App Store

Google Play

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection. 
The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses.
The research can be found here: 
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader

Learn more about your ad choices. Visit megaphone.fm/adchoices

The JPHP loader breaking away from the pack. [Research Saturday]

In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel "Digital Mindhunters." 

Book Overview
In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the very foundations of U.S. democracy. In a world where lies are a weapon and trust is a luxury, she navigates the treacherous worlds of arms dealers, hackers, and spies to protect her country.

About the author
Dr. Bilyana Lilly is a cybersecurity and information warfare expert. She advises senior executives in the private and public sector on how to mitigate cybersecurity risk across their enterprises. Dr. Lilly serves on the Advisory Boards of the venture capital firm Night Dragon and the cybersecurity firm RunSafe Security. She chairs the Democratic Resilience Track of the Warsaw Security Forum and is an adjunct senior advisor for critical infrastructure and resilience at the Institute for Security and Technology. Her previous roles include a manager at Deloitte's Financial Cybersecurity Practice and a fellow at the RAND Corporation. Dr. Lilly holds a PhD in policy analysis and cyber security, and three master's degrees, including an honors degree from Oxford University. Her book "Russian Information Warfare" became a bestseller and is on display at the Pentagon. Dr. Lilly is a mentor and a speaker at RSA, DefCon, CyCon, and the Executive Women's Forum. She has been denounced by Russia's Ministry of Foreign Affairs and called cyber expert by Tom Hanks.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. 

Selected Reading
I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek)
Romania’s top court annuls presidential election result (CNN)
MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes)
QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer)
Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek)
Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek)
Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer)
Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer)
Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News)
Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov)
Robot Rodents: How AI Learned To Squeak And Play (Hackaday)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Router security in jeopardy.

Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Check out Cobalt’s GigaOm Radar Report for PTaaS 2024 to learn more. 

Selected Reading
ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket (Hackread)
Dell Power Manager Vulnerability Let Attackers Execute Malicious Code (Cyber Security News)
TikTok Asks Court To Suspend Ban Ahead of Supreme Court Appeal (The Information)
Radiant links $50 million crypto heist to North Korean hackers (Bleeping Computer)
US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware (The Record)
WhatsApp View Once Vulnerability Let Attackers Bypass The Privacy Feature (Cyber Security News)
SpyLoan Malware: A Growing Threat to Android Users (Security Boulevard)
Romanian energy supplier Electrica hit by ransomware attack (Bleeping Computer)
OpenWrt Sysupgrade flaw let hackers push malicious firmware images (Bleeping Computer)
Homeland Security veteran to be interviewed for Trump administration cyber role (The Record)
Google claims ‘breakthrough’ with new quantum chip (Silicon Republic)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Buckets of trouble.

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo’s managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program.

Selected Reading
New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes)
Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine)
Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek)
Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News)
ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek)
Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine)
AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard)
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register)
Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread)
New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer) 
US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine)
Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop)
Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When exploits go wild and patches race the clock.

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Today, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned. 

Selected Reading
ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News)
Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC)
Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record)
Apache issues patches for critical Struts 2 RCE bug (The Register)
Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek)
Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News)
Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines)
Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek)
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine)
Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer)
Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When AI goes offline.

The U.S. dismantles the Rydox criminal marketplace. File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article.

Selected Reading
Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek)
Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record)
Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record)
Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread)
Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek)
Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine)
Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems (Cyber Security News)
14 North Korean IT Workers Charged, US to Offer $5 Million Rewards for Info (Cyber Security News)
Texas adds data broker specializing in driver behavior to list of alleged privacy law violators (The Record)
UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts (Infosecurity Magazine)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers in handcuffs.

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. 
The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape.
The research can be found here: 
GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Learn more about your ad choices. Visit megaphone.fm/adchoices

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

Please enjoy this encore episode of Career Notes. 
Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deploy Zeppelin ransomware to encrypt victims’ files.
AA22-223A Alert, Technical Details, and Mitigations
Zeppelin malware YARA signature
What is Zeppelin Ransomware? Steps to Prepare, Respond, and Prevent Infection
Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.
This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}

Listen and read

Other podcasts you might like ...