TitleDate
WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.May 26, 2017 Listen
Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.May 25, 2017 Listen
Manchester bombing investigators look at bomber's network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.May 24, 2017 Listen
ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation. May 23, 2017 Listen
How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).May 22, 2017 Listen
WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results. May 19, 2017 Listen
OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.May 18, 2017 Listen
Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaksMay 17, 2017 Listen
WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?May 16, 2017 Listen
WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.May 15, 2017 Listen
WannaCry ransomware spreads via ShadowBrokers' dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump's Executive Order on cybersecurity.May 12, 2017 Listen
French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother's day giftcard hacking. Telephonic harassment.May 11, 2017 Listen
NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.May 10, 2017 Listen
Metadata signs point to St. Petersburg in l'affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.May 09, 2017 Listen
Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.May 08, 2017 Listen
Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.May 05, 2017 Listen
Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin's CISO.May 04, 2017 Listen
Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.May 03, 2017 Listen
IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.May 02, 2017 Listen
NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.May 01, 2017 Listen
OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. Apr 28, 2017 Listen
Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority's charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.Apr 27, 2017 Listen
Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle's point-of-sale breach. Hacking in Fast and Furious 8.Apr 26, 2017 Listen
Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.Apr 25, 2017 Listen
Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.Apr 24, 2017 Listen
States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.Apr 21, 2017 Listen
Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium.  A Chicago lawsuit brings privacy issues to the fore.Apr 20, 2017 Listen
Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.Apr 19, 2017 Listen
Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.Apr 18, 2017 Listen
Missiles and malware? ShadowBrokers' leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?Apr 17, 2017 Listen
ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.Apr 14, 2017 Listen
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits. Apr 13, 2017 Listen
Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokersApr 12, 2017 Listen
Women in Cybersecurity 2017: A CyberWire Special EditionApr 12, 2017 Listen
Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes  Gödel PrizeApr 11, 2017 Listen
Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.Apr 10, 2017 Listen
APT10's Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.Apr 07, 2017 Listen
Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.Apr 06, 2017 Listen
Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.Apr 05, 2017 Listen
Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security. Apr 04, 2017 Listen
WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.Apr 03, 2017 Listen
Fancy Bear's phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? Mar 31, 2017 Listen
Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.Mar 30, 2017 Listen
Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.Mar 29, 2017 Listen
Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.Mar 28, 2017 Listen
Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America's JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.Mar 27, 2017 Listen
WikiLeaks' Vault 7 "Dark Matter" docs. Information operations, Russian style and ISIS style. Job database exposed. Mar 24, 2017 Listen
Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.  Mar 23, 2017 Listen
Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.Mar 22, 2017 Listen
Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it's being framed by DNS spoofing. "Cyber Pearl Harbor" fears may be a distraction.Mar 21, 2017 Listen
Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council's Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.Mar 20, 2017 Listen
Cyberspace and "Cold War Two." Who's leaking to WikiLeaks? Wishbone breached—warn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.Mar 17, 2017 Listen
Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach. Mar 16, 2017 Listen
Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.Mar 15, 2017 Listen
Canadian government sites recover from the Apache Struts vulnerability. FireEye's M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.Mar 14, 2017 Listen
Vault 7 updates—observers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.Mar 13, 2017 Listen
WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs. Mar 10, 2017 Listen
Vault 7 doesn't show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power. Mar 09, 2017 Listen
WikiLeaks and Vault 7Mar 08, 2017 Listen
StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks' Vault 7. Hacking back? Wiretapping?Mar 07, 2017 Listen
RSA 2017 Roundup – Perspectives, Pitches and PredictionsMar 07, 2017 Listen
Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.  Mar 06, 2017 Listen
Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar's prospects. PRC wants cyber peace. And farewell to Howard Schmidt.Mar 03, 2017 Listen
Online banking funds transfer fraud. Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.Mar 02, 2017 Listen
Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.Mar 01, 2017 Listen
Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.Feb 28, 2017 Listen
If I Only Had a Brain... Artificial Intelligence Gets Real at RSA 2017 - CyberWire Special EditionFeb 28, 2017 Listen
Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.Feb 27, 2017 Listen
SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars. Feb 24, 2017 Listen
Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State's cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.Feb 23, 2017 Listen
Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York's cyber security regulations for banks. What Verizon will get from Yahoo!Feb 22, 2017 Listen
A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST's draft electrical utility cyber guidance. Problematic toys.Feb 21, 2017 Listen
International norms of cyber conflict. Fancy Bear's tradecraft (with a side of дезинформа́ция). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.Feb 17, 2017 Listen
Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported.  Notes from RSA, and an update on Android gunnery malware.Feb 16, 2017 Listen
Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.Feb 15, 2017 Listen
RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.Feb 14, 2017 Listen
Cyber attacks reported in the Middle East, from both states and non-state actors. Italy's Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA's Innovation Sandbox.Feb 13, 2017 Listen
Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine's Day.Feb 10, 2017 Listen
The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes. Feb 09, 2017 Listen
Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.Feb 08, 2017 Listen
Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?Feb 07, 2017 Listen
Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to "witchcraft." Feb 06, 2017 Listen
Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.Feb 03, 2017 Listen
A black market for insider information. Cisco studies data breaches. The Internet as a threat actor's R&D infrastructure.Feb 02, 2017 Listen
Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?Feb 01, 2017 Listen
Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.Jan 31, 2017 Listen
Special Edition: 2017 Cyber Security ForecastJan 31, 2017 Listen
Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.Jan 30, 2017 Listen
LeakedSource is down. DoubleFlag's called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.Jan 27, 2017 Listen
Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security's 2016 breach report. International cyber conflict notes, and a treason case in Russia.Jan 26, 2017 Listen
Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.Jan 25, 2017 Listen
Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.Jan 24, 2017 Listen
Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai's master?Jan 23, 2017 Listen
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow). Jan 20, 2017 Listen
France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding "Fruitfly." Tracking Mirai's master.Jan 19, 2017 Listen
Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.Jan 18, 2017 Listen
Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.Jan 17, 2017 Listen
Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.Jan 13, 2017 Listen
Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.Jan 12, 2017 Listen
Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?Jan 11, 2017 Listen