episode-header-image

Jul 2024

36m 53s

Squarespace's square off with hijacked d...

About this episode

Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Bellingcat sleuths pinpoint an alleged cartel member.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Learn more about the /555 benchmark.

Selected Reading

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security)

Kaspersky Lab Closing U.S. Division; Laying Off Workers (Zero Day)

Beware of BadPack: One Weird Trick Being Used Against Android Devices (Palo Alto Networks Unit 42)

New Poco RAT Weaponizing 7zip Files Using Google Drive (GB Hackers)

CISA broke into a US federal agency, and no one noticed for a full 5 months (The Register)

Organizations Warned of Exploited GeoServer Vulnerability (Security Week)

Microsoft finally fixes Outlook alerts bug caused by December updates (Bleeping Computer)

New Open Source law in Switzerland (Joinup)

Exploring the Skyline: How we Located an Alleged Cartel Member in Dubai (Bellingcat)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next

Cyber defenders pulled into deportation duty.

DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its ... Show More

Chinese hackers serve up espionage.

Chinese hackers infiltrate a major U.S. law firm. The EU Commission President warns Russia is waging a hybrid war against Europe. Researchers say LoJax is the latest malware from Russia’s Fancy Bear. Salesforce refuses ransom demands. London Police arrest two teens over an allege ... Show More

Critical GoAnywhere bug fuels ransomware wave.

Microsoft tags a critical vulnerability in Fortra’s GoAnywhere software. A critical Redis vulnerability could allow remote code execution. Researchers tie BIETA to China’s MSS technology enablement. Competing narratives cloud the Oracle E-Business Suite breach. An Ohio-based visi ... Show More

Recommended Episodes

Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack

In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cybe ... Show More

Cybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure Hacked

In today's episode of 'Cybersecurity Today,' hosted by Jim Love, we cover several key issues in the cybersecurity landscape. Firstly, a breach involving Workday and social engineering attacks targeting Salesforce customers is discussed. Next, the risks posed by a recent Windows u ... Show More

Hackers Say Thanks For Lousy Security In Large Fast Food Chain

Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLof ... Show More

Cybersecurity Today: Virtual Employees, AI Security Agents, and CVE Program Updates

In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to ... Show More

SN 1014: FREEDOM Administration Login - Apple's UK Privacy Showdown, $1.5 Billion Crypto Heist

Apple disables Advanced Data Protection for new UK users. Paying ransoms is not as cut and dried as we might imagine. Elon Musk's "X" social media blocks "Signal.me" links. Spain's soccer league blocks Cloudflare and causes a mess. Two new (and rare) vulnerabilities discovered in ... Show More

Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

In this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world governments to harmonize cybersecuri ... Show More

Cybercrime Magazine Update: Small Business Alert. Top 10 Most Common Social Engineering Attacks.

Tech Bullion has highlighted the top 10 most common social engineering attacks that small businesses should know, including phishing emails and spear phishing. In this episode, host Paul John Spaulding is joined by Steve Morgan, Founder of Cybersecurity Ventures and Editor-in-Chi ... Show More

NPM Attack Leave Hackers Empty Handed: Cybersecurity Today with David Shipley

Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new ... Show More

Listen to millions of songs and podcasts on Anghami