Take a trip down regreSSHion lane.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.  Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape. And be sure to check out the latest episode of Only Malware in the Building here. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan’s CISSP certification journey. Avoiding an Independence Day grill-security flare-up.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K’s comprehensive CISSP training course. Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Splunk Patches High-Severity Vulnerabilities in Enterprise Product (SecurityWeek) Feds Hit Health Entity With $950K Fine in Ransomware Attack (GovInfo Security) How CISOs can protect their personal liability (CSO Online) Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 (Bishop Fox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program.  Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Don’t Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Johannes Ullrich from SANS Technology Institute talking about defending against attacks affecting APIs and dangerous new attack techniques you need to know about. This conversation is based on Johannes’ presentations at the 2024 RSA Conference. You can learn more about them here:  Attack and Defend: How to Defend Against Three Attacks Affecting APIs The Five Most Dangerous New Attack Techniques You Need to Know About Selected Reading New regreSSHion OpenSSH RCE bug gives root on Linux servers (Bleeping Computer) US Supreme Court sidesteps dispute on state laws regulating social media (Reuters) China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices (The Record) HubSpot accounts breach under investigation (SC Media) Japanese anime and gaming giant admits data leak following ransomware attack (The Record) Exposing FakeBat loader: distribution methods and adversary infrastructure (Sekoia.io blog) Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker (Halcyon) Google launches Bug Bounty Program for KVM Hypervisor (Stack Diary) How to Get Root Access to Your Sleep Number Bed (Dillan Mills) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CSO Perspectives preview N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here.  Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register) Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta. References: John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag. Lance Whitney, 2023. No More Passwords: How to Set Up Apple’s Passkeys for Easy Sign-ins [Explainer]. PCMag. Rick Howard, 2022. Two-factor authentication: A Rick the Toolman episode [Podcast]. CSO Perspectives Podcast - The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles Appendix [Book Page]. N2K CyberWire. Rick Howard, 2023. passkey (noun) [Podcast]. Word Notes Podcast - The CyberWire. Staff, 2023. 2023 Gartner® Magic QuadrantTM for Access Management [Report]. Okta. Learn more about your ad choices. Visit megaphone.fm/adchoices

Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages Learn more about your ad choices. Visit megaphone.fm/adchoices

TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don’t forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K’s Rick Howard at AWS re:Inforce event. They're discussing  cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Caitlyn Shim, Director of AWS Cloud Governance, joined N2K’s Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field  here.  Selected Reading TeamViewer investigating intrusion of corporate IT environment (The Record) Microsoft reveals further emails compromised by Russian hack (Engadget) Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek) Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24) Google to block sites using Entrust certificates in bombshell move (The Stack)  US House Subcommittee examines critical infrastructure vulnerabilities, role of cyber insurance in resilience efforts (Industrial Cyber)  FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe (The National Law Journal) This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security (ITPro) Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator (Bleeping Computer)  ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services (Cybersecurity News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key.  CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail.  In our  'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here.  Selected Reading Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York) Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google) ‘Poseidon’ Mac stealer distributed via Google ads (Malwarebytes) Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek) Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online) CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek) Metallica’s X account hacked to promote crypto token (Cointelegraph) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices