On the hunt for popping up kernel drives.
the cyberwire
9 hours ago
On the hunt for popping up kernel drives.
Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges."
Research Saturday
On the hunt for popping up kernel drives.
the cyberwire
9 hours ago
On the hunt for popping up kernel drives.
Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges."
Research Saturday

Cybersecurity News

the cyberwire
10 hours ago
Sabotage and espionage, transposed into cyberspace.
Ransomware as a threat to manufacturing. Cyber phases of hybrid wars spread beyond the theaters of operation. US and Israel attribute attacks on PLCs to Iran. GRU campaign exploits Outlook vulnerability to gain access to sensitive email accounts. Russia's Doppelgänger influence operators experiment with AI. UK calls out an FSB influence campaign. XDSpy reported to be phishing the Russian defense sector. CISA warns of Adobe ColdFusion exploitation. 23andMe data incident increases in scope. Current P2Pinfect malware activity, with new capabilities. Agent Raccoon backdoors organizations on three continents. AeroBlade prospects US aerospace industry.
Week that Was
the cyberwire
18 hours ago
Russia here, Russia there, Russia everywhere.
Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes.
CyberWire Daily
the cyberwire
23 hours ago
Spearphishing transposes espionage tradecraft to cyberspace.
The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Update on FSB spearphishing by Star Blizzard. Legal action against Star Blizzard's FSB operators. How the GRU faked celebrity videos in its Doppelgänger campaign. Killmilk says he's retiring. Section 702 renewal advances in committee.
Daily Briefing
the cyberwire
Dec 8, 2023
Ukraine at D+692: FSB and GRU cyber operations aim at influence.
The Five Eyes jointly expose (and condemn) a long-running FSB cyberespionage and influence campaign.
Story
the cyberwire
Dec 7, 2023
New vulnerability packs a punch.
Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains.
CyberWire Daily
the cyberwire
Dec 7, 2023
Resilience, regulating AI, and staffing the cyber workforce.
EU Cyber Resilience Act one step closer to adoption. Reading, writing, and artificial intelligence. US Government advances two new cybersecurity workforce efforts.
Caveat
the cyberwire
Dec 7, 2023
Cybersecurity strategies and new sets of best practices. Cyberespionage updates.
US DHS releases healthcare cybersecurity strategy. Former HHS officials speak out about 2020 incident. The GRU expects Swifties to take their marching orders from Aquarium bots. UK calls out an FSB influence campaign. Privilege-escalation and denial-of-service vulnerabilities outlined. Supply chain threats. Retail bot activity in the shopping season. Memory-safe coding practices.
Daily Briefing
the cyberwire
Dec 7, 2023
Ukraine at D+691: Disinformation and collection, wholesale and retail.
Russian intelligence and security services are running at least two large-scale influence and cyberespionage campaigns against Western targets, one a mass-marketed coordinated inauthenticity effort, the other a closely targeted spearphishing operation.
Story
the cyberwire
Dec 7, 2023
Small, medium, and large phishing trends of 2023.
Mike Price from ZeroFox sits down to discuss what 2023 phishing trends mean for the broader industry as we quickly approach 2024. Dave and Joe share a serious write in from listener Michelle who shares her pleads for her aunt, who she believes is being catfished. Listener Marc also writes in with an email that claims to be from "Walmart," that he is quite suspicious of. Joe's story follows Meta, and how they have designed products to target and harm kids. Dave's story is on bad bots and the dangers they pose with fake businesses that are maximizing their illicit earnings. Our catch of the day comes from listener Konstantin, who shares and email received from scammers claiming to be "McAfee," trying to get payment of almost $600.
Hacking Humans
the cyberwire
Dec 7, 2023
North Korea's evolving cyber program.
Michael Barnhart from Mandiant sits down to talk about the evolution of North Korea's cyber program. Ben's story discusses a preliminary injunction against a Montana law banning TikTok. Dave's got the story of a college student frustrated with his lack of privacy on campus.
Caveat
the cyberwire
Dec 6, 2023
Push notifications pushing surveillance.
Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security.
CyberWire Daily
the cyberwire
Dec 6, 2023
Osano acquires WireWheel. ArmorCode and Second Front Systems both secure $40 million in Series B rounds. Cybersecurity futures: a study of the sector's shifting landscape.
Osano acquires WireWheel. ArmorCode and Second Front Systems both secure $40 million in Series B rounds. Cybersecurity futures: a study of the sector's shifting landscape.
Business
Load More
Get more depth with CyberWire Pro.
Stay cyber-aware with access to all of our public podcasts ad-free, as well as our exclusive CyberWire Pro podcasts, briefings, articles, and events by becoming a CyberWire Pro subscriber. Get actionable reporting, analysis & insights on cyber events all at your fingertips.
Subscribe