The GRU's closely coordinating with cyber criminals. An unidentified threat actor deploys malicious NPM packets. Gootloader uses blogging and SEO poisoning to attract victims. Metador is a so-far unattributed threat actor. Johannes Ullrich from SANS on Resilient DNS Infrastructure. Maria Varmazis interviews Anthony Colangelo, host of spaceflight podcast Main Engine Cutoff, about the iPhone 14 “Emergency SOS via Satellite” feature. And having too much time on your hands while doing time is not a good thing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/184 Selected reading. GRU: Rise of the (Telegram) MinIOns (Mandiant) Void Balaur | The Sprawling Infrastructure of a Careless Mercenary (SentinelOne) An unidentified threat actor deploys malicious NPM packets (CyberWire) Threat analysis: Malicious npm package mimics Material Tailwind CSS tool (ReversingLabs) A Multimillion Dollar Global Online Credit Card Scam Uncovered (ReasonLabs) Gootloader Poisoned Blogs Uncovered by Deepwatch's ATI Team (Deepwatch) The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (SentinelOne) SC inmate sentenced for ‘sextortion' scheme that targeted military (Stars and Stripes)
GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M. Lee from Dragos explains Crown Jewel analysis. Our guest is Nathan Hunstad from Code42 with thoughts on insider risk events. Threat actors have their insider threats, too. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/183 Selected reading. Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine (Recorded Future) Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers (SecurityWeek) Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine (WIRED) CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. (CyberWire) Iranian State Actors Conduct Cyber Operations Against the Government of Albania (CISA) 2K Games says hacked help desk targeted players with malware (BleepingComputer) 2K Games helpdesk hacked to spread malware to players (TechRadar) Rockstar parent company hacked again as 2K Support sends users malware (Dexerto) ‘Grand Theft Auto VI' leak is Rockstar's nightmare, YouTubers' dream (Washington Post) Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics (Symantec) LockBit ransomware builder leaked online by “angry developer” (BleepingComputer)
It's partial mobilization in Russia, and airline flights departing Russia are said to be sold out. Further notes on the IT Army's claimed hack of the Wagner Group. Leveraging Netflix for credential harvesting. Rockstar Games suffers a leak of new Grand Theft Auto footage. Ben Yelin has the latest on regulations targeting crypto. Our guest is Amy Williams from BlueVoyant discussing the value of feminine energy in the male dominated field of cybersecurity. CISA releases eight ICS Advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/182 Selected reading. Russia moves toward annexing Ukraine regions in a major escalation (Washington Post) Four occupied Ukraine regions plan imminent ‘votes' on joining Russia (the Guardian) Putin sets partial military call-up, won't ‘bluff' on nukes (AP NEWS) Putin announces partial military mobilization for Russian citizens (Axios) Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group (Vice) Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist (INKY) Leveraging Netflix for credential harvesting. (CyberWire) Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games (Forbes) Rockstar Games suffers leak of new Grand Theft Auto footage. (CyberWire) LastPass source code breach – incident response report released (Naked Security) Notice of Recent Security Incident (The LastPass Blog) The LastPass incident. (CyberWire) Medtronic NGP 600 Series Insulin Pumps (CISA) Hitachi Energy PROMOD IV (CISA) Hitachi Energy AFF660/665 Series (CISA) Dataprobe iBoot-PDU (CISA) Host Engineering Communications Module (CISA) AutomationDirect DirectLOGIC with Ethernet (CISA) AutomationDirect DirectLOGIC with Serial Communication (CISA) MiCODUS MV720 GPS tracker (Update A) (CISA)
An overview of Russian cyber operations. The IT Army of Ukraine claims to have doxed the Wagner Group. Who dunnit? Lapsus$ dunnit. Emily Mossburg from Deloitte and Shelley Zalis of the Female Quotient on why gender equality is essential to the success of the cyber industry. We've got a special preview of the International Spy Museum's SpyCast's latest episode with host Andrew Hammond interviewing Robert Gates on the 75th anniversary of the CIA. And a look at the risk of stolen single sign-on credentials. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/181 Selected reading. Ukraine's IT Army hacks Russia's Wagner Group (Computing) Untangling the Russian web: Spies, proxies, and spectrums of Russian cyber behavior (Atlantic Council) Security update | Uber Newsroom (Uber Newsroom) Tentative attribution in the Uber breach. (CyberWire) Uber says Lapsus$-linked hacker responsible for breach (Reuters) Uber blames security breach on Lapsus$, says it bought credentials on the dark web (ZDNET) Uber's breach shows how hackers keep finding a way in (Protocol) Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation (The Record by Recorded Future) Uber data breach spotlights need for enterprises to ‘get the basics right', say experts (ITP.net) "Keys to the Kingdom" at Risk: Analyzing Exposed SSO Credentials of Public Companies (Bitsight)
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. Grayson Milbourne of Webroot on the arms race for vulnerabilities. Rick Howard continues his exploration of cyber risk. And risky piracy sites–that's on the Internet, kids, not the high seas. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/180 Selected reading. Developments in the case of the Uber breach. (CyberWire) Preliminary lessons from the Uber breach. (CyberWire) Uber says “no evidence” user accounts were compromised in hack (The Verge) Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This (The Hacker News) Uber apparently hacked by teen, employees thought it was a joke (The Verge) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) The Uber Hack's Devastation Is Just Starting to Reveal Itself (WIRED) Uber was breached to its core, purportedly by an 18-year-old. Here's what's known (Ars Technica) Uber hacked by teen who annoyed employee into logging them in - report (Jerusalem Post) 18-year-old allegedly hacks Uber and sends employees messages on Slack (Interesting Engineering) Uber Investigating Massive Security Breach by Alleged Teen Hacker (Gizmodo) Uber cyber attack: protecting against social engineering (Information Age) Threat actor breaches many of Uber's critical systems (Cybersecurity Dive) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) Uber confirms hack in the the latest access and identity nightmare for corporate America (SC Media) Uber hacked, attacker tears through the company's systems (Help Net Security) Uber confirms it is investigating cybersecurity incident (The Record by Recorded Future) UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you (Naked Security) Emotet and other malware delivery systems. (CyberWire) Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer) AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 (AdvIntel) August's Top Malware: Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index (Check Point Software) How Belarusian hacktivists are using digital tools to fight back (The Record by Recorded Future) Malvertising on piracy sites. (CyberWire) Unholy Triangle (Digital Citizens' Alliance) Piracy Advertising Researchers Fall Victim to Ransomware Attacks (TorrentFreak)
The 2016 DNC hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the DNC hack on the cyber sand table to see what might have been done differently with host Rick Howard, the CyberWire's CSO and Chief Analyst. For a complete reading list and even more information, check out Rick's more detailed essay on the topic.
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group – you may know her on Twitter as @Infosecsherpa. Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Tracy's clips from "Working Girl" Elevator scene Tess and Jack gatecrash a wedding scene Joe's clip from "Oceans 8"
Uber suffers a data breach. Social media executives testify before Congress. A Large DDoS attack is thwarted in Eastern Europe. The FBI warns of increased cyberattacks against healthcare payment processors. Policy makers consider new OT security incentives. Malek Ben Salem from Accenture on future-proof cloud security. Our guest Diana Kelley from Cybrize discusses the need for innovation and entrepreneurship in cybersecurity. And if you've been hoping for a LockerGoga decryptor, you're in luck. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/179 Selected reading. Uber hacked, internal systems breached and vulnerability reports stolen (BleepingComputer) Uber suffers computer system breach, alerts authorities (Washington Post) Uber Investigating Data Breach After Hacker Claims Extensive Compromise (SecurityWeek) Uber Investigating Breach of Its Computer Systems (New York Times) Uber investigating "total compromise" of its internal systems (Computing) There's No Honor Among Thieves: Carding Forum Staff Defraud Users in an ESCROW Scam (Digital Shadows) Social media hearings highlight lack of trust, transparency in sector (The Record by Recorded Future) Breaking the Boycott (Cybersixgill) Record-Breaking DDoS Attack in Europe (Akamai) Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses (FBI) Siemens Mobility CoreShield OWG Software (CISA) Siemens Simcenter Femap and Parasolid (CISA) Siemens RUGGEDCOM ROS (CISA) Siemens Mendix SAML Module (CISA) Siemens SINEC INS (CISA) Siemens RUGGEDCOM ROS (Update A) (CISA) Simcenter Femap and Parasolid (CISA) Siemens Industrial Products Intel CPUs (Update A) (CISA) Siemens OpenSSL Affected Industrial Products (CISA) Siemens OpenSSL Vulnerability in Industrial Products (Update E) (CISA) Siemens SCALANCE (CISA) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Building on our Baseline: Securing Industrial Control Systems Against Cyberattacks (House Committee on Homeland Security) Bitdefender Releases Universal LockerGoga Decryptor in Cooperation with Law Enforcement (Bitdefender Labs)
Nuisance-level DDoS and cyberespionage continue to mark Russia's cyber campaign in the hybrid war. There's a US Presidential memorandum on software supply chain security. Webworm repurposes older RATs. Trends in cyber insurance claims. OriginLogger may be the new Agent Tesla. The SparklingGoblin APT described. Mathieu Gorge of VigiTrust describes cyber vulnerabilities in the hospitality industry. Dinah Davis from Arctic Wolf explains a PayPal phishing attack. And Royal funeral phishbait. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/178 Selected reading. Pro-Russia hackers claim to have temporarily brought down Japanese govt websites (Asia News Network) Gamaredon APT targets Ukrainian government agencies in new campaign (Cisco Talos) Russia-linked Gamaredon APT target Ukraine with a new info-stealer (Security Affairs) Fears grow of Russian spies turning to industrial espionage (The Record by Recorded Future) Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (The White House) Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience (The White House) White House releases post-SolarWinds federal software security requirements (Federal News Network) Webworm: Espionage Attackers Testing and Using Older Modified RATs (Threat Hunter Team Symantec) Coalition Releases 2022 Cyber Claims Report: Mid-year Update (GlobeNewswire News Room) OriginLogger: A Look at Agent Tesla's Successor (Unit 42) You never walk alone: The SideWalk backdoor gets a Linux variant (WeLiveSecurity) [Scam site harvests credentials] (Proofpoint) Current, former social media execs address national security issues at Senate hearing (Fox Business) Senators Have Stopped Embarrassing Themselves at Tech Hearings (Slate Magazine)
Patch Tuesday notes. The US Senate Judiciary Committee hears from the Twitter whistleblower. Joint warning of IRGC cyber activity. Rob Boyce from Accenture on cybercriminals weaponizing leaked ransomware data. Chris Novak from Verizon describes his participation in the CISA Advisory Board. And Ukraine reiterates confidence in its resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/177 Selected reading. Adobe Patches 63 Security Flaws in Patch Tuesday Bundle (SecurityWeek) Microsoft Releases September 2022 Security Updates (CISA) Microsoft's September Patch Tuesday fixes five critical bugs (Computing) Microsoft Raises Alert for Under-Attack Windows Flaw (SecurityWeek) SAP Security Patch Day September 2022 (Onapsis) Apple Releases Security Updates for Multiple Products (CISA) Apple fixes eighth zero-day used to hack iPhones and Macs this year (BleepingComputer) Apple Will Let You Remove Rapid Security Response Updates in iOS 16 (Mac Rumors) Data Security at Risk: Testimony from a Twitter Whistleblower (United States Senate Committee on the Judiciary) Twitter Employees Have Too Much Access to Data, Whistleblower Says (Wall Street Journal) Twitter whistleblower reveals employees concerned China agent could collect user data (Reuters) Security failures cause ‘real harm to real people' (Washington Post) Twitter whistleblower testifies to Congress, calls for tech regulation reforms (The Record by Recorded Future) The Search for Dirt on the Twitter Whistle-Blower (The New Yorker) Whistle-Blower Says Twitter ‘Chose to Mislead' on Security Flaws (New York Times) Twitter whistleblower says site put growth over security (Computing) Written Statement of Peiter (“Mudge”) Zatko United States Senate Judiciary Committee September 13, 2022 (Katz Banks Kumin) What we learned when Twitter whistleblower Mudge testified to Congress (TechCrunch) How China became big business for Twitter (Reuters) Twitter whistleblower exposes limits of FTC's power (Washington Post) Twitter Whistle-Blower Testimony Spurs Calls for Tech Regulator (Bloomberg) Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations (CISA) Ukraine's Cyberwar Chief Sounds Like He's Winning (WIRED) DDoS attacks on financial sector surge during war in Ukraine, new FCA data reveals (PR Newswire)
Apple patches its software. Reviewing the cyber phase of a hybrid war. The return of the (ShadowPad) alumni. Phishing from the Static Expressway. The state of cloud security. Overconfidence comes at a cost. Ann Johnson of Afternoon Cyber Tea speaks with Dr. Josephine Wolff from the Fletcher School about cyber insurance past. My conversation with FBI special agents Tom Sobocinski and Tom Breeden. And Charming Kitten and group-think in social engineering. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/176 Selected reading. Apple security updates (Apple Support) Ukraine Cyber War Update September 2022 (CyberCube) New Wave of Espionage Activity Targets Asian Governments (Broadcom Software Blogs) Chinese gov't hackers using ‘diverse' toolset to target Asian prime ministers, telecoms (The Record by Recorded Future) Leveraging Facebook Ads to Send Credential Harvesting Links (Avanan) Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities (FBI) CFO Cyber Security Survey: Over-Confidence is Costly (Kroll) Snyk's State of Cloud Security Report Reveals 80% of Organizations Have Experienced a Severe Cloud Security Incident in Past Year (Snyk) Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO (Proofpoint) Iranian military using spoofed personas to target nuclear security researchers (The Record by Recorded Future) Alleged cyber commander of Iran's Revolutionary Guard named by opposition outlet (Times of Israel)
Albania reports additional cyberattacks from Iran over the weekend. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet. Kinetic strikes hit Ukraine's infrastructure. Rick Howard calculates risk with classic mathematical theorems. Tim Eades from Cyber Mentor Fund on the dynamic nature of the attack surface. And a look into the cyber phase of the hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/175 Selected reading. Albania blames Iran for second cyberattack since July (CNN) Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities (US Department of the Treasury) Iran strongly condemns US sanctions over Albania hacking (Al Arabiya) Six months into Breached: The legacy of RaidForums? (KELA) 2022 State of the Internet Report (Censys) Ukraine hails snowballing offensive, blames Russia for blackouts (Reuters) Ukraine says Russia is retaliating by hitting critical infrastructure, causing blackouts. (New York Times) Last reactor at Ukraine's Zaporizhzhia nuclear plant stopped (Associated Press) Ukraine Warns Russian Cyber Onslaught Is Coming (Voice of America) Montenegro wrestles with massive cyberattack, Russia blamed (ABC News) CyberCube: Russia's Sovereign Internet Creates Security Risks With Implications for Cyber (Re)Insurance While War in Ukraine Develops (Associated Press)
Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” On the Hash Table, Tom Quinn of T. Rowe Price argues for why compliance is both good for business and good for security. Cybersecurity professional development and continued education. You will learn about: privacy and security compliance, compliance support services, the value of investing in compliance, CyberWire's spreadsheet of cybersecurity laws and standards CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more compliance and cybersecurity first principles resources, check the topic essay.
From the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire's CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. CyberWire Pro subscribers also get exclusive access to Rick's original 2001 essay with notes from the day of the attack. If you would like to check that out, you can subscribe today.
Nation-states are expected to target the US midterm elections. North Korea's Lazarus Group is targeting energy companies. The Ukraine's Ministry of Digital Transformation on cyber lessons learned from Russia's hybrid war against Ukraine. CISA flags twelve known exploited vulnerabilities for attention and remediation. Vulnerable anti-cheat engines used for malicious purposes. Steve Carter from Nucleus Security has thoughts on AI in cybersecurity. Roland Cloutier, former CSO of TikTok, discusses working around the changing career field, needs, and how enterprise executives are developing and finding talent. And a look at top gaming-related malware lures. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/174 Selected reading. Mandiant ‘highly confident' foreign cyberspies will target US midterm elections (The Register) What to Expect When You're Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections (Mandiant) North Korea's Lazarus hackers are exploiting Log4j flaw to hack US energy companies (TechCrunch) Lazarus and the tale of three RATs (Cisco Talos) How Gaming Cheats Are Cashing in Below the Operating System (Eclypsium) Good game, well played: an overview of gaming-related cyberthreats in 2022 (Securelist) Cybercriminals target games popular with kids to distribute malware (The Register) CISA Adds Twelve Known Exploited Vulnerabilities to Catalog (CISA)
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity is reported. Cybersecurity and small-to-medium businesses. An initial access broker repurposes Conti's old playbook for use against Ukraine. Johannes Ullrich from SANS on Scanning for VoIP Servers. Our guest is Ian Smith from Chronosphere on observability. And Kyivstar as a case study in telco resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/173 Selected reading. BRONZE PRESIDENT Targets Government Officials (Secureworks) APT42: Crooked Charms, Cons, and Compromises (Mandiant) Profiling DEV-0270: PHOSPHORUS' ransomware operations (Microsoft) Albania cuts diplomatic ties with Iran over July cyberattack (The Washington Post) Initial access broker repurposing techniques in targeted attacks against Ukraine (Google) Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine (IBM SecurityIntelligence) Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages (BleepingComputer) Ukraine's largest telecom stands against Russian cyberattacks (POLITICO)
The Albanian government attributes a disruptive cyber attack to Iran. TikTok says it's found no evidence of a data breach. Researchers have discovered a new strain of Linux malware. US agencies warn of ransomware targeting the education sector. Finland prepares to increase its cybersecurity capacity. Deepen Desai from Zscaler on the latest updates to Raccoon Stealer. Our guest is Lance Spitzner from the SANS Institute with results of their recent Security Awareness Report. And a fond farewell to the father of Let's Encrypt. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/172 Selected reading. Albania cuts Iran ties over cyberattack, U.S. vows further action (Reuters) Statement by NSC Spokesperson Adrienne Watson on Iran's Cyberattack against Albania (The White House) TikTok Data Breach Exposing 2B Records And Source Code May Not Have Happened After All (Hot Hardware) TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information (The Hacker News) Shikitega - New stealthy malware targeting Linux (AT&T Alien Labs) #StopRansomware: Vice Society (CISA) Peter Eckersley, tech activist and founder of Let's Encrypt, dies at 43 (Techspot) Honoring Peter Eckersley, Who Made the Internet a Safer Place for Everyone (Electronic Frontier Foundation)
A Phishing-as-a-service offering on the dark web bypasses MFA. The Worok cyberespionage group is active in Central Asia and the Middle East. Prynt Stealer and the evolution of commodity malware. Sharkbot malware reemerged in Google Play. BlackCat/ALPHV claims credit for attack on the Italian energy sector. Joe Carrigan shares stats on social engineering. Our guest is Angela Redmond from BARR Advisory with six cybersecurity KPIs. And the Los Angeles Unified School District was hit with ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/171 Selected reading. EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (Resecurity) Worok: The big picture (WeLiveSecurity) Dev backdoors own malware to steal data from other hackers (BleepingComputer) The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals (Security Affairs) Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan (The Hacker News) SharkBot malware sneaks back on Google Play to steal your logins (BleepingComputer) BlackCat ransomware claims attack on Italian energy agency (BleepingComputer) 11.84GB of United States Military Contractor and Military Reserve data has been leaked. (vx-underground) Hackers honeytrap Russian troops into sharing location, base bombed: Report (Newsweek) LAUSD hit by hackers in apparent cyber attack (FOX 11 Los Angeles) Los Angeles Unified Targeted by Ransomware Atta (Los Angeles Unified School District)
Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” Cybersecurity professional development and continued education. You will learn about: privacy and security compliance, compliance support services, the value of investing in compliance, CyberWire's spreadsheet of cybersecurity laws and standards CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more compliance and cybersecurity first principles resources, check the topic essay.
Rick Howard, the Cyberwire's CSO and Chief Analyst, is joined by Hash Table members Ann Johnson, Microsoft's Corporate VP on Security, Compliance, & Identity, and Ted Wagner, the SAP National Security Services CISO, t0 discuss supply chain as a new CISO responsibility.
REvil (or an impostor, or successor) may be back. A Paris-area medical center continues to work to recover from cyber extortion. An assessment of Russian failure (or disinclination) to mount effective cyber campaigns. Cyber criminals find wartime to be a tough time. Josh Ray from Accenture looks at cyber threats to the rail industry. Our guest is Dan Murphy of Invicti making the case that not all vulnerabilities are created equal. And Yandex Taxi's app was hacked in a nuisance attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/170 Selected reading. REvil says they breached electronics giant Midea Group (Cybernews) Paralysed French hospital fights cyber attack as hackers lower ransom demand (RFI) French hospital hit by $10M ransomware attack, sends patients elsewhere (BleepingComputer) Hacks tied to Russia and Ukraine war have had minor impact, researchers say (The Record by Recorded Future) Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict (arXiv:2208.10629v2) Why Russia's cyber war in Ukraine hasn't played out as predicted (New Atlas) Cyber key in Ukraine war, says spy chief (The Canberra Times) Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight) Montenegro blames criminal gang for cyber attacks on government (EU Reporter) Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg) “I'm tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch (Digital Shadows) Yandex Taxi hack creates huge traffic jam in Moscow (Cybernews) Anonymous hacked Russia's largest taxi firm and caused a massive traffic jam (Daily Star)
The BianLian ransomware gang is better at coding than at the business of crime. The Attack on Montenegro seems to be ransomware. A look at Ragnar Locker's current interests. Recruiting for gangland gets allusive, but those who know, well, they know. Our guest is Dan Lanir of OPSWAT with insights on recent federal legislation supporting cyber jobs. Ben Yelin lexamines a lawsuit filed by the FTC against an online data broker. And it's Insider Threat Month, so keep an eye on yourself. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/169 Selected reading. BianLian Ransomware Gang Gives It a Go! ([redacted]) Montenegro blames criminal gang for cyber attacks on government (Reuters) FBI's team to investigate massive cyberattack in Montenegro (AP NEWS) US issues rare security alert as Montenegro battles ransomware (TechCrunch) Cuba ransomware group claims attack on Montenegro government (IT PRO) Cuba Ransomware Team claims credit for attack on Montenegro (Databreaches.net) Montenegro blames Cuba ransomware for cyberattack (Cybernews) Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government (SecurityWeek) THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector (Cybereason) Behind the News: The Ragnar Locker Attack on Greek Natural Gas Supplier DESFA - Radiflow (Radiflow) Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information (Broadcom Software Blogs / Threat Intelligence) “Looking for pentesters”: How Forum Life Has Conformed to the Ransomware Ban (Digital Shadows) NCSC and Federal Partners Focus on Countering Risk in Digital Spaces during National Insider Threat Awareness Month 2022 (ODNI)
While multi-cloud brings significant benefits, it also poses serious security risks. And identity is the reason. Each cloud platform, such as Azure, Google, and AWS, uses proprietary identity systems, and the lack of interoperability makes it unruly to manage. These disparate systems can't talk to each other resulting in a fragmented environment full of identity silos — the perfect way for an attacker to get in and cause destruction. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten, the CISO for Healthcare Enterprises and Centene. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Strata Identity's CEO and Co-founder Eric Olden. Both sets of discussions center around the challenges to identity management caused by the rapid shift to multi-cloud.
Chrome extensions steal browser data. A business email compromise attack is under investigation in Kentucky. Belarusian Cyber Partisans claim to have a complete Belarusian passport database. Organizing a cyber militia. CISA releases twelve ICS security advisories. Our guest is Asaf Kochan of Sentra on overemphasizing “the big one.” Carole Theriault cautions against getting ahead of yourself in the cryptocurrency supply chain. Cosplaying" hardware. And Canada welcomes a new SIGINT boss. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/168 Selected reading. Chrome extensions with 1.4 million installs steal browsing data (BleepingComputer) Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users (McAfee Blog) Police investigate electronic theft of federal funds (City of Lexington) FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft (The Record by Recorded Future) Russian hackers blamed for ongoing Montenegro cyberattack (Tech Monitor) “For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens.” (Cyber Partisans) Inside the IT Army of Ukraine, ‘A Hub for Digital Resistance' (The Record by Recorded Future) Ukraine takes down cybercrime group hitting crypto fraud victims (BleepingComputer) Hitachi Energy FACTS Control Platform (FCP) Product (CISA) Hitachi Energy Gateway Station (GWS) Product (CISA) Hitachi Energy MSM Product (CISA). Hitachi Energy RTU500 series (CISA) Fuji Electric D300win (CISA) Honeywell ControlEdge (CISA) Honeywell Experion LX (CISA) Honeywell Trend Controls Inter-Controller Protocol (CISA) Omron CX-Programmer (CISA) PTC Kepware KEPServerEX (CISA) Sensormatic Electronics iSTAR (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA) Walmart Sells Fake 30TB Hard Drive That's Actually Two Small SD Cards in a Trench Coat (Vice)
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Montenegro works to recover from a Russian cyber offensive. A big Russian streaming platform sustains a data leak. Ann Johnson of the Afternoon Cyber Tea podcast speaks with Dave DeWalt of NightDragon and Jay Leek of both Syn Ventures and Clear Sky Security about cyber capital investment. Mr. Security Answer Person John Pescatore examines the allure of the healthcare industry for ransomware operators. And the LockBit gang looks beyond double extortion. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/167 Selected reading. Rising Tide: Chasing the Currents of Espionage in the South China Sea (Proofpoint) Why the Twilio Breach Cuts So Deep (WIRED) Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms (Threatpost) Hackers used Twilio breach to intercept Okta onetime passwords (SiliconANGLE) Okta Impersonation Technique Could be Utilized by Attackers (SecurityWeek) Ukraine launches counter-offensive to retake Kherson from Russia (The Telegraph) Russia-Ukraine war: Kremlin insists invasion going to plan despite counterattacks; first grain ship docks in Africa – live (the Guardian) Montenegro says Russian cyberattacks threaten key state functions (BleepingComputer) Montenegro struggles to recover from cyberattack that officials blame on Russia (The Record by Recorded Future) Leading Russian streaming platform suffers data leak allegedly impacting 44 million users (The Record by Recorded Future) LockBit ransomware mulls triple extortion following DDoS attack (SC Media)
Russian cyber operations in Southeastern Europe. The challenge of containing the cyber phases of a hybrid war. Russian and Chinese cyber activity in Latin America. Greenwashing influence operations. Rick Howard looks at risk probabilities. Dinah Davis from Arctic Wolf looks at ransomware payment myths. And an Iranian threat actor exploits Log4j vulnerabilities against Israeli targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/166 Selected reading. Russia blamed for wave of hacker attacks in Southeast Europe (BNE) Montenegro declares it is in 'hybrid war' with Russia after massive cyber attack (Metro) Montenegro reports massive Russian cyberattack against govt (ABC News) Montenegro Reports Massive Russian Cyberattack Against Govt (AP via SecurityWeek) Montenegro's state infrastructure hit by cyber attack -officials (Reuters) Cyber Element in the Russia-Ukraine War & its Global Implications (Modern Diplomacy) Swiss secret service worried about Russian cyber operations (SWI swissinfo.ch) China and Russia Step Up Cyber Presence in Latin America (Diálogo Américas) Dominican Republic refuses to pay ransom after attack on agrarian institute (The Record by Recorded Future) China-Linked Bots Attacking Rare Earths Producer ‘Every Day' (Bloomberg) Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations (The Hacker News) MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations (Microsoft Threat Intelligence Center) Iran exploiting Log4j 2 weakness to attack Israel, says Microsoft (Israel Defense)
Palo Alto describes the Black Basta ransomware-as-a-service operation. Okta on Scatter Swine, the threat actor that compromised Twilio. Microsoft describes Nobelium's new approach to establishing persistence. Russia's war against Ukraine has induced stresses in the cyber underworld. LastPass discloses a security incident. Josh Ray from Accenture on cyber crime and the cost-of-living crisis. Our own Dave Bittner sits down with Chris Handman from TerraTrue to discuss how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way. And CISA adds ten entries to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/165 Selected reading. Threat Assessment: Black Basta Ransomware (Palo Alto Networks Unit 42) MagicWeb: NOBELIUM's post-compromise trick to authenticate as anyone (Microsoft Threat Intelligence Center) Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (The Hacker News) Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass (ZDNET) Detecting Scatter Swine: Insights into a relentless phishing campaign (Okta Security) Twilio hackers hit over 130 orgs in massive Okta phishing attack (BleepingComputer) Twilio says breach also compromised Authy two-factor app users (TechCrunch) How the war in Ukraine is reshaping the dark web (New Statesman) Notice of Recent Security Incident (The LastPass Blog) LastPass Says Source Code Stolen in Data Breach (SecurityWeek) LastPass developer systems hacked to steal source code (BleepingComputer)
Ukrainian and Russian cyber operations at six months. Oktapus criminal campaign compromises 9931 accounts in more than 130 organizations. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. Chris Novak from Verizon on DHS Cyber Safety Review Board's report on the Log4j investigation that Verizon conducted. Dave Bittner sits down with our guest Dr. Scott Crowder, CTO and VP, Quantum Computing, Technical Strategy and Transformation for IBM Systems to discuss the increasingly urgent need for industries to prepare for security threats that quantum could unleash. And the US Department of Homeland Security shutters its Disinformation Governance Board. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/164 Selected reading. How Ukraine used Russia's digital playbook against the Kremlin (POLITICO) Ukraine's volunteer 'IT army' responds to Russian hackers, minister says (ABC News) Overview of the Cyber Weapons Used in the Ukraine - Russia War (Trustwave) How Russia-Ukraine cyberwar is impacting orgs: Two-thirds say they have been targeted (VentureBeat) Twilio hackers breached over 130 organizations during months-long hacking spree (TechCrunch) Roasting 0ktapus: The phishing campaign going after Okta identity credentials (Group-IB) Bumblebee Malware Loader: Deep Instinct Prevents Attack Pre-Execution (Deep Instinct) Akamai's Insights on DNS in Q2 2022 (Akamai) Following HSAC Recommendation, DHS terminates Disinformation Governance Board (US Department of Homeland Security) Homeland Security Scraps Disinformation Board Attacked by GOP (Bloomberg)
Podcast: CyberWire Daily (LS 59 · TOP 0.1% what is this?)Episode: Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]Pub date: 2022-08-21Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes to be a trailblazer for young black women everywhere. She hopes to shape young women's minds on what the cybersecurity industry is actually like, in hopes that she can be a figure people look up to.The podcast and artwork embedded on this page are from CyberWire, Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A medical center near Paris comes under ransomware attack, and refuses to pay up. Lessons for the fifth domain from six months of hybrid war. Deepfake scams appear to have arrived. Deepen Desai from Zscaler with introduction to our audience. Dave Bittner sits down with Gil Hoffer, CTO and Co-founder of Salto to discuss “Who Hacked Slack?.” And Threat actors prepare to exploit Hikvision camera vulnerability. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/163 Selected reading. Cyber attackers disrupt services at French hospital, demand $10 million ransom (France 24) French hospital hit by $10M ransomware attack, sends patients elsewhere (BleepingComputer) DECLENCHEMENT DU PLAN BLANC DIMANCHE 21 AOUT 2022 (CHSF - Centre Hospitalier Sud Francilien) Ukraine at D+181: Independence Day and six months of war. (CyberWire) Six months, twenty-three lessons: What the world has learned from Russia's war in Ukraine (Atlantic Council) Hackers Used Deepfake of Binance CCO to Perform Exchange Listing Scams (Bitcoin News) Hackers Use Deepfakes of Binance Exec to Scam Multiple Crypto Projects (Gizmodo) Binance's CEO said thousands of people are falsely claiming to be his employees on LinkedIn. Experts warn it's an example of the platform's growing problem with fake accounts. (Business Insider) Twitter's Ex-Security Head Files Whistleblower Complaint (Wall Street Journal) Twitter is vulnerable to Russian and Chinese influence, whistleblower says (CNN) Over 80,000 exploitable Hikvision cameras exposed online (BleepingComputer) Experts warn of widespread exploitation involving Hikvision cameras (The Record by Recorded Future) Hikvision Surveillance Cameras Vulnerabilities (CYFIRMA)
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Poland and Ukraine conclude cybersecurity agreement. Greek national natural gas supplier under criminal cyberattack. Update to the Joint Alert on Zimbra exploitation. Addition to CISA's Known Exploited Vulnerabilities Catalog. Johannes Ullrich from SANS on Control Plane vs. Data Plane vulnerabilities. Our guest is David Nosibor, Platform Solutions Lead for UL to discuss SafeCyber Phase II. And, finally, targeting and trolling, with an excursus on Speedos. Really. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/159 Selected reading. New Iranian APT data extraction tool (Google) LockBit gang hit by DDoS attack after Entrust leaks (Register) Former security chief claims Twitter buried ‘egregious deficiencies' (Washington Post) Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies (CNN) Twitter's Ex-Security Head Files Whistleblower Complaint (Wall Street Journal) Deception, Bots, and Foreign Agents: The Twitter Whistleblower's Biggest Allegations (Time) The Ministry of Digital Transformation, State Service of Special Communication and Information Protection and the Council of Ministers of the Republic of Poland signed Memorandum of understanding in the cybersecurity field. (State Service of Special Communication and Information Protection) Greek natural gas operator suffers ransomware-related data breach (BleepingComputer) Greek gas operator refuses to negotiate with ransomware group after attack (The Record by Recorded Future) Announcement | (DESF) Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) US government really hopes you've patched your Zimbra server (Register) CISA Adds One Known Exploited Vulnerabilities to Catalog (CISA) Speedo-wearing Russian tourists leak defence secrets on Twitter (The Telegraph)
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon. Rick Howard on the RSA Security Breach of 2011 and the Equifax breach of 2017. Caleb Barlow on what does a recession mean for cyber security venture capital and what is the impact of this on the industry? And data-tampering attacks are regarded as a growing risk. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/158 Selected reading. WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware (BleepingComputer) Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads (Sucuri Blog) Car blast kills daughter of Russian known as 'Putin's brain' (AP NEWS) Russia blames Kyiv for killing daughter of ‘Putin's Rasputin', but the truth may be closer to home (The Telegraph) Alexander Dugin's daughter killed by anti-war Russians: Former state deputy (Newsweek) Estonia Repels Biggest Cyber-Attack Since 2007 (Infosecurity Magazine) Estonia's Battle Against a Deluge of DDoS Attacks (Infosecurity Magazine) Latvia Starts Removing Soviet Monument in Challenge to Russia (Bloomberg) Data-tampering attacks are a 'nightmare' threat that's hard to detect (Protocol)
Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. With the world of cyber defense and threat intelligence upside down, Rick and the Hash Table discuss the history of shifting the offense/defense balance, the three components of a proactive defense, and the evolution of adversary playbooks and the intrusion kill chain. with Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Ryan Olson, the Palo Alto Networks VP on Threat Intelligence (Unit 42). They discuss the history and next steps for the adversary playbook concept. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a proactive defense, ISACs and ISAOs CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more adversary playbooks and cybersecurity first principles resources, check the topic essay.
Killnet claims a DDoS campaign against Estonia. The head of GCHQ calls Russian cyber operations a failure. US Cyber Command concludes its "hunt forward" mission in cooperation with Croatia. A criminal gang targets the travel and hospitality sectors. Thomas Pace of NetRise shares insights on firmware vulnerabilities. Daniel Floyd from BlackCloak on Quantifying the Business Need for Digital Executive Protection. CISA issues five ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/157 Selected reading. Estonia says it repelled major cyber attack after removing Soviet monuments (Reuters) There's a chance regular people didn't even notice: expert on Russian cyber attack (TVP World) Estonia says it repelled a major cyberattack claimed by Russian hackers. (New York Times) The head of GCHQ says Vladimir Putin is losing the information war in Ukraine (The Economist) Cyber Command deployed 'hunt forward' defenders to Croatia to help secure systems (The Record by Recorded Future) U.S. Cyber Command completes defensive cyber mission in Croatia (CyberScoop) You Can't Audit Me: APT29 Continues Targeting Microsoft 365 (Mandiant) Reservations Requested: TA558 Targets Hospitality and Travel (Proofpoint) Cybercrime Group TA558 Ramps Up Email Attacks Against Hotels (Decipher) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) Siemens Linux-based Products (Update G) (CISA) Siemens Industrial Products LLDP (Update B) (CISA) Siemens OpenSSL Affected Industrial Products (CISA) Mitsubishi Electric MELSEC Q and L Series (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA)
BlackByte is back. Iran suspected of cyber operations against four Israeli sectors. A look at wipers as a tool in hybrid war. A Russian cyber ops scorecard. Josh Ray from Accenture on how dark web actors are focusing on VPNs. Our guest is Corey Nachreiner from WatchGuard with findings of their latest Internet Security Report. Cyber war clauses coming to cyber insurance policies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/156 Selected reading. BlackByte ransomware gang is back with new extortion tactics (BleepingComputer) Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors | Mandiant (Mandiant) Russia-Ukraine cyberwar creates new malware threats (VentureBeat) Global Threat Landscape Report: A Semiannual Report by FortiGuard Labs (Fortinet) Overview of the Cyber Weapons Used in the Ukraine - Russia War (Trustwave SpiderLabs) Lloyd's sets requirements for state-backed cyber attack exclusions (Insurance Day)
A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of new Lazarus Group activity. CISA releases eight ICS security advisories. Carole Theriault looks at scammers and cryptocurrencies. Our guest is Jennifer Reed from Aviatrix on the changing landscape of cloud security. And the SEC charges three with insider trading during the 2017 Equifax breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/155 Selected reading. Ukrainian Nuclear Operator Accuses Russians Hackers Of Attacking Its Website (RadioFreeEurope/RadioLiberty) Ukraine nuclear power company says Russia attacked website (Al Jazeera) Ukraine Nuclear Operator Reports Cyberattack on Its Website (The Defense Post) How electronic warfare is reshaping the war between Russia and Ukraine (The Record by Recorded Future) Army lesson from Ukraine war: cyber, EW capabilities not decisive on their own (FedScoop) Learning from Ukraine, Army cyber schoolhouse focuses on electromagnetic spectrum (Breaking Defense) Cyber and full-spectrum operations push the Great Power conflict left of boom (Breaking Defense) Microsoft Exchange alternative Zimbra is getting widely exploited, 1000s hit (The Stack) CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suit (CyberWire) Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) A signed Mac executable… (ESET) Yokogawa CENTUM Controller FCS (CISA) LS ELECTRIC PLC and XG5000 (CISA) Delta Industrial Automation DRAS (CISA) Softing Secure Integration Server (CISA) B&R Industrial Automation Automation Studio 4 (CISA) Emerson Proficy Machine Edition (CISA) Sequi PortBloque S (CISA) Siemens Industrial Products with OPC UA (CISA) U.S. SEC charges 3 people with insider trading tied to Equifax hack (Reuters) SEC Charges Three Chicago-Area Residents with Insider Trading Around Equifax Data Breach Announcement (US Securities and Exchange Commission)
Microsoft identifies and disrupts Russian cyberespionage activity. An update on RedAlpha. An evil PLC proof-of-concept shows how programmable logic controllers could be "weaponized." Ben Yelin has an update on right to repair. Our guest is Arthur Lozinski of Oomnitza with a look at attack surface management maturity. And the Cl0p gang hits an English water utility (but tries to extort the wrong one–stuff happens, y'know?). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/154 Selected reading. Disrupting SEABORGIUM's ongoing phishing operations (Microsoft Security Microsoft disrupts Russian-linked hackers targeting NATO countries (Breaking Defense) Microsoft Announces Disruption of Russian Espionage APT (SecurityWeek) Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs (The Record by Recorded Future) Microsoft shuts down accounts linked to Russian spies (Register) RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations (Recorded Future) Hackers linked to China have been targeting human rights groups for years (MIT Technology Review) Evil PLC Attack: Using a Controller as Predator Rather than Prey (Claroty) Hackers attack UK water supplier but extort wrong victim (BleepingComputer) South Staffordshire Water victim of cyber attack, customers not at risk (Computing) South Staffordshire Water says it was target of cyber attack as criminals bungle extortion attempt (Sky News)
Shuckworm maintains its focus on Ukrainian targets. Killnet's DDoS and dubious proof-of-work. Iron Tiger's supply chain campaign. TikTok and national security. Dinah Davis from Arctic Wolf shares insights on Dark Utilities. Rick Howard digs into identity management. And an arrest in the case of the Tornado Cash crypto mixer. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/154 Selected reading. Shuckworm: Russia-Linked Group Maintains Ukraine Focus (Symantec) Killnet Releases 'Proof' of its Attack Against Lockheed Martin (SecurityWeek) Killnet greift lettisches Parlament an (Tagesspiegel) Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (Trend Micro) How Frustration Over TikTok Has Mounted in Washington (New York Times) 3 ways China's access to TikTok data is a security risk (CSO Online) Arrest of suspected developer of Tornado Cash (FIOD) Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer (The Hacker News) Arrested Tornado Cash developer is Alexey Pertsev, his wife confirms (The Block)
Cybercriminals are motivated by one simple incentive - money. Their favorite tools are bots to leverage sophistication, scalability, and ease of use. The effect is the creation of the underground bot ecosystem. This community allows threat actors to work together and continually improve their tactics. They sell bypasses for rule-based anti-bot solutions to other less technical fraudsters. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Etay Maor. Cato Networks' Senior Director Security Strategy. They discuss this reality that has put defenders at a serious disadvantage and the mitigation steps to consider for future attacks.. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Kasada's founder Sam Crowther talking about what he saw first-hand as a red teamer at a major Australian bank and what inspired him to reimagine bot mitigation with the founding principle of undermining the attacker's ROI.
The optempo of the war's cyber phase, and Ukraine's response. Organizing and equipping hacktivists. Joint warning on Zeppelin ransomware. Update on the DoNot Team, APT-C-35. Rewards for Justice offers $10 million for information on Conti operators. Rob Boyce from Accenture shares insights from BlackHat. Caleb Barlow ponders closing the skills gap while shifting to remote work. And, hey, Mr. Target: pick one, OK? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/153 Selected reading. Black Hat 2022‑ Cyberdefense in a global threats era (WeLiveSecurity) How one Ukrainian ethical hacker is training 'cyber warriors' in the fight against Russia (The Record by Recorded Future) #StopRansomware: Zeppelin Ransomware (CISA) APT-C-35: New Windows Framework Revealed (Morphisec) The US Offers a $10M Bounty for Intel on Conti Ransomware Gang (Wired)
KillMilk says his crew downed Lockheed Martin's website. Industroyer2, and what became of it. CISA releases its election cybersecurity toolkit. Post-incident disruption at Britain's NHS. Carl Wright of AttackIQ shares strategies for CISOs to successfully prepare for the next attack. Dr. Christopher Pierson from Blackcloak joins us from Black Hat. And Cisco seems to have thwarted a security incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/152 Selected reading. Russian hacking group claims attack on Lockheed Martin (SiliconANGLE HIMARS-Maker Lockheed Martin "confident" against Russian hackers (Newsweek) Industroyer2: How Ukraine avoided another blackout attack (SearchSecurity) Researchers Look Inside Russian Malware Targeting Ukrainian Power Grid (PCMAG) CISA Releases Toolkit of Free Cybersecurity Resources for Election Community (CISA) Cybersecurity Toolkit to Protect Elections (CISA) NHS staff told to plan for three weeks of disruption following cyberattack (Computing) Major NHS IT outage to last for three weeks (The Independent) Exclusive: NHS chiefs fear cyber attackers have accessed patient data (Health Service Journal) Cisco Event Response: Corporate Network Security Incident (Cisco) Cisco Talos shares insights related to recent cyber attack on Cisco (Cisco Talos) Cisco confirms May attack by Yanluowang ransomware group (The Record by Recorded Future) Cisco Hit by Cyberattack From Hacker Linked to Lapsus$ Gang (Bloomberg) Cisco's own network compromised by gang with Lapsus$ links (Register) Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (BleepingComputer)
Patch notes, and the risks associated with failure to patch. Finland's parliament comes under cyberattack. Killnet says there will be blood, but they may just be grandstanding for the home crowd. Cyberattacks against a UK firm that's criticized Russia's war. We're joined by FBI Cyber Division AD Bryan Vorndran and Adam Hickey, deputy assistant attorney general for the National Security Division with an introduction to Watchguard. Our guest is Matthew Warner from Blumira with tips on avoiding burnout. And not all criminal organizations are working for Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/151 Selected reading. Already Exploited Zero-Day Headlines Microsoft Patch Tuesday (SecurityWeek) Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws (BleepingComputer). IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products (SecurityWeek) Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader (SecurityWeek) ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities (SecurityWeek) VMSA-2022-0022 (VMware) Emerson OpenBSI (CISA) Emerson ControlWave (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA) Multiple attackers increase pressure on victims, complicate incident response (Sophos News) Life After Death—SmokeLoader Continues to Haunt Using Old Vulnerabilities (Fortinet Blog) NBI launches probe into attack on Finnish Parliament site (Yle) Russian hacker warns cyberwarfare will turn deadly (Newsweek) Russian hacker warns cyberwarfare will turn deadly (Newsweek) Suspected Russian cyber attack on British soil as firm subjected to ‘daily' hacks (The Telegraph) Meet DUMPS Forum: A pro-Ukraine, anti-Russia cybercriminal forum | Digital Shadows (Digital Shadows)
Tracking apparent Chinese industrial cyberespionage. Tornado Cash sanctions. Twilio discloses a breach. Social engineering exposes data at Klaviyo. Microsoft's Ann Johnson previews the latest season of Afternoon Cyber Tea. Joe Carrigan tracks the growth in cryptojacking. And what might the Mounties be monitoring? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/151 Selected reading. Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China (SecurityWeek) China-linked spies used six backdoors to steal defense info (Register) U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury) Twilio hacked by phishing campaign (TechCrunch) Twilio, a texting platform popular with political campaigns, reports breach (CyberScoop) Incident Report: Employee and Customer Account Compromise - August 4, 2022 (Twilio Blog) Email marketing firm hacked to steal crypto-focused mailing lists (BleepingComputer) RCMP has used spyware to access targets' communications as far back as 2002: Senior Mountie (Global News) RCMP says it has not used Pegasus spyware (POLITICO)
In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport–united for a shared mission. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by two Hash Table members, Ted Wagner, CISO at SAP National Security Services, and Jenn Reed, CISO at Aviatrix. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor ExtraHop's Senior Product Marketing Manager, Chase Snyder, and CrowdStrike's Head of Product Marketing, Janani Nagarajan .They discuss why and how vendors should work together to enable better integrated security for their customers. They'll answer questions like “what is XDR?” and “how do I get my vendors to work together?”.