Cybersecurity News

the cyberwire
15 hours ago
Exploits and vulnerabilities.
Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB."
Research Saturday
the cyberwire
16 hours ago
Cyber operations across the spectrum of conflict, with some excursions into the criminal underworld.
Hybrid war in Ukraine. The spread of hybrid war from Gaza. North Korean cyber operations: supply chain attacks and cryptocurrency raids. SugarGh0st's cyberespionage. Ransomware privateering, and other developments in the cyber underworld.
Week that Was
the cyberwire
Dec 1, 2023
Wyden blocks the senate vote.
Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading?
CyberWire Daily
the cyberwire
Dec 1, 2023
GPS interference (and other forms of deception).
GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. Twisted Spider observed conducting new ransomware campaigns. A new ScrubCrypt variant. Staples sustains a cyberattack. Ukraine inserts a speech by President Zelenskyy into Russian television programming in Crimea.
Daily Briefing
the cyberwire
Dec 1, 2023
Ukraine at D+685: Influence operations in a winter war.
Russian disinformation seeks to reach anglophone audiences, and makes some claims that would be too far-fetched to get past a science-fiction editor.
Story
the cyberwire
Nov 30, 2023
Widespread exploitation of severe vulnerability in ownCloud.
Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war. On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS’ers are looking for volunteers.
CyberWire Daily
the cyberwire
Nov 30, 2023
Section 702 reauthorization in the US; evolving rules for AI development internationally.
International guidance on AI system development. US Navy’s cyber strategy’s focus on non-kinetic measures. CISA resurrects cyber insurance working group.
Caveat
the cyberwire
Nov 30, 2023
The ongoing convergence of crime and espionage.
"SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. cam steals travel company customer credentials. ScamClub's bogus alert pop-ups. Okta breach update. Cryptomixer taken down in international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. Black Basta's take to-date. CERT-EU warns member states of Russian cyber threat. NATO cyber exercise runs against the background of Russia's hybrid war. NoName057(16)'s DDoSia project is looking for volunteers.
Daily Briefing
the cyberwire
Nov 30, 2023
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.
NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.
Story
the cyberwire
Nov 30, 2023
Mike Brown: CEO of Talion
Mike Brown, CEO of the MSSP Talion, joins Marc in the latest episode of CyberCEOs Decoded. Mike shares his unconventional and winding story about buying an MSSP on the eve of the COVID-19 pandemic – and how he runs the thriving EMEA-based company from Texas today. Mike has been around more than a couple of blocks and has lots to share.
Cyber CEOs Decoded
the cyberwire
Nov 30, 2023
Critical challenges for critical infrastructure.
Nick Sanna of the FAIR Institute and Safe Security joins to discuss the challenges the White House faces in attempting to harmonize critical infrastructure regulations. Ben has the story of a warrantless phone records surveillance program that is tracking over a trillion U.S. phone records annually. Dave explains how reporters from Rolling Stone tracked visitors to Donald Trump’s Mar-a-lago.
Caveat
the cyberwire
Nov 30, 2023
Artificial Intelligence: Insights & Oddities
On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief.
8th Layer Insights
Load More
Get more depth with CyberWire Pro.
Stay cyber-aware with access to all of our public podcasts ad-free, as well as our exclusive CyberWire Pro podcasts, briefings, articles, and events by becoming a CyberWire Pro subscriber. Get actionable reporting, analysis & insights on cyber events all at your fingertips.
Subscribe