Deception, influence, and social engineering in the world of cyber crime.
A fun and informative cybersecurity audio glossary from the CyberWire.
Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words.
A weekly conversation on surveillance, digital privacy, cybersecurity law and policy. Hosted by the CyberWire's Dave Bittner and Ben Yelin from the University of Maryland Center for Health and Homeland Security. They break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digit ...
T
The CyberWire Daily


1
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
25:59
25:59
Play later
Play later
Lists
Like
Liked
25:59
As more organizations are affected by the Accellion FTA compromise, authorities issue some recommendations for risk mitigation. Ocean Lotus is back, and active against Vietnamese domestic targets. LazyScripter is phishing with COVID and air travel lures. SolarWinds hearings include threat information, exculpation, and calls for more liability prote…
H
Hacking Humans


1
How likely are online users to reveal private information?
33:14
33:14
Play later
Play later
Lists
Like
Liked
33:14
Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Z…
C
Caveat


1
Internet of Bodies (IoB) devices: technology is advancing much quicker than regulations can.
30:14
30:14
Play later
Play later
Lists
Like
Liked
30:14
Guest Mary Lee from the Rand Corporation joins Dave to discuss the Internet of Bodies (IoB): Opportunities, Risks and Governance, Ben looks at a state tax on social media advertising, and Dave's got the story of members of congress working with the Biden administration on Section 230 reforms. While this show covers legal topics, and Ben is a lawyer…
T
The CyberWire Daily


1
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
24:06
24:06
Play later
Play later
Lists
Like
Liked
24:06
Ukrainian security services complain of DDoS from Russia. The Accellion compromise is attributed to an extortion gang. Digital Shadow tracks the rise of initial access brokers, new middlemen in the criminal-to-criminal market. A botmaster uses an agile C2 infrastructure to avoid takedowns. IT executives to appear at US Senate hearings on Solorigate…
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.By CyberWire Inc.
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.By CyberWire, Inc.
T
The CyberWire Daily


1
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
23:49
23:49
Play later
Play later
Lists
Like
Liked
23:49
Facebook takes down Myanmar junta’s main page. APT31 clones Equation Group tools. Silver Sparrow’s up to...something or other. Bogus Flash Player update serves fake news and malware. Effects of supply chain compromises spread. Clubhouse’s privacy issues. VC firm breached. CrowdStrike releases its annual threat report. We welcome Josh Ray from Accen…
T
The CyberWire Daily


1
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
6:37
6:37
Play later
Play later
Lists
Like
Liked
6:37
High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursui…
C
Career Notes


1
Billy Wilson: Translating language skills to technical skills. [HPC]
6:37
6:37
Play later
Play later
Lists
Like
Liked
6:37
High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursui…
T
The CyberWire Daily


1
Attackers (ab)using Google Chrome. [Research Saturday]
20:47
20:47
Play later
Play later
Lists
Like
Liked
20:47
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)u…
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)u…
T
The CyberWire Daily


1
Mopping up Solorigate. Tehran’s Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple’s new chips. Lessons from the ice, and how hackers broke bad.
25:37
25:37
Play later
Play later
Lists
Like
Liked
25:37
Microsoft wraps up its internal investigation of Solorigate, which the US Government continues to grapple with, and which has had some effect in Norway. An apparent Iranian APT has been hosting its command-and-control in two Netherlands data centers. Estonia’s annual intelligence report describes Russian and Chinese ambitions in cyberspace. Threat …
T
The CyberWire Daily


1
The WatchDog Monero cryptojacking operation. “A criminal syndicate with a flag.” US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.
23:53
23:53
Play later
Play later
Lists
Like
Liked
23:53
Watch out for the WatchDog Monero cryptojacking operation. The US Justice Department describes North Korea as “a criminal syndicate with a flag.” CISA outlines the DPRK malware that figures in the AppleJeus toolkit. The Chair of the US Senate Intelligence Committee asks the FBI and EPA for a report on the Oldsmar water system cybersabotage incident…
H
Hacking Humans


1
Including your passwords in your final arrangements.
41:12
41:12
Play later
Play later
Lists
Like
Liked
41:12
Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some listener feedback from Jonathan about replacing outdated equipment (aka an old phone), Joe's story is about ongoing campaign targeting security research…
T
The CyberWire Daily


1
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.
25:42
25:42
Play later
Play later
Lists
Like
Liked
25:42
High Bitcoin valuation draws the attention of cybercriminals, and a number of those criminals work for Mr. Kim, of Pyongyang. Alleged criminals, we should say. Centreon offers an update of its investigation of the Sandworm incident ANSSI uncovered. Reports of the Big Hack are received with caution. Patches applied, pulled, and replaced. Joe Carriga…
C
Caveat


1
Privacy has become almost a fundamental right.
36:57
36:57
Play later
Play later
Lists
Like
Liked
36:57
Guest Ameesh Divatia from Baffle joins Dave to discuss whether it’s time for a national privacy referendum, Ben looks at a plan congressional democrats are cooking up for section 230 of the communications decency act. and Dave has the story of a clever technique police officers are using to prevent being live streamed. While this show covers legal …
T
The CyberWire Daily


1
France’s ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE
23:40
23:40
Play later
Play later
Lists
Like
Liked
23:40
France finds Sandworm’s trail in a software supply chain. Microsoft is impressed by the amount of effort Russian intelligence services put into the SolarWinds campaign. Pyongyang is reported to have attempted to steal COVID-19 vaccine information. Supermicro reiterates objections to Bloomberg's report on alleged hardware supply chain compromises. S…
T
The CyberWire Daily


1
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
33:38
33:38
Play later
Play later
Lists
Like
Liked
33:38
In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space. February 2021 Update: we revisit the topic with guest Hank Thomas to hear the latest on S…
The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.By CyberWire Inc.
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.By CyberWire, Inc.
T
The CyberWire Daily


1
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
7:10
7:10
Play later
Play later
Lists
Like
Liked
7:10
Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in t…
C
Career Notes


1
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical]
7:10
7:10
Play later
Play later
Lists
Like
Liked
7:10
Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in t…
T
The CyberWire Daily


1
Using the human body as a wire-like communication channel. [Research Saturday]
21:14
21:14
Play later
Play later
Lists
Like
Liked
21:14
Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. Instead of inserting a card or scanning a smartphone to make a payment, what if you could simply touch the machine with your finger? A prototype developed by Purdue University engineers would essentiall…
R
Research Saturday

1
Using the human body as a wire-like communication channel.
21:14
21:14
Play later
Play later
Lists
Like
Liked
21:14
Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. Instead of inserting a card or scanning a smartphone to make a payment, what if you could simply touch the machine with your finger? A prototype developed by Purdue University engineers would essentiall…
T
The CyberWire Daily


1
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don’t be the hacker’s valentine.
27:33
27:33
Play later
Play later
Lists
Like
Liked
27:33
Bloomberg revives its reporting on hardware backdoors on chipsets. Has someone bought the source code for the Witcher and Cyberpunk? CISA issues ICS alerts. The FBI and CISA offer advice about water system cybersabotage as state and local utilities seek to learn from the Oldsmar attack. Verizon’s Chris Novak ponders if you should get your Cybersecu…
T
The CyberWire Daily


1
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
27:24
27:24
Play later
Play later
Lists
Like
Liked
27:24
Spyware in the Subcontinent. Some crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The US now has a point person for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason …
H
Hacking Humans


1
In the disinformation and misinformation crosshairs.
37:26
37:26
Play later
Play later
Lists
Like
Liked
37:26
Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks about data breaches that have increased 50% year over year since 2018, and our Catch of the Day is from a listener named John his wife saw on Facebook who t…
T
The CyberWire Daily


1
Paying for the bomb the 21st century way. Domestic Kitten’s international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
21:16
21:16
Play later
Play later
Lists
Like
Liked
21:16
What’s North Korea doing with all that money the Lazarus Group steals? Buying atom bombs, apparently. Iran’s Domestic Kitten is scratching at some international surveillance targets. Not everyone who says they’re a Bear really is one. Parking malware in Discord. Notes on Patch Tuesday. Joe Carrigan details a gift card scam that hit a little close t…
We have guest Jenna Waters from True Digital Security looking back at the last year of Covid and how that’s affected privacy, particularly in the medical field, Ben looks at a tool that can help determine if your image is part of a facial recognition library, and Dave has the story of law enforcement dodging public records rules through the use of …
T
The CyberWire Daily


1
Almost too much lye in the water, down Florida-way. BlackTech’s new malware strain. Huawei says it’s OK if the White House calls.
24:35
24:35
Play later
Play later
Lists
Like
Liked
24:35
Florida water treatment plant sustains cyberattack: the hack was successful, the sabotage wasn’t. A new malware strain is associated with Chinese intelligence services. Ben Yelin tracks a surveillance plane who’s funding has fallen. Our guest is Col. Stephen Hamilton from Army Cyber Institute at West Point. And Huawei’s CEO says, sure, he’d take a …
A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.By CyberWire Inc.