CyberWire Daily

Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school. She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes "utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing." Jadee mentions she tries hard to do things that might scare her every day. For those interested in the field, especially young women, Jadee recommends they get involved and then stay curious. We thank Jadee for sharing her story with us.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. Tudor Dumitras from University of Maryland and joins Dave Bittner to share a research study conducted in collaboration with industry partners from Facebook, NortonLifeLock Research Group and EURECOM. The project is called: "When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World." In the study, the team analyzed how malware samples change their behavior when executed on different hosts or at different times. Such “split personalities” may confound the current techniques for malware analysis and detection. Malware execution traces are typically collected by executing the samples in a controlled environment (a “sandbox”), and the techniques created and tested using such traces do not account for the broad range of behaviors observed in the wild. In the paper, the team shows how behavior variability can make those techniques appear more effective than they really are, and they make some recommendations for dealing with the variability.The research and executive summary can be found here: When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World Analysing malware variability in the real world Learn more about your ad choices. Visit megaphone.fm/adchoices

Tensions between Iran and Israel rise as sources in Tehran blame Israel for hacking gas stations, and as apparent Iranian hacktivists dox Israeli defense personnel. A new ransomware strain is discovered. A criminal group is spoofing emails from Philippine agencies. Europol and partners sweep up a cyber gang. Betsy Carmelite from BAH on convergence of 5G and healthcare. Our guest is Justin Wray from CoreBTS with a look at the security issues facing online gaming and casinos. And the company formerly known as Facebook rebrands as “Meta.”For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/209 Learn more about your ad choices. Visit megaphone.fm/adchoices

Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran continues its recovery from a cyberattack that disrupted subsidized fuel distribution. Wanted in Stuttgart (but living it up in Russia): ransomware kingpin Nikolay K. The Conti ransomware gang gets poor customer service notices. Food distribution is on the cybercriminals’ target lists. SolarMarker’s use of SEO poisoning. The US publishes a statement of strategic intent for its cybersecurity czar’s office. David Dufour from Webroot wonders if there’s any hope at slowing down malware. Our own Brandon Karpf describes the DoD’s Skillbridge program. And decryptors are made available for three ransomware strains.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/208 Learn more about your ad choices. Visit megaphone.fm/adchoices

Sudan is under a blackout as a military junta consolidates control over the government. Iran says a cyberattack--unattributed so far--was responsible for disrupting fuel distribution in that country. A novel loader is discovered. Operation Dark HunTor takes down a darkweb contraband market. The US FTC is looking into Facebook’s privacy settlement. The LockBit gang talks, and it’s insufferable. Andrea Little Limbago from Interos on government internet interventions. Carole Theriault weighs in on Facebook glasses. And Halloween is another day closer.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/207 Learn more about your ad choices. Visit megaphone.fm/adchoices

Notes on ransomware and privateering: Conti’s barking at its victims, someone’s exploiting billing software, and BlackMatter repeated some coding errors its DarkSide predecessor committed. GCHQ suggests that the UK will undertake a more assertive imposition of costs on cyber gangs. The US State Department will reestablish its cyber bureau. Software supply chain cyberespionage, and what can be done about it. Ben Yelin on school laptop privacy concerns. Our guest is David White of Axio to discuss Ransomware Preparedness. And some more scare-notes for Halloween.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/206 Learn more about your ad choices. Visit megaphone.fm/adchoices

SolarMarket infestations are up, and circulating through WordPress sites. More indications that REvil was taken down by a US-led but thoroughly international public-private partnership, and the other Russian privateers have their noses seriously out of joint. Russia’s SVR is getting busy in software supply chains. Criminals take advantage of the popularity of Squid Games. Dinah Davis from Arctic Wolf on how even hackers have internal politics. Rick Howard checks in with the Hash Table on compliance. And Halloween is coming: do you know what your apps are up to?For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/205 Learn more about your ad choices. Visit megaphone.fm/adchoices

Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42’s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0) with Dave.The research can be found here:Ransomware Groups to Watch: Emerging Threats Learn more about your ad choices. Visit megaphone.fm/adchoices