Stories
Podcasts
Briefings
Pro
Pro Briefings
Pro Podcasts
CSO Perspectives
Analyst Call
Hash Table
API
Features/Pricing
Events
Glossary
About
Our Story
Team
Testimonials
Sponsor
Partners
Join Pro
Search the site
Search the site
Login
Home
Search the site
Search the site
Stories
Podcasts
Briefings
Pro
Pro Briefings
Pro Podcasts
CSO Perspectives
Analyst Call
Hash Table
API
Features/Pricing
Events
Glossary
About
Our Story
Team
Testimonials
Sponsor
Partners
Pro Briefings
Pro Podcasts
CSO Perspectives
Features/Pricing
September 18, 2021
Join Pro
LOGIN
18 hours ago
An IoT educational exercise reveals a far-reaching vulnerability.
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.
Research Saturday
18 hours ago
An IoT educational exercise reveals a far-reaching vulnerability.
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.
Research Saturday
Cybersecurity News
18 hours ago
A zero-click exploit in iOS. No signs of a Russian crackdown on ransomware gangs.
REvil really does seem to be back, and other news from the ransomware underworld.
Week that Was
Sep 17, 2021
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin....or something.
Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas. Politics ain’t beanbag, Russian edition. An indictment emerges from the US investigation into possible misconduct during the 2016 elections. The costs of coin-mining. Josh Ray from Accenture on protecting critical infrastructure. Our guest is Tony Pepper from Egress with a look at Insider Data Breaches. And don’t mix investment advice with matters of the heart.
CyberWire Daily
Sep 17, 2021
Tony Pepper from Egress on Insider Data Breach Survey 2021 report.
This interview from August 19th, 2021 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Tony Pepper from Egress about the Insider Data Breach Survey 2021 report.
Interview
Sep 17, 2021
Apps and breach notification. Election manipulation as policy. Military cyber doctrine. AI and human rights.
US Federal Trade Commission emphasizes notifications of breaches originating in apps. Russian election manipulation, domestic front. Military cyber doctrine, in the UK and China. UN cautions on AI's risk to human rights.
Policy
Sep 17, 2021
French COVID-19 test data breached. Ransomware at customer support provider TTEC. The cost to HSE of the ransomware attack it sustained.
French COVID-19 test data breached. Ransomware at customer support provider TTEC. The cost to HSE of the ransomware attack it sustained.
Privacy
Sep 17, 2021
CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms.
CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms during the last US election.
Daily Briefing
Load More
Grow your brand,
generate leads,
and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out.
Learn More
