CyberWire Daily

CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers’ Social Security Numbers.

A CISA-issued Joint Advisory warns of threats and vulnerabilities at water and wastewater treatment facilities. CISA issues twenty-two other industrial control system advisories. Andrea Little Limbago from Interos on trends in the human element of security. Our guest is Gidi Cohen from Skybox with Vulnerability and Threat Trends. And the Governor of Missouri intends to prosecute the Saint Louis Post-Dispatch to the fullest extent of whatever the law turns out to be.

Transcript

Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.

Data breach extortion seems to be an emerging criminal trend. Notes on a darknet market’s retirement. Verizon advises Visible users to look to their credentials. Windows users’ attention is drawn to seven potentially serious vulnerabilities (all patchable). The Necro botnet is installing Monero cryptojackers. Organizing an international response to ransomware. Carole Theriault shares thoughts on social engineering. Dinah Davis from Arctic Wolf on the supply chain attack framework. And a quick look at the state of cyber risk in higher education.

Transcript

Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.

A Chinese-speaking APT is distributing the MysterySnail RAT in what appears to be a cyberespionage campaign. Some users still haven’t patched vulnerable SolarWinds instances. Notes on yesterday’s Patch Tuesday. The US-convened international ransomware conference kicked off today, and Russia wasn’t invited. Former users of a criminal booter service get a stern warning letter from the Dutch police. Caleb Barlow reacts to a recent ransomware tragedy. Our guest is Rob Gurzeev of CyCognito on the security issues with subsidiaries. And a Florida woman is charged with altering aircraft records.

Transcript

Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize

Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids.

Transcript

Fancy Bear’s snuffling at Gmail credentials. FIN12’s threat to healthcare, and BlackMatter’s threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.

Google warns fourteen-thousand Gmail users that Fancy Bear has probably been after their passwords. FIN12, a fast-running ransomware group, is after hospitals’ and healthcare providers’ money. BlackMatter remains active against the agriculture sector. REvil is back and talking on the RAMP forum, but so far it’s getting a chilly reception. Twitch traces its vulnerability to a server misconfiguration. David Dufour from webroot wonders about cracking down on crypto. Our guest is Jeff Dileo of NCC on mastering container security. And Group-IB’s CEO is charged with treason.

Transcript