Iran's covert cyber operations exposed.
The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guests
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes:
- Cryptographic life cycle
- Cryptographic method
- Public key infrastructure (PKI).
Resources:
Domain 3: Security Architecture and Engineering
Apply the principles of secure design to engineering processes. Choose the appropriate security controls for sites, facilities, and systems. Understand cryptanalytic attacks and select cryptographic solutions.
- 3.1 Research, implement and manage engineering processes using secure design principles
- 3.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
- 3.3 Select controls based upon systems security requirements
- 3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
- 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
- 3.6 Select and determine cryptographic solutions
- 3.7 Understand methods of cryptanalytic attacks
- 3.8 Apply security principles to site and facility design
- 3.9 Design site and facility security controls
Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you’re confident and successful on exam day.
Industry Voices
On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness.
Resources:
- For more details on geopolitical tensions, visit Mapping 2024’s cyber threat intelligence landscape.
- Learn about the increased risk of ransomware and see the ransomware checklist.
Selected Reading
Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers)
Congress passes bill that could ban TikTok after years of false starts (Washington Post)
Russian hackers claim cyberattack on Indiana water plant (The Record)
Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.)
Global attacker median dwell time continues to fall (Help Net Security)
New Password Cracking Analysis Targets Bcrypt (SecurityWeek)
North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine)
Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer)
Sweden's liquor shelves to run empty this week due to ransomware attack (The Record)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.