episode-header-image

Feb 2023

36m 32s

Insight from the ISACs.

About this episode

Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.

Control Loop News Brief.

Russian wiper malware targets Ukraine.

Russia’s Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop)

APT Activity Report for T3 2022 (ESET)

Cyber attack on the Ukrinform information and communication system (CERT-UA)

Command injection vulnerability affects Cisco devices.

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix)

Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco)

Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection.

Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino)

IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.

Network Security Trends: August-October 2022 (Unit 42)

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)

Control Loop Interview.

The interview is the second part from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC.

Control Loop Learning Lab.

In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next

Digging into regulatory compliance issues.

UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on V ... Show More

Hacktivism targeting OT devices.

US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forwar ... Show More

Critical infrastructure: Pending legislation and risks and rewards from AI.

Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to af ... Show More

Recommended Episodes

Bridging AI and Cybersecurity Gaps with Mileva Security Labs’ Harriet Farlow

Join us in this episode of Threat Vector as guest host Michael Heller shares his conversation with Harriet Farlow, CEO of Mileva Security Labs and a pioneer in AI security research. With a background spanning AI and national cybersecurity, Harriet shares her journey into adversar ... Show More

Cybersecurity leaders gear up for the ultimate test.

Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols ... Show More

Balancing Security with Usability in Cybersecurity

In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More

UK’s newest cybersecurity MVPs.

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from ... Show More

Former cybersecurity officials lose clearances.

Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large L ... Show More

National security in the digital age.

A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a ... Show More

War Room Best Practices

In this episode of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, is joined by cybersecurity experts Kyle Wilhoit, Director of Threat Research, and Michal Goldstein, Director of Security Architecture and Research at Palo Alto Networks. Together, they exp ... Show More

Rolling the dice on cybersecurity.

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting e ... Show More

Listen to millions of songs and podcasts on Anghami