supply Chain issues. And an arrest is made in a Maryland revenge porn case. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/220 Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploitation of a configuration error in the FBI’s Law Enforcement Enterprise Portal enables hackers to send bogus warning emails. Philippine Office of Civil Defense Twitter account briefly hijacked. Update on Iranian politically motivated threat group MosesStaff. Discount retailer Costco discloses a point-of-sale skimmer incident. Dinah Davis from Arctic Wolf track zero days. Rick the Toolman Howard drops by the studio. And the US seeks extradition of a Russian alt-coin baron on charges of laundering Ryuk’s money. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/219 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem–everyone from cyber insurance providers to the federal government have taken note. The CyberWire's Rick Howard speaks with Hash Table member Kevin Ford of Environmental Systems Research Institute (ESRI), and ExtraHop's VP, GM of International and Global Security Programs, Mike Campfield, joins The CyberWire's Dave Bittner on this CyberWire-X for a retrospective on ransomware in 2021. Mike shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes you out of your comfort zone actually makes you learn and grow." She notes that challenges experienced in life increase your risk appetite so significantly. Swati advises those looking to make a job change to be certain of what is attracting them and to be yourself. We thank Swati for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Senior Intelligence Researcher at Anomali, Tara Gould, joins Dave to discuss their team's work on "Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server." Anomali Threat Research discovered an open server to a directory listing that they attribute with high confidence to the German-speaking threat group, TeamTNT.The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.Other server contents include Amazon Web Services (AWS) Credentials stolen from TeamTNT stealers are also hosted on the server.This inside view of TeamTNT infrastructure and tools in use can help security operations teams to improve detection capabilities for related attacks, whether coming directly from TeamTNT or other cybercrime groups leveraging their tools.The research can be found here:Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server Learn more about your ad choices. Visit megaphone.fm/adchoices

Notes on rising international tension in Eastern Europe. A watering-hole campaign in Hong Kong. The US and the EU have joined the Paris Call. NSO Group’s prospective CEO resigns his position before formally assuming it. Void Balaur, a cybermercenary group, is active in the Russophone cyber underground. Johannes Ullrich on leaked vaccination cards and Covid tests. Our guest is Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect Active Directory. CISA intends to increase its capacity to work against misinformation and disinformation. CISA also intends to recruit white hat hackers to an advisory board.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/218 Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to a fun new project by the team who brings you Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series. They view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this first episode, Dave, Joe and Rick are watching Dave's and Joe's picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to the movies.Links to movie clips if you'd like to watch along: Dave's pick from "The Grifters" Joe's clip from "Matchstick Men" Learn more about your ad choices. Visit megaphone.fm/adchoices