The CyberWire Daily Podcast 5.26.22
Ep 1587 | 5.26.22

"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.

Show Notes

"Pantsdown" in QCT Baseboard Management Controllers. A warning on ChromeLoader. Conti updates. Ransomware’s effect on SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands, again. Kyiv honors Google. Josh Ray from Accenture reminds us it’s military appreciation month. Our guest is Melissa Bischoping of Tanium with lessons learned from the American Dental Association ransomware attack. And a poacher turned gamekeeper?

Selected reading.

Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers (The Hacker News)

ChromeLoader: a pushy malvertiser (Red Canary) 

Conti leaks data stolen during January attack on Oregon county (The Record by Recorded Future) 

Is the Conti Ransomware Gang Stronger Apart Then Together? (OODA Loop) 

SpiceJet: Passengers stranded as India airline hit by ransomware attack (BBC News) 

SpiceJet's woes continue as ransomware attack delays flights (The Loadstar) .

SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace (

CISA Adds 34 Known Exploited Vulnerabilities to Catalog (CISA) 

Mykhailo Fedorov presented the first "Peace prize" to Google (Digital Gov) 

 Notorious Vietnamese hacker turns government cyber agent (France 24)