CyberWire Daily

Global CrowdStrike outage, UK arrest Scattered Spider member, DHS criticizes CISA contractor ties, Huntress finds SocGholish distributing AsyncRAT, ransomware hits US trial court, US regulator criticizes banks cyber risk management, CISA adds critical vulnerabilities, Australian police combat SMS phishing. Chris Grove from Nozomi Networks discusses challenges of protecting Summer Olympics. Rick Howard talks Cyber Threat Intelligence, interns value in cybersecurity.

John Hultquist, Mandiant’s Chief Analyst, discusses Cyber Threat Intelligence's evolution in intrusion prevention strategies and tracking espionage actors. The podcast also explores the recent Las Vegas ransomware attacks and insights shared at the MOIS conference on cyber intelligence and blockchain technology.

James Hadley, CEO of Immersive Labs, shares his journey from programming enthusiast to cybersecurity entrepreneur. He emphasizes the importance of practical skills over certifications and advises pursuing personal interests in the industry. Reflects on the inadequacy of traditional classroom learning in cybersecurity.

Selena Larson, from Proofpoint, discusses the research on fraudulent Olympics ticketing websites. Scammers create fake sites mimicking legitimate ticketing platforms, using deceptive tactics like phony QR codes. Law enforcement and Olympics partners have shut down 51 out of 338 fraudulent websites, cautioning against purchasing tickets from unofficial sources.

Rick Howard, CSO of N2K, discusses strong security cultures and AI with AWS’ CISO. They also cover the impact of a worldwide IT outage, ransomware threats to the energy sector, and a live-fire cyber-defense exercise. The episode explores the importance of language, leadership, and generative AI in cybersecurity operations.

Critical security flaw in Cisco's SSM On-prem, yacht retailer data breach, NHS ransomware attack. Port Shadow VPN attack, Ivanti high-severity patches. FIN7's security evasion tool, Indian crypto exchange transfer, SAP AI Core vulnerabilities. DDoS for hire team arrests. Guest discusses risk assessments on open-source software. Traffic light controller flaw discovery.

Interpol targets West African cybercrime groups. Bassett Furniture hit by ransomware. Gastroenterologist data breach. Apache HugeGraph flaw exploited. Updates on Octo Tempest. Satori finds evil twin campaigns on Google Play. Change Healthcare breach cost surpasses $2 billion. Surge in cybersecurity venture funding. Legal challenges for cyber regulatory agencies. Industry Insights on cybercrime enablement services. Challenges in fighting disinformation.

Sysdig guests Alex Lawrence and Matt Stamper discuss the 555 Cloud Security Benchmark. Squarespace domains hijacked, Kaspersky Lab closes US division, Poco RAT malware via 7zip files, CISA red-teaming, and Switzerland mandates open source software. Bellingcat locates alleged cartel member.

The podcast delves into conspiracy theories following an assassination attempt on Trump, AT&T paying to delete stolen data, Rite Aid's ransomware recovery, a hacktivist group breaching Disney’s Slack, Python packages exfiltrating data, upgraded HardBit ransomware, weaponizing PoC exploits, Google potentially acquiring Wiz, and Rick Howard's analysis of the MITRE ATT&CK framework.

Frank Duff, Amy Robertson, and Rick Doten discuss the current state of MITRE ATT&CK, delving into topics like the evolution of the Intrusion Kill Chain Prevention Strategy, collaborative cybersecurity efforts, the relationship between MITRE ATT&CK, the Diamond Model, and the Kill Chain Strategy, and exploring adversary behaviors and threat intelligence sources.