Stories
Podcasts
Briefings
Pro
Pro Briefings
Pro Podcasts
CSO Perspectives
Analyst Call
1
st
Principles Guide
Hash Table
API
Features/Pricing
Events
Glossary
About
Our Story
Press
Team
Testimonials
Sponsor
Partners
Join Pro
Search the site
Search the site
Login
Home
Search the site
Search the site
Stories
Podcasts
Briefings
Pro
Pro Briefings
Pro Podcasts
CSO Perspectives
Analyst Call
1
st
Principles Guide
Hash Table
API
Features/Pricing
Events
Glossary
About
Our Story
Press
Team
Testimonials
Sponsor
Partners
Pro Briefings
Pro Podcasts
CSO Perspectives
Features/Pricing
October 1, 2022
Join Pro
LOGIN
10 hours ago
Targeting your browser bookmarks?
David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltrates data via a browser's built-in bookmark sync. David goes on to describe how this research will "describe how the ability to synchronize bookmarks across devices introduces a novel vector for data exfiltration and other misuses." In the research, he shares how he tested his said hypothesis and goes on to describe how the interesting find was tested on multiple browsers including Chrome, Edge, Brave and Opera. In his research, he found that bookmarks are able to keep data and synchronize it, making it easier to infiltrate and extract data from. David shares the rest of his findings, as well as what organizations and browser developers can do to work on this new threat.
Research Saturday
10 hours ago
Targeting your browser bookmarks?
David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltrates data via a browser's built-in bookmark sync. David goes on to describe how this research will "describe how the ability to synchronize bookmarks across devices introduces a novel vector for data exfiltration and other misuses." In the research, he shares how he tested his said hypothesis and goes on to describe how the interesting find was tested on multiple browsers including Chrome, Edge, Brave and Opera. In his research, he found that bookmarks are able to keep data and synchronize it, making it easier to infiltrate and extract data from. David shares the rest of his findings, as well as what organizations and browser developers can do to work on this new threat.
Research Saturday
Cybersecurity News
11 hours ago
Albania explains its reasons for severing relations with Iran. Cashout scam targets forgotten crypto accounts. Next moves for Lapsus$?
Albania explains its reasons for severing relations with Iran. Cashout scam targets forgotten crypto accounts. Next moves for Lapsus$?
Week that Was
17 hours ago
A look back at Insider Threat Month: advice from industry experts.
Industry leaders discuss insider threats as National Insider Threat Awareness month comes to a close.
Story
19 hours ago
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
North Korean operators "weaponize" open-source software. The SolarMarker info-stealer returns. A quick review of Fast Company's WordPress hijacking incident. Deepfakes, and their evolution into an underworld and influence ops tool. Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace. Chris Novak from Verizon with a mid-year check in. Our guest is MK Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse, skilled workforce. And the US arrests three in two alleged spying cases.
CyberWire Daily
20 hours ago
NIST on cyber careers. CISA TLP update. US candidate will lead ITU. Curbing foreign spyware.
NIST wants you to see yourself in cyber. CISA releases manual for TLP update. Doreen Bogdan-Martin elected UN’s new ITU Secretary-General. Lawmakers call for crackdown on foreign spyware.
Policy
20 hours ago
What you need to know about the Optus data breach. US health network suffers data breach. Recent US data breach settlements.
What you need to know about the Optus data breach. US health network suffers data breach. Recent US data breach settlements.
Privacy
21 hours ago
MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
This interview from September 30th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with MK Palmore from Google Cloud to talk about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
Interview
22 hours ago
Why cybersecurity is a shared responsibility: How security leaders can engage end users to alleviate SOC analyst burnout.
Cybersecurity is a team sport — and National Cybersecurity Awareness Month (NCSAM) is a great opportunity to remind everyone of that. Hosted by CISA and the National Cybersecurity Alliance (NCSA), NCSAM aims to raise awareness about and ensure everyone has the resources they need to keep their data secure. This year’s theme is “See Yourself in Cyber,” which is quite fitting. For CISOs and security leaders specifically, NCSAM is the perfect time to reiterate proper cyber hygiene and security best practices across their organizations. End users have never played a more significant role in keeping cybercriminals at bay. However, unlike the security team, end users typically don’t live and breathe security as we cybersecurity professionals do. But, they need to start to — hence this year’s “See Yourself in Cyber” theme.
Story
22 hours ago
Creating Connections: Women in Cyber Security for 09.30.22
I don't know about you, but I am so excited it is fall! I know that winter follows that here in the Northeast, but I still relish this change to cool weather and nature's brilliant colors on the trees. And, finally, it means a return to our Women in Cybersecurity reception on October 20, 2022 at the International Spy Museum in Washington, DC. If you would like to learn more about the event and request an invitation please check out our event site.
Creating Connections
22 hours ago
Top takeaways from a summer in government: How can we bridge the gap between Silicon Valley & DC?
This summer, I was fortunate to have been able to better understand the nuances of cybersecurity from a federal level at the Cybersecurity and Infrastructure Security Agency (CISA). What does it take to secure a nation's infrastructure? What is the private sector's role as opposed to private sector vendors and product developers? How interconnected are the two spaces and how can we trace down where the gaps lie? From my vantage point, here are the top lessons/takeaways I've had, taking a look "behind the curtains" on how the US government carries out diplomacy in cybersecurity, challenges faced, and some potential innovation that could bridge the gaps.
Story
Sep 30, 2022
DPRK weaponizes open-source software. SolarMarker is back. A case of account hijacking. Deepfakes. Hybrid war update.
North Korean operators "weaponize" open-source software. SolarMarker info-stealer returns in watering hole campaign. Fast Company's Word Press hijacking incident. Deepfakes, and their evolution. Kinetic sabotage raises concerns about threats to infrastructure in cyberspace. CISA releases six Industrial Control System Advisories.
Daily Briefing
Sep 30, 2022
Ukraine at D+118: Annexation, disinformation, and infrastructure attacks.
President Putin, in the face of international condemnation, announces the annexation of four Ukrainian provinces. Ukraine's counteroffensive continues to make progress in the Donbas, as long-range Russian missiles resume strikes against civilian targets. The Nord Stream incident is now generally regarded as sabotage, and European concerns about attacks against energy infrastructure rise.
Story
Sep 30, 2022
Fast Company hack causes obscene Apple News notifications.
A breach of Fast Company’s WordPress systems allowed for a hacker to send obscene notifications via Apple News on Tuesday.
Story
Load More
Grow your brand,
generate leads,
and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out.
Learn More
