The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Deception, influence, and social engineering in the world of cyber crime.
A fun and informative cybersecurity audio glossary from the CyberWire.
Step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words.
Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
A weekly conversation on surveillance, digital privacy, cybersecurity law and policy. Hosted by the CyberWire's Dave Bittner and Ben Yelin from the University of Maryland Center for Health and Homeland Security. They break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digit ...
Readings from the dark underworld of cybercrime and espionage, recalled to life, reinterpreted, and reimagined for the benefit of the infosec literati. Oh, and it’s also just play and parody from the ever-restless imaginations of the CyberWire editorial team.
T
The CyberWire Daily


1
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
7:08
7:08
Play later
Play later
Lists
Like
Liked
7:08
Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radi…
C
Career Notes


1
Stephen Hamilton: Getting the mission to the next level. [Military]
7:08
7:08
Play later
Play later
Lists
Like
Liked
7:08
Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radi…
T
The CyberWire Daily


1
Diving deep into North Korea's APT37 tool kit. [Research Saturday]
19:33
19:33
Play later
Play later
Lists
Like
Liked
19:33
Guest Hossein Jazi of Malwarebytes joins us to take a deep dive into North Korea's APT37 (aka ScarCruft, Reaper and Group123) toolkit. On December 7 2020 the Malwarebytes Labs threat team identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meet…
R
Research Saturday

1
Diving deep into North Korea's APT37 tool kit.
19:33
19:33
Play later
Play later
Lists
Like
Liked
19:33
Guest Hossein Jazi of Malwarebytes joins us to take a deep dive into North Korea's APT37 (aka ScarCruft, Reaper and Group123) toolkit. On December 7 2020 the Malwarebytes Labs threat team identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meet…
T
The CyberWire Daily


1
SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.
28:03
28:03
Play later
Play later
Lists
Like
Liked
28:03
A new second-stage backdoor has been found in a SolarWinds compromise victim. Those exploiting the now-patched Exchange Server zero days seem to have done so to establish a foothold in the targeted systems. India continues to investigate a Chinese cyber threat to its infrastructure. Misconfigured clouds leak mobile app data. A major airline IT prov…
T
The CyberWire Daily


1
Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.
22:10
22:10
Play later
Play later
Lists
Like
Liked
22:10
Indian authorities say October’s Mumbai blackout was “human error,” not cybersabotage. CISA directs US civilian agencies to clean up Microsoft Exchange on-premise vulnerabilities. More effects of the Accellion FTA supply chain compromise. Some trends in social engineering. Andrea Little Limbago brings us up to date on the RSA supply chain sandbox. …
H
Hacking Humans


1
Fraud activity within secure messaging apps in plain sight.
41:35
41:35
Play later
Play later
Lists
Like
Liked
41:35
Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener name…
T
The CyberWire Daily


1
RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
23:27
23:27
Play later
Play later
Lists
Like
Liked
23:27
India continues to investigate the possibility of RedEcho cybersabotage of its power distribution system, but says any hack was stopped and contained. Microsoft issues an out-of-band patch against a Chinese-run “Operation Exchange Marauder.” The financial sector works to contain an Ursnif outbreak. CISA issues ICS security advisories. Myanmar and t…
Guest Major Jess Dawson from Army Cyber Institute joins Dave to talk about microtargeting as information warfare, Ben's story looks at efforts to keep the government from tracking your location, and Dave has the story that wonders if gathering congress’ cell phone records is constitutional. While this show covers legal topics, and Ben is a lawyer, …
T
The CyberWire Daily


1
India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
23:39
23:39
Play later
Play later
Lists
Like
Liked
23:39
Indian authorities continue to investigate the possibility that Mumbai’s power grid was hacked last October. Apple’s walled garden’s security can inhibit detection of threats that manage to get inside. An Atlantic Council report recommends international action against access-as-a-service brokers to stall proliferation of cyber offensive tools. Ben …
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.By CyberWire Inc.
From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.By CyberWire, Inc.
T
The CyberWire Daily


1
“RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.
23:30
23:30
Play later
Play later
Lists
Like
Liked
23:30
Chinese cyber engagement with Indian critical infrastructure is reported: the objective isn’t benign from India’s point of view, but exactly what the objective is, specifically, remains a matter of speculation. The US Governemnt declassifies its report on the murder of Saudi journalist Jamal Khashoggi. The SolarWinds supply chain compromise remains…
T
The CyberWire Daily


1
Aarti Borkar: Make your own choices. [Product} [Career Notes]
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38
Head of Product for IBM Security Aarti Borkar shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche wor…
C
Career Notes


1
Aarti Borkar: Make your own choices. [Product]
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38
Head of Product for IBM Security Aarti Borkar shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche wor…
T
The CyberWire Daily


1
Shining a light on China's cyber underground. [Research Saturday]
25:11
25:11
Play later
Play later
Lists
Like
Liked
25:11
Guest Maurits Lucas from Intel471 joins us to discuss his team's research into cybercrime in China. Data from Intel 471 show that the Chinese cybercrime underground proliferates through use of common methods or platforms, but behaves differently in large part due to the caution that actors take with regard to their identity. While the average citiz…
R
Research Saturday

1
Shining a light on China's cyber underground.
25:11
25:11
Play later
Play later
Lists
Like
Liked
25:11
Guest Maurits Lucas from Intel471 joins us to discuss his team's research into cybercrime in China. Data from Intel 471 show that the Chinese cybercrime underground proliferates through use of common methods or platforms, but behaves differently in large part due to the caution that actors take with regard to their identity. While the average citiz…
T
The CyberWire Daily


1
Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators would’ve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.
27:45
27:45
Play later
Play later
Lists
Like
Liked
27:45
Oxford biology lab hacked. A Zoom impersonation phishing campaign afflicts targets in the EU. Senators disappointed in Amazon’s decision not to appear at this week’s SolarWinds hearing. NSA advocates adopting zero trust principles. CISA issues alerts on industrial control systems. The US Department of Homeland Security describes increases to its cy…
T
The CyberWire Daily


1
PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.
24:38
24:38
Play later
Play later
Lists
Like
Liked
24:38
FriarFox is a bad browser extension, and it’s interested in Tibet. Ukraine accuses Russia of a software supply chain compromise (maybe Moscow hired Gamaredon to do the work). Egregor hoods who escaped recent Franco-Ukrainian sweeps are thought responsible for DDoS against Kiev security agencies over the weekend. A look at Babuk, a new ransomware-as…
H
Hacking Humans


1
How likely are online users to reveal private information?
33:14
33:14
Play later
Play later
Lists
Like
Liked
33:14
Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Z…
T
The CyberWire Daily


1
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
25:59
25:59
Play later
Play later
Lists
Like
Liked
25:59
As more organizations are affected by the Accellion FTA compromise, authorities issue some recommendations for risk mitigation. Ocean Lotus is back, and active against Vietnamese domestic targets. LazyScripter is phishing with COVID and air travel lures. SolarWinds hearings include threat information, exculpation, and calls for more liability prote…
C
Caveat


1
Internet of Bodies (IoB) devices: technology is advancing much quicker than regulations can.
30:14
30:14
Play later
Play later
Lists
Like
Liked
30:14
Guest Mary Lee from the Rand Corporation joins Dave to discuss the Internet of Bodies (IoB): Opportunities, Risks and Governance, Ben looks at a state tax on social media advertising, and Dave's got the story of members of congress working with the Biden administration on Section 230 reforms. While this show covers legal topics, and Ben is a lawyer…
T
The CyberWire Daily


1
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
24:06
24:06
Play later
Play later
Lists
Like
Liked
24:06
Ukrainian security services complain of DDoS from Russia. The Accellion compromise is attributed to an extortion gang. Digital Shadow tracks the rise of initial access brokers, new middlemen in the criminal-to-criminal market. A botmaster uses an agile C2 infrastructure to avoid takedowns. IT executives to appear at US Senate hearings on Solorigate…
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.By CyberWire Inc.
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.By CyberWire, Inc.
T
The CyberWire Daily


1
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
23:49
23:49
Play later
Play later
Lists
Like
Liked
23:49
Facebook takes down Myanmar junta’s main page. APT31 clones Equation Group tools. Silver Sparrow’s up to...something or other. Bogus Flash Player update serves fake news and malware. Effects of supply chain compromises spread. Clubhouse’s privacy issues. VC firm breached. CrowdStrike releases its annual threat report. We welcome Josh Ray from Accen…
T
The CyberWire Daily


1
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
6:37
6:37
Play later
Play later
Lists
Like
Liked
6:37
High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursui…
C
Career Notes


1
Billy Wilson: Translating language skills to technical skills. [HPC]
6:37
6:37
Play later
Play later
Lists
Like
Liked
6:37
High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursui…
T
The CyberWire Daily


1
Attackers (ab)using Google Chrome. [Research Saturday]
20:47
20:47
Play later
Play later
Lists
Like
Liked
20:47
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)u…
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)u…
T
The CyberWire Daily


1
Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.
25:37
25:37
Play later
Play later
Lists
Like
Liked
25:37
Microsoft wraps up its internal investigation of Solorigate, which the US Government continues to grapple with, and which has had some effect in Norway. An apparent Iranian APT has been hosting its command-and-control in two Netherlands data centers. Estonia’s annual intelligence report describes Russian and Chinese ambitions in cyberspace. Threat …