POPULARITY
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
If you like what you hear, please subscribe, leave us a review and tell a friend!
In today's podcast we cover four crucial cyber and technology topics, including: 1. Globe Life being extorted following data loss 2. Japanese ruling party targeted leading up to election 3. Microsoft urges Mac users to update due to flaw 4. SEC hacker arrested following takeover of social media account I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
In today's podcast we cover four crucial cyber and technology topics, including: REVIL operator sentenced to 13 years in prison Sweden facing high volume of attacks after joining NATOSpanish police arrest over 100 individuals in cybercrime ring North Korean actors abusing email policies to spy I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
NETSCOUT SYSTEMS, INC. has released findings from its 2H2023 DDoS Threat Intelligence Report that dissects trends and attack methodologies adversaries use against service providers, enterprises, and end-users. The information cited in the report is gathered from NETSCOUT's unparalleled internet visibility at a global scale, collecting, analysing, prioritising, and disseminating data on DDoS attacks from 214 countries and territories, 456 vertical industries, and more than 13,000 Autonomous System Numbers (ASNs). Driven by tech-savvy and politically motivated hacktivist groups and an increase in DNS water torture attacks, NETSCOUT observed more than 7 million DDoS attacks in the second half of 2023, representing a 15% increase from the first half of the year. Hacktivism Increases Ten-Fold Distributed denial-of-service (DDoS) hacktivism transcended geographic borders during the past year, exemplifying a shift in the global security landscape. Groups like NoName057(016) and Anonymous Sudan, as well as lone hackers and small collectives, are increasingly using DDoS to target those ideologically opposed to them, for example: Peru experienced a 30% increase in attacks tied to protests of former Peruvian President Fujimori's release from prison on 6th December Poland experienced a surge in attacks at the end of 2023 associated with a regime change and statements reaffirming Poland's support of Ukraine in the Russia-Ukraine conflict Anonymous Sudan attacked X (formerly Twitter) to influence Elon Musk regarding Starlink service in Sudan, and it attacked Telegram for suspending its main channel NoName057(016), Anonymous Sudan, and Killnet have taken credit for DDoS attacks in Ukraine, Russia, Israel, and Palestine targeting communications infrastructure, hospitals, and banks. Daily attacks from hacktivists increased more than ten-fold between the first and second halves of 2023. NoName057(016) topped the list of DDoS adversaries in 2023, targeting 780 websites across 35 countries. Water Torture Attacks Rise Targeting critical systems at the heart of the Internet's control plane, DNS (Domain Name System) water torture attacks have been on the rise since the end of 2019. DNS query floods designed to overwhelm authoritative DNS servers experienced a massive 553% increase from 1H2020 to 2H2023. Rather than targeting one website or server, adversaries go after entire systems, resulting in even more damage. Gaming and Gambling Targeted NETSCOUT findings point to gaming - and the gambling associated with gaming - as a primary target for DDoS attacks. Threat actors are drawn to the sector's substantial financial value and the goal of disrupting competitors, especially during online esports tournaments. Historically, 80-90% of all DDoS attacks are related to gaming and gambling. NETSCOUT assessed attacks on enterprises in these sectors, determining that more than 100,000 DDoS attacks were deployed against those in gaming, and over 20,500 were made against those tied to gambling in 2023. In addition, based on NETSCOUT's observations of the DDoS threat landscape, approximately 1% of DDoS attacks are suppressed from originating networks. "Global adversaries have become more sophisticated in the past year attacking websites and overloading servers to lockout customers and inflict digital chaos to influence geopolitical issues," stated Richard Hummel, senior threat intelligence lead, NETSCOUT. "The relentless barrage of DDoS threats drives up costs and creates security fatigue for network operators. They cannot safeguard their digital assets without the proper advanced DDoS protection leveraging predictive, real-time threat intelligence." Multiple decades of experience working with the world's largest service providers and enterprises give NETSCOUT far-reaching visibility into the global internet to discern the pulse of the digital world. Our capacity to monitor and respond to DDoS attacks is powered by our ATLAS platform, which enables us to anal...
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly! What is An Application-Layer DDoS Attack, and How Do I Defend Against Them? 2023 DDoS Statistics and Trends https://en.wikipedia.org/wiki/Killnet This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-357
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly! What is An Application-Layer DDoS Attack, and How Do I Defend Against Them? 2023 DDoS Statistics and Trends https://en.wikipedia.org/wiki/Killnet This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-357
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work?
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work?
Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And there's discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/225 Giving Tuesday Our team offers up some suggestions for Giving Tuesday should you feel inclined to join us in sharing your time, talents or treasures on this day of giving back. Arizona Cyber Initiative Association for Women in Science BlackGirlsHack Cyber Guild Exceptional Minds G{Code} Girls Who Code Lurie Children's Hospital NFAR Melwood Tech Kids Unlimited WiCyS Women of Cyberjutsu Selected Reading Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states (CNN) Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Ardent Health Services Reports Information Technology Security Incident (BusinessWire) Vanderbilt University Medical Center investigating cybersecurity incident (The Record) Criminal hacking group breaches data, including Premier Health (WDTN 2 News) Global Threat Intelligence Report (Blackberry) ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER (Check Point Research) Operation Electric Powder – Who is targeting Israel Electric Company? (ClearSky Cyber Security) New Rust-based SysJoker backdoor linked to Hamas hackers (Bleeping Computer) WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne) Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media (The Register) Ukraine's Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Cybercriminals can't agree on GPTs (Sophos)
This week our own Dr. Doug talks: Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, Jason Wood, and more Spooky News on this Halloween edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-338
Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, More News, and Jason Wood, on this Halloween edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-338
This week our own Dr. Doug talks: Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, Jason Wood, and more Spooky News on this Halloween edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-338
Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheon's Jon Check about supporting and shaping the next generation of the cyber workforce. Grady Summers from SailPoint outlines the importance of organizations managing and protecting access to critical data. And a look at CISOs willingness to pay ransom. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/193 Selected reading. The Israel-Hamas War Is Drowning X in Disinformation (WIRED) As false war information spreads on X, Musk promotes unvetted accounts (Washington Post) Elon Musk's X Cut Disinformation-Fighting Tool Ahead of Israel-Hamas Conflict (The Information) US opinion divided amid battle for narrative over Hamas attack on Israel (the Guardian) Zelensky Compares Assault by Hamas on Israel to Moscow's Invasion of Ukraine (New York Times) Russia cites ‘concern' but does not condemn Hamas attack on Israel (Washington Post) The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape (ReliaQuest) Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App Hacktivism erupts in Middle East as Israel declares war (Register) The Israel-Hamas War Erupts in Digital Chaos (WIRED) Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks (SecurityWeek) Israel's government, media websites hit with cyberattacks (Cybernews) Website of Jerusalem Post crashes after multiple cyberattacks (OpIndia) Ukraine cyber-conflict: Hacking gangs vow to de-escalate (BBC News) North Korea Suspected in Massive Hack of DeFi Project Mixin (OODA Loop) Assessed Cyber Structure and Alignments of North Korea in 2023 (Mandiant) Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan (Symantec) The Art of Concealment: A New Magecart Campaign That's Abusing 404 Pages (Akamai) Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service (Hack Read) 23andMe user data breached in credential-stuffing attack (Engadget) ‘Your DNA is for sale on the black market': 23andMe data breach exposes customers (The Daily Dot) 23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (WIRED) 23andMe data breach affects a million users with Jewish heritage (Dataconomy) D.C. voter records for sale in cybercrime forum (CyberScoop) Hackers access voter information in DC Board of Elections data breach (WTOP News) DC Board of Elections investigates voter data breach (NBC4 Washington) The CISO Report (Splunk) October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty (Help Net Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you'd rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrust is a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors targeting macOS. And Cybersecurity Awareness Month begins this week. Learn more about the Blu Ventures Conference here: https://www.bluventureinvestors.com/cyber-venture-forum For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/188 Selected reading. Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI) FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher) A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs) New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News) APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology) APT34 Deploys Phishing Attack With New Malware (Trend Micro) Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News) Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record) North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop) Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread) North Korean Lazarus targeted a Spanish aerospace company (Security Affairs) Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (BleepingComputer) Ukraine at D+585: Trench fighting in the south. (CyberWire) Royal Family's official website targeted in cyber attack (Sky News) Royal family website hit by cyber attack (The Independent) The country ‘dodged a bullet' after shutdown avoided, but the cyber threat still hovers (Washington Post) US Federal shutdown averted (or postponed): effects on cybersecurity. (CyberWire) Cybersecurity Awareness Month: perspectives from the cyber sector. (CyberWire) Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series (NIST) Learn more about your ad choices. Visit megaphone.fm/adchoices
Hour 1 * Guest: Dr. Scott Bradley, Founder and Chairman of the Constitution Commemoration Foundation and the author of the book and DVD/CD lecture series “To Preserve the Nation.” In the Tradition of the Founding Fathers – FreedomsRisingSun.com * Russian hackers promise takedown of European banking system – ‘Within 48 hours … nothing will save you' – WND.com The Russian activist groups are known by the names KillNet, Anonymous Sudan and REvil. * Halderman Report on Voting Machine Vulnerabilities Finally Released, Validates Mike Lindell's Warnings – Brannon Howse, FrankSpeech.com * Dozens of Ottawa High School Students Stage Walkout to Protest Gender Ideology – EpochTimes.com * US government agencies hit in global hacking spree – Reuters. Hour 2 * Rep. Jim Jordan Threatens White House With Subpoenas Over Social Media Censorship! * They Will Never Impeach Joe, Will They? * White Starbucks manager fired over racist claims wins $25 million! * Lawmaker Tells Californians to Flee State Over Bill Favoring ‘Gender-Affirming' Parents. * An AI Program Is Pretending to Be Jesus and Thousands of Lost Young People Are Flocking to It – The Western Journal. * Taiwan prepares for war with China. * Nearly 1 in 5 adults say they've been diagnosed with depression – CDC. * A recently released report from a Planned Parenthood watchdog group revealed that the abortion chain's CEOs are among the highest-paid in the country's nonprofit sector. * Catholic pro-life organization American Life League's STOPP International is dedicated to exposing the “true nature of Planned Parenthood” by documenting “its anti-life, anti-family programs,” according to its website. * Governor Newsom Proposes 28th Amendment to the US Constitution. * Pledge of GAY-legiance: White House under fire for replacing Old Glory with Pride flag during LGBT event. --- Support this podcast: https://podcasters.spotify.com/pod/show/loving-liberty/support
The Lazarus Group targets developers. Threat actors target the banking sector with fake LinkedIn profiles and open source supply chain attacks. Vulnerabilities reported in OpenMeetings. HTML smuggling is sold in the C2C market. Johannes Ullrich from SANS describes attacks against niche web apps. Our guest is Damir Brecic of Inversion6 discussing the privacy and security concerns of Meta's new Threads app. And Romania's SVR reports a pattern of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/138 Selected reading. GitHub warns of Lazarus hackers targeting devs with malicious projects (BleepingComputer) Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says (Record) Security alert: social engineering campaign targets technology industry employees (The GitHub Blog) First Known Targeted OSS Supply Chain Attacks Against the Banking Sector (Checkmarx) A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State (Sonar) Fresh Phish: HTML Smuggling Made Easy, Thanks to a New Dark Web Phish Kit (INKY) KillNet Showcases New Capabilities While Repeating Older Tactics (Mandiant). Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. (CyberScoop). Anonymous Sudan DDoS strikes dominate attacks by KillNet collective (SC Media) Romanian Intelligence General: All Russian secret services attempted cyber attacks against Romania (ACTMedia)
Intel Topics Covered Today: ► China War Coming ► Five Weapons Bans Overturned ► KillNet Cyber Attack Threatens Govt. Website ► US Bus Driver Shortage ► FDA Approved Fake Meat ► 24.5% of High School Students Identify as LGBTQ ► And much more. Wes (your host for our Weekly Intelligence Brief) is the founder of superessestraps.com and the Classified Grayman Briefing http://www.graymanbriefing.com/ ▶︎ Use Code: GBCUST at checkout for $1 a month off of your subscription. Normal monthly cost is $5… Now only $4 per month when you use Code: GBCUST at GraymanBriefing.com ▶︎ Visit ULTIMATE SURVIVAL TIPS Website: https://ultimatesurvivaltips.com/ for MSK-1 Knives, Survival Guides and EDC Gear ▶︎ Checkout Wes's Website, Sweet Gear and Timely Information: https://www.superessestraps.com/ ▶︎ Visit ULTIMATE SURVIVAL TIPS Website: https://ultimatesurvivaltips.com/ ADDITIONAL Resources and Links: ▶︎ David's NEW Tiny First Aid and Survival Guide @ https://www.tinysurvival.com/ ▶︎ David's MSK-1 Knife: http://www.msk1knife.com/ ▶︎ Harvest Right Freeze Dryer SPECIAL DEAL: Use Link: ultimatesurvivaltips.com/freeze (For FREE Shipping, Upgraded Premium Pump and Starter Kit) --- Send in a voice message: https://podcasters.spotify.com/pod/show/thesurvivalshow/message Support this podcast: https://podcasters.spotify.com/pod/show/thesurvivalshow/support
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week's show is brought to you by Material Security. We'll be hearing from one of Material's friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week's sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay' The US Navy, NATO, and NASA Are Using a Shady Chinese Company's Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi's wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans' data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week's show is brought to you by Nucleus Security. We'll be hearing from one of Material's friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week's sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay' The US Navy, NATO, and NASA Are Using a Shady Chinese Company's Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi's wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans' data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
The BlackCat gang crosses Reddit's path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomware gang. KillNet, REvil, and Anonymous Sudan form a "DARKNET Parliament" and “sanction” the European banking system. The British Government commits £25 million in cybersecurity aid to Ukraine. Ben Yelin explains cyber disclosure rules proposed by the SEC. Rick Howard speaks with Nancy Wang of AWS about the importance of backups and restores. And what researchers are turning up in cloud honeypots. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/117 Selected reading. Reddit: Hackers demand $4.5 million and API policy changes (Computing) Mystic Stealer – Evolving “stealth” Malware (Cyfirma) Mystic Stealer: The New Kid on the Block (Zscaler) Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (Bitdefender) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) CVE-2023-35708 Detail (NIST) U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims (Reuters) US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks (SecurityWeek) A bear in wolf's clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations (CyberCX) Anonymous Sudan: Religious Hacktivists or Russian Front Group? (Trustwave) UK to give Ukraine major boost to mount counteroffensive (UK Government) 2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes (Orca Security)
The Five Eyes, alongside a couple of allies, issue a LockBit advisory. AI aids in proofreading phishing attacks. Anonymous Sudan mounts nuisance-level DDoS attacks against US companies. France alleges a disinformation campaign conducted by Russian actors. KillNet says it's partnered with the less-well-known Devil Sec. The private cybersecurity industry's effect on the war in Ukraine. Carole Theriault ponders oversharing on social media. Our guest is Duncan Jones from Quantinuum on the threats of Harvest Now, Decrypt Later tactics. And a note on this month's Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/114 Selected reading. Understanding Ransomware Threat Actors: LockBit (Joint Cybersecurity Advisory) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks (Abnormal Security) France Accuses Russia of Online Disinformation Campaign (Bloomberg) The Private Sector's Evolving Role in Conflict—From Cyber Assistance to Intelligence (R Street) Microsoft Patches Critical Windows Vulns, Warns of Code Execution Risks (SecurityWeek) Patch Tuesday: Critical Flaws in Adobe Commerce Software (SecurityWeek) Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes (Naked Security)
ChatGPT takes an unexpectedly human turn in having its own version of hallucinations. Updates on Cl0p's ransom note, background, and recent promises. Researchers look at Instagram's role in promoting CSAM. A look at KillNet's reboot. Andrea Little Limbago from Interos shares insight on cyber's human element. Our guest is Aleksandr Yampolskiy from SecurityScorecard on how CISOs can effectively communicate cyber risk to their board. And a hacktivist auxiliary's stellar advice for protecting your data. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/110 Selected reading. Can you trust ChatGPT's package recommendations? (Vulcan) Ransomware group Clop issues extortion notice to ‘hundreds' of victims (The Record) MOVEit cyber attack: Cl0p sparks speculation that it's lost control of hack (ITpro) Responding to the Critical MOVEit Transfer Vulnerability (CVE-2023-34362) (Kroll) MOVEit Transfer Critical Vulnerability (May 2023) (Progress) Cybergang behind N.S. breach says it erased stolen data, but experts urge caution (CBC Canada) Most SMBs admit to paying ransomware demands - here's why (TechRadar) Instagram Connects Vast Pedophile Network (Wall Street Journal) Addressing the distribution of illicit sexual content by minors online (Stanford University) Rebooting Killnet, a New World Order and the End of the Tesla Botnet (Radware)
Anonymous Sudan responds to remarks from the US Secretary of State by targeting Lyft and American hospitals. NSA releases an advisory on North Korean spearphishing campaigns. The US government's Moonlighter satellite will test cybersecurity in orbit. "Operation Triangulation" offers an occasion for Russia to move closer to IT independence. The SEC drops cases over improper access to Adjudication Memoranda. Executives and board members are easy targets for threat actors trolling for sensitive information. Rick Howard targets Zero Trust. The FBI's Deputy Assistant Director for Cyber Cynthia Kaiser shares trends from the IC3 Annual Report. And KillNet seems to say it's disbanding…or is it? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/107 Selected reading. U.S. Measures in Response to the Crisis in Sudan (US Department of State) U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence (US National Security Agency) North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media (Joint Cybersecurity Advisory) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency) CVE-2023-34362 Detail (National Institute of Standards and Technology) Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (Mandiant) SpaceX launch sends upgraded solar arrays to International Space Station (Spaceflight Now) Moonlighter Fact Sheet (The Aerospace Corporation) Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space (The Register) Russia wants 2 million phones with home-grown Aurora OS for use by officials (The Record) Russia accuses U.S. of hacking thousands of iPhones (Axios) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Operation Triangulation: Mysterious attack on iPhones (ComputerBild) Killnet hacktivists say they're disbanding (Cybernews) Second Commission Statement Relating to Certain Administrative Adjudications (US Securities and Exchange Commission) Ponemon: Understanding the Serious Risks to Executives' Personal Cybersecurity & Digital Lives (BlackCloak)
China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications of ChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/101 Selected reading. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point) Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (The Record) Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz) Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky Security) Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor) Buhti: New Ransomware Operation Relies on Repurposed Payloads (Symantec) Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII (SentinelOne) The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile (Akamai) Fresh Phish: ChatGPT Impersonation Fuels a Clever Phishing Scam (INKY)
DDoS "carpet bombing." Lancefly infests Asian targets. Cyber insurance trends. Infostealers in the C2C market. A Russian espionage service is masquerading as a criminal gang. KillNet's running a psyop radio station of questionable quality. Joe Carrigan describes baiting fraudsters with fake crypto. Our guest is Gemma Moore of Cyberis talking about how red teaming can upskill detection and response teams. And geopolitical DDoS. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/94 Selected reading. 2023 DDoS Threat Intelligence Report (Corero) Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors (Symantec) 2023 Cyber Claims Report (Coalition) The Growing Threat from Infostealers (Secureworks) Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say (TechCrunch) DDoS Attacks Targeting NATO Members Increasing (Netscout) Following the long-running Russian aggression against Ukraine. (The CyberWire)
Kimsuki has a new reconnaissance tool. The Biden administration shares plans for AI. Reports on the ransomware taskforce report. KillNet recommits to turning a profit. Deepen Desai from Zscaler has the latest stats on Phishing. Our guest is Karen Worstell from VMware with a conversation about inclusivity. And the former CSO at Uber is sentenced. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/87 Selected reading. Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign (SentinelOne) Ransomware Task Force Gaining Ground - May 2023 Progress Report (Ransomware Task Force) Influential task force takes stock of progress against ransomware (Washington Post) For Money and Attention: Killnet Apparently Reorganizes Again (Flashpoint) Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up (Security Week) Former Uber security chief Sullivan avoids prison in data breach case (Washington Post)
BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. My guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/79 Selected reading. BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay) Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative) Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post) U.S. deploys more cyber forces abroad to help fight hackers (Reuters) DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com) US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record) North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia) Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury)
An Iranian APT MERCURY exploits known vulnerabilities. The US investigates apparent leaks of classified information about Russia's war against Ukraine. KillNet claims it has paralyzed NATO websites. More apparent doxing of the GRU. Britta Glade and Monica Koshgarian of RSA Conference talking about content curation. Grayson Milbourne from OpenText Cybersecurity hopes to remove shame from cyber attacks. And, finally, some notes on cloud security trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/68 Selected reading. MERCURY and DEV-1084: Destructive attack on hybrid environment (Microsoft Threat Intelligence) Leaked US battlefield intelligence on Ukraine is fake, says Kyiv (The Telegraph) Russia Claims Leaked Pentagon Intelligence on Ukraine is U.S. Disinformation (US News and World Report) Leaked US secret NATO-Ukraine war docs likely altered, say experts (SC Media) Ukraine's air defences could soon run out of missiles, apparent Pentagon leak suggests (the Guardian) Russia nearly shot down British spy plane near Ukraine, leaked document says (Washington Post) Justice Dept. will investigate leak of classified Pentagon documents (Washington Post) US investigating whether Ukraine war documents were leaked (Military Times) U.S. Reviewing Online Appearance Of Sensitive Documents Related To Ukraine, Pentagon Says (RadioFreeEurope/RadioLiberty) WSJ News Exclusive | Pentagon Investigates More Social-Media Posts Purporting to Include Secret U.S. Documents (Wall Street Journal) New Details on Intelligence Leak Show It Circulated for Weeks Before Raising Alarm (Wall Street Journal) Intelligence leak exposes U.S. spying on adversaries and allies (Washington Post) Secret US Documents on Ukraine War Plan Spill Onto Internet: Report (SecurityWeek) US hit by ‘worst leak of secret documents since Edward Snowden' (The Telegraph) Ukraine at D+410: Static, sanguinary lines. (CyberWire) Report Finds 90% of IT Professionals Have Experienced a Cybersecurity Breach (Skyhigh Security)
Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters) Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market' Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world's largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry's website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra vulnerability exploited by Russian hackers targeting Nato countries - CISA (Tech Monitor) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) NVD - CVE-2022-27926 (National Vulnerability Database) The Interview - Russian cyber weapons 'could do a lot of damage' in the US: Former counterterrorism czar (France 24) Biden cybersecurity chief 'surprised' Russia has not hit US targets amid Ukraine war (Washington Examiner) Ukrainian Cyber War Confirms the Lesson: Cyber Power Requires Soft Power (Council on Foreign Relations)
Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog) Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record)
North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen. Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist. And Grand Theft Auto is now also a TikTok challenge. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/32 Selected reading. RedEyes hackers use new malware to steal data from Windows, phones (BleepingComputer) Multilingual Executive Impersonation Attacks (Abnormal Intelligence) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) Following the Money: Killnet's ‘Infinity Forum' Wooing Likeminded Cybercriminals (Flashpoint) Hyundai, Kia patch bug allowing car thefts with a USB cable (BleepingComputer) Hyundai and Kia Launch Service Campaign to Prevent Theft of Millions of Vehicles Targeted by Social Media Challenge (NHTSA)
CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can you name and shame the shameless? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/29 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks (SecurityWeek) Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (BleepingComputer) Fool's Gold: dissecting a fake gold market pig-butchering scam (Sophos) Iranian State TV Hacked During President's Speech on Revolution Day (HackRead) Russian hackers disrupt Turkey-Syria earthquake relief (The Telegraph) Hacking marketplace emerges from Killnet partnership, seeks pro-Russia donations (SC Media) Russian Government evaluates the immunity to hackers acting in the interests of Russia (Security Affairs) Russia's Ransomware Gangs Are Being Named and Shamed (WIRED)
Weekly Survival Intelligence Brief #010: Welcome to our weekly classified intelligence audio brief. Over the next few minutes Wesley from Superesse is going to share with you the most important survival intelligence stories that have occurred over the past week from the Grayman Briefing. This timely and concise reporting will help you to stay sharp and well ahead of the knowledge curve so that you can be better prepared for what's coming down the road. Wes is the founder of superessestraps.com and the Classified Grayman Briefing http://www.graymanbriefing.com/ Use Code: GBCUST at checkout for $1 a month off of your subscription. Normal monthly cost is $5… Now only $4 per month when you use Code: GBCUST at GraymanBriefing.com ▶︎ Checkout Wes's Website and Cool Gear and timely information: https://www.superessestraps.com/ ▶︎ Visit ULTIMATE SURVIVAL TIPS Website: https://ultimatesurvivaltips.com/ ADDITIONAL Resources and Links: ▶︎ David's NEW Tiny First Aid and Survival Guide @ https://www.tinysurvival.com/ ▶︎ David's MSK-1 Knife: http://www.msk1knife.com/ ▶︎ Harvest Right Freeze Dryer SPECIAL DEAL: Use Link: ultimatesurvivaltips.com/freeze (For FREE Shipping, Upgraded Premium Pump and Starter Kit) --- Send in a voice message: https://anchor.fm/thesurvivalshow/message
CISA has released six ICS Advisories. A look at a North Korean cyberespionage campaign. ChatGPT and its attack potential. A new Python-based supply chain attack. There's traffic on the Static Expressway: ClickFunnels seen in use for redirection. KillNet continues its campaign against hospitals. Ransomware as misdirection for cyberespionage. Part two of my conversation with Kathleen Smith of ClearedJobs.Net discussing trends in the cleared space. Our guest is Eric Bassier of Quantum talking about the multi-layered approach to ransomware protection. And Russian surveillance extends to Telegram chats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/23 Selected reading. Delta Electronics DIAScreen (CISA) Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CISA) Baicells Nova (CISA) Delta Electronics DVW-W02W2-E2 (CISA) Delta Electronics DX-2100-L1-CN (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA) No Pineapple! –DPRK Targeting of Medical Research and Technology Sector (WithSecure) Hackers linked to North Korea targeted Indian medical org, energy sector (The Record from Recorded Future News) North Korean hackers stole research data in two-month-long breach (BleepingComputer) ChatGPT May Already Be Used in Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research (BlackBerry) Supply Chain Attack by New Malicious Python Package, “web3-essential” ((Frotinet) Leveraging ClickFunnels to Bypass Security Services (Avanan) Report: 'KillNet' targeting hospitals in countries helping Ukraine in war efforts (Becker's Hospital Review) Intelligence agency says ransomware group with Russian ties poses 'an enduring threat' to Canada (CBC) Les ransomwares, couverture des groupes APT pour du cyber-espionnage (Le Monde Informatique) The Kremlin Has Entered the Chat (WIRED)
Some perspective on the cybercriminal labor market. DocuSign is impersonated in a credential-harvesting campaign. Social engineering pursues financial advisors. Killnet is active against the US healthcare sector. Mr. Security Answer Person John Pescatore has thoughts on cryptocurrency. Ben Yelin and I debate the limits of section 230. And, hey, who's the real victim in cyberspace? A hint: probably not you, Mr. Putin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/20 Selected reading. Perspectives on the cybercriminal labor market. (CyberWire). IT specialists search and recruitment on the dark web (Securelist) Cybercrime job ads on the dark web pay up to $20k per month (BleepingComputer) Report on hackers' salaries shows poor wages for developers (Register) Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web (CyberScoop) Application security risks. (CyberWire) Survey gives insight into new app security challenges (Cisco App Dynamics) DocuSign impersonated in credential phishing attack. (CyberWIre) Breaking the Impersonation: Armorblox Stops DocuSign Attack (Armorblox) "Pig butchering" and financial advisor impersonation scams. (CyberWire) No Blocking, No Issue: The Curious Ecosystem of Financial Advisor Impersonation Scams (Domain Tools) Ukraine at D+341: Killnet hits US hospitals.(CyberWire) HC3 TLP Clear Analyst Note: Pro-Russian Hacktivist Group Threat to HPH Sector (American Hospital Association) HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals (Gov Info Security) Russian hackers allegedly take down Duke University Hospital's website (Carolina Journal) The Evolution of DDoS: Return of the Hacktivist (FSISAC) Russia becomes target of West's coordinated aggression in cyberspace — MFA (TASS)
An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike's Adam Meyers. If you say you're going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/18 Selected reading. Cybercriminals stung as HIVE infrastructure shut down (Europol) U.S. Department of Justice Disrupts Hive Ransomware Variant (U.S. Department of Justice) Director Christopher Wray's Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group (Federal Bureau of Investigation) Taking down the Hive ransomware gang. (CyberWire) US hacks back against Hive ransomware crew (BBC News) Cyberattacks Target Websites of German Airports, Admin (SecurityWeek) Delta Electronics CNCSoft ScreenEditor (CISA) Econolite EOS (CISA) Snap One Wattbox WB-300-IP-3 (CISA) Sierra Wireless AirLink Router with ALEOS Software (CISA). Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers (CISA) Rockwell Automation products using GoAhead Web Server (CISA) Landis+Gyr E850 (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) CISA Has Added One Known Exploited Vulnerability to Catalog (CISA)
The Vice Society may be upping its marketing game. Royal ransomware may have a connection to Conti. Royal delivers ransom note by hacked printer. KillNet goes after healthcare. CISA's Stakeholder Engagement Strategic Plan. Adam Meyers from CrowdStrike looks at cyber espionage. Giulia Porter from RoboKiller does not want to talk to you about your car's extended warranty. And holiday wishes to all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/245 Selected reading. Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (SentinelOne) Vice Society ransomware gang switches to new custom encryptor (BleepingComputer) Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (Trend Micro) Researchers Link Royal Ransomware to Conti Group (SecurityWeek) Major Australian university dealing with suspected cybersecurity attack (7NEWS) Printers at Queensland's second-largest university spit out ransomware messages after cyber attack (ABC) Pro-Russian Hacktivist Group ‘KillNet' Threat to HPH Sector (HC3) HHS alert warns KillNet hacktivist group targeted US healthcare entity (SC Media) HC3 Analyst Note TLP Clear Pro-Russian Hacktivist Group Killnet Threat to HPH Sector December 22, 2022 | AHA (American Hospital Association) Strategic Plan for Stakeholder Engagement (CISA)
Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet claims to have counted coup against the White House. Tim Starks from the Washington Post has the FCC's Huawei restrictions and ponders what congress might get done before the year end. Our guest is Tom Eston from Bishop Fox with a look Inside the Minds & Methods of Modern Adversaries. And, of course, scams, hacks, and other badness surrounding the World Cup. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/228 Selected reading. LockBit 3.0 ‘Black' attacks and leaks reveal wormable capabilities and tooling (Sophos News) Punisher Ransomware Spreading Through Fake COVID Site (Cyble) Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia (Mandiant) BEC Group Compromises Personal Accounts and Pulls Heartstrings to Launch Mass Gift Card Attacks (Abnormal Security) Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites (Trustwave) Scammers on the pitch: Group-IB identifies online threats to fans at FIFA World Cup 2022 in Qatar (Group-IB)
Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected reading. Daixin Team claims AirAsia ransomware attack with five million customer records leaked (Tech Monitor) Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (The Hacker News) DraftKings Users Hacked, Money In Account "Cashed Out" (Action Network) DraftKings says no evidence systems were breached following report of a hack (CNBC) Assessing cyber risk in the US pharmaceutical industry. (CyberWire) Killnet DDoS hacktivists target Royal Family and others (ComputerWeekly.com) Ukraine Data Centers Became Physical Targets When Cyber Attacks Failed (Meritalk) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Google seeks to make Cobalt Strike useless to attackers (Help Net Security) Google Releases YARA Rules to Disrupt Cobalt Strike Abuse (Dark Reading) Google releases 165 YARA rules to detect Cobalt Strike attacks (BleepingComputer)
Fangxiao works ad scams enroute to other compromises. Killnet claims to have defaced a US FBI site. CISA registers another Known Exploited Vulnerability. Difficulties with Twitter's SMS 2FA system. Zendesk vulnerability discovered. Joe Carrigan explains registration bombing for email addresses. Our guest is Miles Hutchinson from Jumio with insights on defense against sophisticated ransomware attackers. And Billbug romps through Asian government agencies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/219 Selected reading. Fangxiao: a Chinese threat actor (Cyjax) Fangxiao: A Phishing Threat Actor (Tripwire) Russian hackers claim cyber attack on FBI website (Newsweek) CISA Has Added One Known Exploited Vulnerability to Catalog (CISA) Twitter's SMS Two-Factor Authentication Is Melting Down (WIRED) Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk (Varonis) Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries (Symantec) Chinese hackers target government agencies and defense orgs (BleepingComputer) Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (The Hacker News)
OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts' Cybersecurity 202 has the latest on election security. A visit to the CyberWire's Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two ‘high' severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA's part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters) XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia's war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch)
Killnet explains its actions against Bulgaria's government. The National Republican Army claims successful attacks on Russian companies. The Director of Germany's BSI is out. A vulnerability in Azure, disclosed and patched. Trends in ransomware. Carole Theriault has a fresh look at the ransomware question - to pay or not to pay? Tim Eades from Cyber Mentor Fund considers cyber insurance for the small and medium sized businesses. Social Security phishing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/201 Selected reading. Cyberattack disrupts Bulgarian government websites over ‘betrayal to Russia' (The Record by Recorded Future) Russians Against Putin: NRA Claims Massive Hack of Russian Government Contractors' Computers - Kyiv Post - Ukraine's Global Voice (Kyiv Post) Germany fires cybersecurity chief after reports of possible Russia ties (Reuters) German Cybersecurity Chief Sacked Over Alleged Russia Ties (SecurityWeek) German cyber chief suspended following allegation he associated with Russian intelligence (The Record by Recorded Future) FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer (Orca Security) Ransomware In Q3 2022 (Digital Shadows) Fresh Phish: A New Social Security Phishing Scam Preys Upon Our Biggest Worries (INKY)
Refund fraud as a service. Costs of a nuisance. Remaining on alert during a hybrid war. Renewed activity by Polonium. Andrea Little Limbago from Interos discussing quantum computing policy. CyberWire Space Correspondent Maria Varmazis speaks with Dr. Gregory Falco on lessons learned from Russia's attack on Viasat. Reflections on the Uber case's impact on security professionals. And when it comes to phishing-as-a-service, we'll take decaf. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/196 Selected reading. The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform (Mandiant) Caffeine phishing. (CyberWire) Refund Fraud as a Service (Netacea) Amid reports of JP Morgan cyberattack, experts call Killnet unsophisticated, ‘media hungry' (SC Media) Hacktivists Force Companies to Respond to Low-Level Cyberattacks (Wall Street Journal) Nato warns Russian sabotage on Western targets 'could trigger Article 5' (The Telegraph) US Not Ruling Out Russian Cyber Offensive (VOA) Ukraine at D+230: Escalation, but unlikely to be sustainable. (CyberWire) POLONIUM targets Israel with Creepy malware (WeLiveSecurity) Hacking group POLONIUM uses ‘Creepy' malware against Israel (BleepingComputer) Security chiefs fear ‘CISO scapegoating' following Uber-Sullivan verdict (The Record) Sullivan verdict sends shockwaves through the security industry (Security Info Watch) Reflections on the Uber case's impact on security. (CyberWire)
A US Executive Order outlines US-EU data-sharing privacy safeguards. CISA, NSA, and the FBI list the top vulnerabilities currently being exploited by China. A look at election security and credit risk to US states. COVID-19-themed social engineering continues. Robert M. Lee from Dragos on securing the food and beverage industry. Carole Theriault interviews Joel Hollenbeck from Check Point Software on threat actors phishing school board meetings. Notes from the hybrid war: Killnet and US state government sites, the prospects of deterrence in cyberspace, and, finally, maybe the most motivated draft evaders in military history. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/194 Selected reading. FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework (The White House) Top CVEs Actively Exploited By People's Republic of China State-Sponsored Cyber Actors (CISA) Government credit risk associated with election risk (CyberWire) Exploiting COVID-19: how threat actors hijacked a pandemic (Proofpoint) Ukraine at D+125: Abandoned tanks and discontented hawks. (CyberWire) Department Press Briefing – October 6, 2022 - United States Department of State (United States Department of State) 2 Russians fleeing military service reach remote Alaska island (Military Times)
Microsoft updates mitigations for ProxyNotShell. Lloyd's of London investigates a suspected cyberattack. Killnet hits networks of US state governments. The FBI and CISA weigh in on election security. Credential theft in the name of Zoom. Tim Eades from Cyber Mentor Fund on the move to early-stage investing in times of war and recession. Our guest is Nick Lumsden of Tenacity Cloud on cloud infrastructure sprawl. The former security chief at Uber was found guilty in a case involving data breach cover-up. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/193 Selected reading. Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Microsoft updates guidance for ‘ProxyNotShell' bugs after researchers get around mitigations (The Record by Recorded Future) Microsoft Updates Mitigation for Exchange Server Zero-Days (Dark Reading) Microsoft updates mitigation for ProxyNotShell Exchange zero days (BleepingComputer) Lloyd's of London investigates possible cyber attack (Reuters) Insurance giant Lloyd's of London investigating cyberattack (The Record by Recorded Future) Russian-speaking hackers knock US state government websites offline (CNN) Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting (FBI and CISA) FBI: Cyberattacks targeting election systems unlikely to affect results (BleepingComputer) Zoom: 1 Phish, 2 Phish Email Attack (Armorblox) Former Uber Security Chief Found Guilty of Obstructing FTC Probe (Wall Street Journal) Former Uber security chief convicted of covering up 2016 data breach (Washington Post) Uber's Former Security Chief Convicted of Data Hack Coverup (Bloomberg) Former Uber Security Chief Found Guilty of Hiding Hack From Authorities (New York Times) Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover Up (SecurityWeek)
Killnet claims a DDoS campaign against Estonia. The head of GCHQ calls Russian cyber operations a failure. US Cyber Command concludes its "hunt forward" mission in cooperation with Croatia. A criminal gang targets the travel and hospitality sectors. Thomas Pace of NetRise shares insights on firmware vulnerabilities. Daniel Floyd from BlackCloak on Quantifying the Business Need for Digital Executive Protection. CISA issues five ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/157 Selected reading. Estonia says it repelled major cyber attack after removing Soviet monuments (Reuters) There's a chance regular people didn't even notice: expert on Russian cyber attack (TVP World) Estonia says it repelled a major cyberattack claimed by Russian hackers. (New York Times) The head of GCHQ says Vladimir Putin is losing the information war in Ukraine (The Economist) Cyber Command deployed 'hunt forward' defenders to Croatia to help secure systems (The Record by Recorded Future) U.S. Cyber Command completes defensive cyber mission in Croatia (CyberScoop) You Can't Audit Me: APT29 Continues Targeting Microsoft 365 (Mandiant) Reservations Requested: TA558 Targets Hospitality and Travel (Proofpoint) Cybercrime Group TA558 Ramps Up Email Attacks Against Hotels (Decipher) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) Siemens Linux-based Products (Update G) (CISA) Siemens Industrial Products LLDP (Update B) (CISA) Siemens OpenSSL Affected Industrial Products (CISA) Mitsubishi Electric MELSEC Q and L Series (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA)
Shuckworm maintains its focus on Ukrainian targets. Killnet's DDoS and dubious proof-of-work. Iron Tiger's supply chain campaign. TikTok and national security. Dinah Davis from Arctic Wolf shares insights on Dark Utilities. Rick Howard digs into identity management. And an arrest in the case of the Tornado Cash crypto mixer. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/154 Selected reading. Shuckworm: Russia-Linked Group Maintains Ukraine Focus (Symantec) Killnet Releases 'Proof' of its Attack Against Lockheed Martin (SecurityWeek) Killnet greift lettisches Parlament an (Tagesspiegel) Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (Trend Micro) How Frustration Over TikTok Has Mounted in Washington (New York Times) 3 ways China's access to TikTok data is a security risk (CSO Online) Arrest of suspected developer of Tornado Cash (FIOD) Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer (The Hacker News) Arrested Tornado Cash developer is Alexey Pertsev, his wife confirms (The Block)