The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations. AA22-187A Alert, Technical Details, and Mitigations Stairwell Threat Report: Maui Ransomware North Korea Cyber Threat Overview and Advisories Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments National Conference of State Legislatures: Security Breach Notification Laws Health Breach Notification Rule Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches StopRansomware.gov CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at email@example.com or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
CyberWire Daily - Transcripts
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
Quantum computing and security standards. Notes on the cyber phases of a hybrid war, and how depressingly conventional cybercrime persists in wartime. Pyongyang operators are using Maui ransomware against healthcare targets. Malek Ben Salem from Accenture looks at the security risks of GPS. Our guest is Brian Kenyon of Island to discuss enterprise browser security. Shanghai's big data exposure. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/128 Selected reading. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms (NIST) Winners of NIST's post-quantum cryptography competition announced (Computing) NIST unveils four algorithms that will underpin new 'quantum-proof' cryptography standards (SC magazine) NIST Identifies 4 Quantum-Resistant Encryption Algorithms (Nextgov.com) Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats (CISA) Quantum-resistant encryption recommended for standardization (Register) Keeping Phones Running in Wartime Pushes Kyivstar to the Limit (Bloomberg) The Ukraine war could provide a cyberwarfare manual for Chinese generals eyeing Taiwan (CyberScoop) Ukrainian police takes down phishing gang behind payments scam (ZDNet) Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict (Security Affairs) North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (CISA) Reports (Moody’s) Clarion Housing ‘cyber incident’ affects thousands of tenants (Cambs Times) In a big potential breach, a hacker offers to sell a Chinese police database. (New York Times) Nearly one billion people in China had their personal data leaked, and it's been online for more than a year (CNN) China data breach likely to fuel identity fraud, smishing attacks (ZDNet) China Tries to Censor What Could Be Biggest Data Hack in History (Gizmodo) Here are four big questions about the massive Shanghai police leak (Washington Post) Shanghai Data Breach Exposes Dangers of China’s Trove (Bloomberg)
Cyberattack hits a Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Royal Army accounts are hijacked. A hacktivist group claims to have hit Iranian sites. A very very large database of PII is for sale on the dark web. Chase Snyder from ExtraHop has a look back at WannaCry, 5 years on. Ben Yelin examines the constitutionality of keyword search warrants. And a rogue employee makes off with bug reports. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/127 Selected reading. Russian hackers allegedly target Ukraine's biggest private energy firm (CNN) Proruskí hackeri opäť útočili. Ďalšia významná spoločnosť hlási, že čelila kybernetickým útokom (Vosveteit.sk) Preparing for the long haul: the cyber threat from Russia (NCSC) Official British Army Twitter and YouTube accounts hijacked by NFT scammers (Hot for Security) British army confirms breach of its Twitter and YouTube accounts (the Guardian) British Army hit by cyberattack as Twitter and YouTube accounts hacked (The Telegraph) Iranians' Remote Access to Banking Services Cut Off Over 'Cyber Attacks' (IranWire) (Video) Iranian regime’s Islamic Culture and Communications Organization targeted in massive cyber offensive (EIN News) Hackers Claim Theft of Police Info in China’s Largest Data Leak (Bloomberg) Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data (HackRead) Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web (ZDNet) Hacker claims to have stolen 1 bln records of Chinese citizens from police (Reuters) HackerOne disclosed on HackerOne: June 2022 Incident Report (HackerOne) HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains (The Hacker News) Rogue HackerOne employee steals bug reports to sell on the side (BleepingComputer)
In this episode, Marc and Patrick Morley, former CEO of Carbon Black, get nostalgic as they discuss Patrick's journey of coming up through the start up scene in the 90s—from working with VCs to taking companies public—and compare it to running cyber companies today. Along with the early career experience that helped form Patrick's leadership philosophy, he shares his experience of becoming CEO of Bit9, seeing the company through a breach, acquiring Carbon Black, bring the company public and later getting acquired by VMWare—this episode is filled to the brim. You'll also learn about: How build a criteria for joining a start up Why cyber is the most mission-driven area of tech What it's like to call 600 customers in 2 days after a breach and not lose a single one Seven philosophies for running a cyber company
Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group. The research states "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website." It also stated that this is a smaller attack than they have seen by the group before, and notes that there seems to be more of a political agenda behind the attack, whereas in the past, REvil has been less political. The research can be found here: REvil Resurgence? Or a Copycat?
An update on the DDoS attack against Norway. NATO's resolutions on cyber security. North Korea seems to be behind the Harmony cryptocurrency heist. MedusaLocker warninga. Microsoft sees improvements in a gang's technique. Google blocks underworld domains. The Israeli-Iranian conflict in cyberspace. Chris Novak from Verizon with his take on this year’s DBIR. Our guest is Jason Clark of Netskope on the dynamic challenges of a remote workforce.And Now among the FBI’s Ten Most Wanted: one Crypto Queen. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/126 Selected reading. Pro-Russian hackers launched a massive DDoS attack against Norway (Security Affairs) NATO establishes program to coordinate rapid response to cyberattacks (POLITICO) NATO to create cyber rapid response force, increase cyber defense aid to Ukraine (CyberScoop) FACT SHEET: The 2022 NATO Summit in Madrid | The White House (The White House) North Korean Lazarus hackers linked to Harmony bridge thef (TechCrunch) North Korea Suspected of Plundering Crypto to Fund Weapons Programs (Wall Street Journal) Crypto crash threatens North Korea's stolen funds as it ramps up weapons tests (Reuters) CISA Alert AA22-181A – #StopRansomware: MedusaLocker. (CISA Cybersecurity Alerts with the CyberWire) #StopRansomware: MedusaLocker (CISA) Microsoft warning: This malware that targets Linux just got a big update (ZDNet) Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (The Hacker News) Google blocked dozens of domains used by hack-for-hire groups (BleepingComputer) Countering hack-for-hire groups (Google) Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack (Times of Israel) Proofpoint: Zionist covert operation? (PressTV) Zionist intelligence company cyberattacked by Iraqi hackers (Mehr) FBI Offers $100,000 Reward for Capture of Ten Most Wanted Fugitive ‘Cryptoqueen’ (FBI)