CyberWire Daily

On the run, caught on arrival.

An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists it’s not a data breach. A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers.

Transcript

No more “cyber Snorlax” naps.

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak’s Servers Take Critical Hit.

Transcript

Authorities bring down another hacker.

Brazilian authorities arrest the alleged “USDoD” hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms’ ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss “What’s new from this year’s Counter Ransomware Initiative summit.” Redbox DVD rental machines get a reboot.

Transcript

Sri Lanka says ‘no more’ to financial fakers!

Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach. A major apparel provider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue.

Transcript

A “must patch” list in the making.

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS.

Transcript