Editor
Dennis Fisher is an award-winning journalist and author. He is one of the co-founders of Decipher and Threatpost and has been writing about cybersecurity since 2000. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. He is the author of 2.5 novels and once met Shaq. Contact: dennis at decipher.sc.
Adam Bateman, co-founder and CEO of Push Security, joins Dennis Fisher to talk about a new, highly targeted phishing campaign the company uncovered that uses compromised LinkedIn accounts.
In a new report, ESET researchers have detailed several instances when the two groups’ tools have been found on the same compromised machines in Ukraine.
The campaign does not appear to be connected to the previous npm phishing attacks, but it does seem to be related to a rash of GitHub and npm token and secret thefts from the end of August.
On the 30th anniversary of the release of Hackers, we are resurfacing this episode of our podcast from 2021 in which Zoe Lindsey and Pete Baker joined Dennis Fisher to talk about the cultural influence of the movie
Dennis and Lindsey discuss the targeted compromises of NPM packages (1:00) and the pointed letter that Sen. Ron Wyden sent to the FTC chairman asking for Microsoft to be held liable for the Ascension ransomware attack last year (11:45) before finally touching on Apple’s new memory safety technology for new iPhones (20:43).
The affected packages include Chalk and Debug, and one of the contributors to those packages said the compromise was the result of him clicking on a phishing email related to setting up 2FA on his account.
