An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
CyberWire Daily · N2K Networks
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Fangxiao works ad scams enroute to other compromises. Killnet claims to have defaced a US FBI site. CISA registers another Known Exploited Vulnerability. Difficulties with Twitter's SMS 2FA system. Zendesk vulnerability discovered. Joe Carrigan explains registration bombing for email addresses. Our guest is Miles Hutchinson from Jumio with insights on defense against sophisticated ransomware attackers. And Billbug romps through Asian government agencies.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/219
Selected reading.
Fangxiao: a Chinese threat actor (Cyjax)
Fangxiao: A Phishing Threat Actor (Tripwire)
Russian hackers claim cyber attack on FBI website (Newsweek)
CISA Has Added One Known Exploited Vulnerability to Catalog (CISA)
Twitter’s SMS Two-Factor Authentication Is Melting Down (WIRED)
Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk (Varonis)
Chinese hackers target government agencies and defense orgs (BleepingComputer)
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (The Hacker News)
Learn more about your ad choices. Visit megaphone.fm/adchoices