CyberWire Daily

Microsoft takes down the Storm-1152 cybercrime operation. “GambleForce” is a newly discovered threat actor. The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules. In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment with Palo Alto Networks Unit 42’s David Moulton, hear about decoding cyber adversaries. David discusses unveiling intent and behavior in the world of threat hunting with Madeline Sedgwick. Selected Reading Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang (TechCrunch+) New hacker group GambleForce targets government and gambling sites in Asia Pacific using SQL injections (Group-IB) Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (Joint Advisory) Malvertisers zoom in on cryptocurrencies and initial access (MalwareBytes) Russian hacker group claims responsibility for Kyivstar cyberattack (The Kyiv Independent) New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now (The Hacker News) FCC Adopts Updates to Data Breach Rules, Sets Up Privacy Battle (Bloomberg Law) State Dept.’s Fight Against Disinformation Comes Under Attack (The New York Times) Threat Vector. In this Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a Senior Cyber Research Engineer and Threat Analyst for the Cortex Xpanse team at Palo Alto Networks, shares insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. They discuss the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202 with China’s influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202. Tim and Dave discuss China’s influence operations in Taiwan, along with a look back at 2023. Selected Reading UK at high risk of ‘catastrophic ransomware attack’, report says (The Guardian) Roll Call Vote 118th Congress - 1st Session (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today’s Industry Voices segment, my conversation with Andre Durand, CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer’s code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. And 23andMe's controversial update to its terms and conditions. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. Kristie is DXC’s Senior Vice President and Chief Information Officer. Selected Reading China’s cyber army is invading critical US services (Washington Post) Hackers hit Erris water in stance over Israel (Western People) FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Post Gazette) White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) EU reaches deal on landmark AI bill, racing ahead of US (Washington Post) Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (Cisco Talos) Sandman APT | China-Based Adversaries Embrace Lua (SentinelOne) 5Ghoul : Unleashing Chaos on 5G Edge Devices (Singapore University of Technology and Design) MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF (Fortinet) ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware (Security Intelligence) 23andMe changes terms of service amid legal fallout from data breach (Axios) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite AWS re:Invent Alteia and the World Bank assess and enhance road infrastructure data quality at scale using AWS Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research can be found here: Hunting Vulnerable Kernel Drivers Learn more about your ad choices. Visit megaphone.fm/adchoices

Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Allan Liska, creator of Green Archer Comics, shares the first installment in a new comic book series: "Yours Truly, Johnny Dollar #1." The series follows the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, as he takes on ransomware attacks, insider threats and more. The series is based on a popular radio serial of the same name that ran from 1949 through 1962, now reimagined for the digital age. Selected Reading Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (CISA) The cyberattacks also allegedly took aim at U.S. energy networks and American spies. (Wall Street Journal) Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (The Guardian) U.S. Takes Action to Further Disrupt Russian Cyber Activities (US Department of State) Rewards for Justice (Rewards for Justice) Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign (US Department of Justice) United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (US Department of Treasury) Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover (DarkReading) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian influence and cyber operations adapt for long haul and exploit war fatigue (Microsoft) State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (Veracode) ESG Report Operationalizing Encryption and Key Management (Fortanix) Russian opposition activists use QR codes to spread anti-Putin messages (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our 5 question survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan. Todd discusses data resiliency. In an era where ransomware and malicious attacks are relentless, even the most secure organizations are not immune. These attacks can cripple organizations financially, operationally, and damage their reputation and compliance standing. My guest today is Todd Thorsen, CISO from CrashPlan. In this sponsored Industry Voices segment, we delve into crucial strategies for bolstering data resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/232 Selected Reading Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica) CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps (CISA) The Case for Memory Safe Roadmaps (Joint release) HEALTHCARE SECTOR CYBERSECURITY (US Department of Health and Human Services) HHS releases cybersecurity strategy for health care sector (American Hospital Association) Fake Taylor Swift Quotes Are Being Used to Spread Anti-Ukraine Propaganda (WIRED) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Britain summons Russian ambassador over years-long FSB cyberespionage campaign (Reuters) NCSC exposes Russian cyber attacks on UK political processes (ComputerWeekly) Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns (NCSC) Defending Democracy (NCSC) The State of Supply Chain Defense: Annual Global Insights Report (BlueVoyant) 2023 Holiday Bad Bot Report (Kasada) Facebook and Messenger to automatically encrypt messages (BBC) Your mobile password manager might be exposing your credentials (TechCrunch) Dieselgate, but for trains – some heavyweight hardware hacking (BadCyber) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia’s Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK Government's denial of a cyber incident at Sellafield. There’s been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today’s Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today’s Industry Voices segment, we welcome Matt Radolec. Matt is Vice President of Incident Response and Cloud Operations at Varonis. He talks about the intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) Deputy Prime Minister annual Resilience Statement (GOV.UK) Learn more about your ad choices. Visit megaphone.fm/adchoices

The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. Tune in to Microsoft Security’s Afternoon Cyber Tea podcast every other Tuesday on the N2K Network. You can hear Ann’s full interview with Lynn here. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/229 Selected Reading IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA) Water and Wastewater Cybersecurity (CISA) P2Pinfect - New Variant Targets MIPS Devices (Cado) New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Palo Alto Networks Unit 42) XDSpy hackers attack military-industrial companies in Russia (The Record) Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) Hijackable Go Module Repositories (VulnCheck) Learn more about your ad choices. Visit megaphone.fm/adchoices

Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying "I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, "hey, this was a tough day" to, to, into, "all right, uh, this was a tough day because maybe I didn't commit enough time in this area, or maybe I could have had a bit better conversation with this person." We thank Bernard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can be found here: Building an Exploit for FortiGate Vulnerability CVE-2023-27997 Learn more about your ad choices. Visit megaphone.fm/adchoices

Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/228 Selected Reading Wyden to block Senate vote on new NSA, Cyber Command lead (Politico) Meaconing, Intrusion, Jamming, and Interference Reporting (Federation of American Scientists) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) GPS Spoofing Traced To Iran (Location Business News) Adversarial Threat Report, Third Quarter 2023 (Meta) EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’ (The Record) Microsoft warns of new ransomware campaign by Twisted Spider group (Computing) Staples confirms cyberattack behind service outages, delivery issues (BleepingComputer) Technical Report: Large Language Models can Strategically Deceive their Users when Put Under Pressure (Cornell University) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war. On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS’ers are looking for volunteers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner, an XSIAM Consultant at Palo Alto Networks. David and John delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. T-Minus commentary on JAXA’s cyber threat. Dave is joined by T-Minus Space Daily host, Maria Varmazis, to discuss the significant cyber threat faced by Japan’s Aerospace Exploration Agency, known as JAXA. Listen to yesterday’s episode of T-Minus where they covered the incident. Selected Reading ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (Ars Technica) Associated Press, ESPN, CBS among top sites serving fake virus alerts (Malwarebytes) VIDAR INFOSTEALER STEALS BOOKING.COM CREDENTIALS IN FRAUD SCAM (Secureworks) Japan space agency hit with cyberattack, rocket and satellite info not accessed (Reuters) Okta October breach affected 134 orgs, biz admits (The Register) October Customer Support Security Incident - Update and Recommended Actions (Okta) Okta Hack Update Shows Challenges in Rapid Cyber Disclosures (Wall Street Journal) US seizes Sinbad crypto mixer used by North Korean Lazarus hackers (Bleeping Computer) Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency (US Department of Treasury) Crypto Country: North Korea’s Targeting of Cryptocurrency (Recorded Future) New SugarGh0st RAT targets Uzbekistan government and South Korea (Cisco Talos) Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns (Politico) NATO Holds Cyber Defense Exercise as Wartime Hacking Threats Rise (Wall Street Journal) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site. In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resumé after a breach. CyberWire Guest We have 2 guests today. First, Dave recently spoke with Eric Goldstein, Executive Assistant Director at CISA, about their new Secure by Design Alerts program that launched today. And, Tim Starks from the Washington Post’s Cybersecurity 202 stopped by to share some insight into some of the latest trending cybersecurity headlines. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/226 Selected Reading Police dismantle ransomware group behind attacks in 71 countries (Bleeping Computer) Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol (Eurojust) Water and Wastewater Cybersecurity (CISA) (TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Water ISAC) Iran hits Pennsylvania water utility. (CyberWire) North Texas water utility serving 2 million hit with cyberattack (The Record) DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT (Security Affairs) Slovenian power company hit by ransomware (Help Net Security) Qlik Sense Exploited in Cactus Ransomware Campaign (Arctic Wolf) Qlik Sense Enterprise for Windows - New Security Patches Available Now (Qlik) DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters) Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk (Dark Reading) Use IAM securely (Google) Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And there’s discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/225 Giving Tuesday Our team offers up some suggestions for Giving Tuesday should you feel inclined to join us in sharing your time, talents or treasures on this day of giving back. Arizona Cyber Initiative Association for Women in Science BlackGirlsHack Cyber Guild Exceptional Minds G{Code} Girls Who Code Lurie Children's Hospital NFAR Melwood Tech Kids Unlimited WiCyS Women of Cyberjutsu Selected Reading Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states (CNN) Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Ardent Health Services Reports Information Technology Security Incident (BusinessWire) Vanderbilt University Medical Center investigating cybersecurity incident (The Record) Criminal hacking group breaches data, including Premier Health (WDTN 2 News) Global Threat Intelligence Report (Blackberry) ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER (Check Point Research) Operation Electric Powder – Who is targeting Israel Electric Company? (ClearSky Cyber Security) New Rust-based SysJoker backdoor linked to Hamas hackers (Bleeping Computer) WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne) Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media (The Register) Ukraine’s Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Cybercriminals can’t agree on GPTs (Sophos) Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian hacktivists claim an attack on a Pennsylvania water utility. North Korea's increased attention to supply-chains. Rhysida's action against British and Chinese targets. Sandworm activity puts European power utilities on alert. Neanderthals and the Telekopye bot. Mirai-based botnet activity. Our guest is Chris Betz, the new CISO of AWS Security, with insights on the upcoming AWS re:Invent conference. And just how easy is it to track the comings and goings at Mar-a-Lago? CyberWire Guest Our guest today is Chris Betz, the new CISO of AWS Security giving us some insight into what to expect at the AWS re:Invent conference. You can connect with Chris on LinkedIn and find out more about AWS re:Invent on the event website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/224 Selected Reading Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (KDKA News) Iranian-linked cyber army had partial control of Aliquippa water system (Beaver Countian) Cyber Av3ngers Claim Israeli MEKOROT National Water Company Hack (Cyberwarzone) A hack in hand is worth two in the bush (Securelist by Kaspersky) Diamond Sleet supply chain compromise distributes a modified CyberLink installer (Microsoft) UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains (National Cyber Security Centre) Rhysida (SentinelOne) Rhysida, the new ransomware gang behind British Library cyber-attack (The Guardian) RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK (Security Affairs) #StopRansomware: Rhysida Ransomware (CISA) Russia continuing cyberthreats against NATO countries (Defence Industry Europe) Europe’s grid is under a cyberattack deluge, industry warns (Politico) Telekopye: Chamber of Neanderthals’ secrets (ESET) InfectedSlurs Botnet Spreads Mirai via Zero-Days (Akamai) We Spied on Trump’s ‘Southern White House’ From Our Couches (Rolling Stone) Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we invite our very own Chris Hare, N2K's Project Management Specialist Content Developer, to join and discuss her career. Growing up, Chris shares that she wanted to be a veterinarian, which slowly turned into her becoming a writer for the first part of her career. She shares that she started off writing marketing copy for the technology and E-commerce space, writing for everyone from NASA to adopting the written voice of the comedian, Wayne Brady. She shares that she was able to come up into her career after finding three people that were willing to help her when she needed it. She says "I became what I like to think of as a Pied Piper of seeking out three types of people. First, someone who needed help. Second, a person who served as a mechanism for my self improvement through my jealousy of them. And third, a person who gave me the nudge to continuously improve." We thank Chris for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from October 20th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, our very own Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Chicago P.D. Rick's clip from the movie: The Imitation Game Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA issues joint Cybersecurity Advisory on Citrix Bleed. Law enforcement takes down "pig butchering" operations. Altman will return to OpenAI. Israeli honeypots deployed during the war. A renaissance in electronic warfare. And a response in the form of countermeasures. Ihab Shraim, Chief Technology Officer at CSC, shares how the growing popularity of AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world. And online safety during the holidays. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/223 Selected reading. CISA issues joint Cybersecurity Advisory on Citrix Bleed. (CyberWire) Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (U.S. Department of Justice) China Rounds Up 31,000 Suspects in Sweeping ‘Pig-Butchering’ Crackdown (Wall Street Journal) OpenAI Says Sam Altman to Return as CEO (Wall Street Journal) Altman Agrees to Internal Investigation Upon Return to OpenAI (Information) Sam Altman, OpenAI Board Open Talks to Negotiate His Possible Return (Bloomberg) Before Altman’s Ouster, OpenAI’s Board Was Divided and Feuding (New York Times) Altman Argued With OpenAI Board Member Toner Before Ouster (Information) The Invisible War in Ukraine Being Fought Over Radio Waves (New York Times) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) Shopping securely on Black Friday (and beyond). (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/222 Selected reading. Company that created ChatGPT is thrown into turmoil after Microsoft hires its ousted CEO (AP News) The Doomed Mission Behind Sam Altman’s Shock Ouster From OpenAI (Bloomberg) Briefing: OpenAI Execs to Continue Discussions With Altman, Board: Memo (The Information) OpenAI in ‘Intense Discussions’ to Quell Potential Staff Mutiny (Bloomberg) Microsoft Wants to Work With Altman, No Matter What, Says CEO (Bloomberg) Briefing: Microsoft CEO Nadella Says Altman Could End Up at Microsoft or OpenAI; Board Governance Should Change (The Information) Sam Altman's AI 'mission continues' at Microsoft, future of OpenAI and ChatGPT uncertain (ZDNET) OpenAI’s Customers Consider Defecting to Anthropic, Microsoft, Google (The Information) OpenAI’s Board Approached Anthropic About Merger (The Information) The Vast Majority of OpenAI Employees Ask the Board to Resign (The Information) Konni Campaign Distributed Via Malicious Document (Fortinet Blog) Ukraine sacks top cyber defence officials amid graft probe (Reuters) Two top Ukrainian cyber officials dismissed amid embezzlement probe (Record) Ukraine fires top cybersecurity officials (TechCrunch) Ukraine-Russia war: Ukraine sacks 'corrupt' cyber defence chiefs (The Telegraph) Kronos Research halts trading amid $25M API key hack investigation (Cointelegraph) Kronos Research Loses $26 Million in Unauthorized API Access Incident (Bitcoin News) Canadian government discloses data breach after contractor hacks (BleepingComputer) Idaho National Laboratory experiences massive data breach; employee information leaked online (East Idaho News) Detailed data on employees of U.S. national security lab leak online (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices

Leadership turmoil at OpenAI. Citrix Bleed vulnerability implicated in ransomware attacks. QakBot seems to have a successor. The FSB deploys LitterDrifter in cyberespionage against Ukraine. Russian security firm says China and North Korea are the source of most cyberattacks against Russia. Privateers and auxiliaries engage targets of opportunity. Ann Johnson from Afternoon Cyber Tea talks about leading edge cyber innovation with Nadav Zafrir. And alleged war crimes may include cyber operations conducted in support of other, conventional, kinetic war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/221 Selected reading. OpenAI announces leadership transition (OpenAI) A statement from Microsoft Chairman and CEO Satya Nadella (The Official Microsoft Blog) A timeline of Sam Altman’s ouster from OpenAI and Microsoft appointment (Reuters) Sam Altman leaves OpenAI: Everything you need to know (Computing) OpenAI Employees Threaten to Quit Unless Board Resigns (Wall Street Journal) Sam Altman to Join Microsoft Following OpenAI Ouster (Wall Street Journal) Dozens of Staffers Quit OpenAI After Sutskever Says Altman Won’t Return (The Information) AI to accelerate your security defenses (IBM) OpenAI’s Board Set Back the Promise of Artificial Intelligence (The Information) A New AI Lexicon: Existential Risk (AI Now) Hackers Are Exploiting a Flaw in Citrix Software Despite Fix (Bloomberg) Medusa ransomware gang claims Toyota Financial Services hack (Security Affairs) CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack (SecurityWeek) Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks (Record) Are DarkGate and PikaBot the New QakBot? (Cofense) Decrypting Danger: Check Point Research deep-dive into cyber espionage tactics by Russian-origin attackers targeting Ukrainian entities (Check Point Blog) Malware Spotlight - Into the Trash: Analyzing LitterDrifter (Check Point Research) Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine (Security Affairs) Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks (The Hacker News) Remarks by Assistant Secretary Graham Steele at the Federal Insurance Office and NYU Stern Volatility and Risk Institute Conference on Catastrophic Cyber Risk and a Potential Federal Insurance Response (U.S. Department of the Treasury) Russian analysts point finger at China, North Korea over cyber activity (Record) How Pro-Ukrainian Hackers Have Undermined Russia's War Every Step Of The Way (WorldCrunch) Ukraine says it has evidence of 109,000 Russian war crimes (POLITICO) Learn more about your ad choices. Visit megaphone.fm/adchoices

Ian Blumenfeld, a Research Director from Two Six Technologies sits down to share his story with us. Ian begins his story by sharing he wanted to be a scientist, slowly he began to figure out and pinpoint more of what he liked about science, which ended up being math. Ian explains how math began to become a passion for him, and he eventually tried to pursue a career in it by teaching. He discovered teaching was not the thing for him and then started to move into the direction he wanted too, taking on more and more challenging roles until he landed where he is today. Ian says "If you're a smart person and you have skills in coding, you can swim. So it's okay to jump. It's okay to jump into the lake, you can swim. Something will get you out. You will have, you will be able to find a job. So, if you see something that looks cool, if you see something that advances you to the next stage of your career, if you have to take a little bit of a risk, it's okay." Ian wants to be someone who helped make the world a little better when it comes to code and wants to shares his desires and passions with the community. We thank Ian for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi, Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy, VP, Leadership & Business at Skillsoft Lauren Zabierek, Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices

Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focused threat actor, YoroTrooper, to individuals based in Kazakhstan. The research states "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region." They also found that the YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. The research can be found here: Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan Learn more about your ad choices. Visit megaphone.fm/adchoices

Buffy Wajvoda is the Global Leader for Space Solutions Architecture at AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting cybersecurity in the space domain. You can learn more at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS re:Invent The security attendee’s guide to AWS re:Invent 2023- AWS Blog Viasat Deploys Resilient Tactical Edge Capability with AWS- YouTube How We Sent an AWS Snowcone into Orbit- AWS Blog How to improve your security incident response processes with Jupyter notebooks- AWS Blog Supporting security assessors in the Canadian public sector with AWS and Deloitte- AWS Blog Establishing hybrid connectivity within a Canadian Centre for Cyber Security Medium Cloud reference architecture- AWS Blog Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC- AWS Blog Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scattered Spider prompts warnings from CISA and the FBI. Phobos ransomware is an affiliate crimeware-as-a-service program. A "hack-for-hire" contractor. “Scama” in the C2C market. Our guest is Lee Clark from the RH-ISAC with a look at Holiday Season Cyber Threat Trends. Tim Eades from Cyber Mentor Fund shares recent trends in cyber venture capital, with tips on finding a good match. And the tempo of cyber operations in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/220 Selected reading. FBI and CISA Release Advisory on Scattered Spider Group (Cybersecurity and Infrastructure Security Agency | CISA) FBI warns on Scattered Spider hackers, urges victims to come forward (Reuters) U.S. officials urge more information sharing on prolific cybercrime group (CyberScoop) A deep dive into Phobos ransomware, recently deployed by 8Base group (Cisco Talos Blog) Understanding the Phobos affiliate structure and activity (Cisco Talos Blog) Elephant Hunting | Inside an Indian Hack-For-Hire Group (SentinelOne) How an Indian startup hacked the world (Reuters) Scama: Uncovering the Dark Marketplace for Phishing Kits (Vade Secure) Ukraine Tracks a Record Number of Cyber Incidents During War (Bank Info Security) Russia will target other countries for web attacks, Ukraine cyber defence chief warns (The Irish Times) Sandworm Linked to Attack on Danish Critical Infrastructure (Infosecurity Magazine) Why cyber war readiness is critical for democracies (Help Net Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber safety for the holidays. Using regulatory risk to pressure a ransomware victim. A call for regulatory action against a supply chain threat. Rhysida malware: a warning and a description. Extending local breaches in Google Workspace. Protestware in open-source products. GRU's Sandworm implicated in campaign against Danish electrical power providers. Jason Meller, Founder & CEO of Kolide joins us as part of our sponsored Industry Voices segment to discuss the findings from The Shadow IT Report. In this Threat Vector segment, David Moulton sits down with Sama Manchanda, a consultant at Unit 42 to discuss the fascinating world of social engineering attacks. And donation scams: exploiting sympathy. In this Threat Vector segment, David Moulton engages in an enlightening conversation with Sama Manchanda, a consultant at Unit 42. The duo embarks on an exploration of the fascinating world of social engineering attacks, delving into the distinct characteristics of phishing, smishing, and vishing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/219 Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Selected reading. New Visa Report Tells Consumers to Stay Alert this Holiday Shopping Season (Business Wire) Ransomware gang files SEC complaint over victim’s undisclosed breach (BleepingComputer) 11-14-2023 EFF Letter to FTC re: Malware on Android TV Set-Top Boxes (EFF) #StopRansomware: Rhysida Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) Investigating the New Rhysida Ransomware (Fortinet Blog) Analyzing Rhysida Ransomware Intrusion (Fortinet Blog) The Chain Reaction: New Methods for Extending Local Breaches in Google Workspace (Bitdefender) Protestware taps npm to call out wars in Ukraine, Gaza (ReversingLabs) Russia's Sandworm Linked to Unprecedented Danish Energy Hack (Bloomberg). Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (The Hacker News) Denmark hit with largest cyberattack on record (Cybernews) Attackers Exploit Crisis for Fraudulent Crypto Donations (Abnormal) Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices

A look back at Patch Tuesday. BlackCat uses malicious Google ads. Social engineering in the third quarter of 2023. Are small businesses in denial about ransomware? Molerats have some new tools. Israel turns to NSO Group's Pegasus to search for hostages taken by Hamas. Tim Starks from the Washington Post examines the potential aftermath of a Russian group hitting a Chinese bank. In our Learning Layer, Sam Meisenberg helps a student understand and create a strategy for the CISSP CAT. And a cyberespionage campaign is attributed to Russia's SVR. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/218 Selected reading. Adobe Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Fortinet Releases Security Updates for FortiClient and FortiGate (Cybersecurity and Infrastructure Security Agency | CISA) VMware Releases Security Update for Cloud Director Appliance (Cybersecurity and Infrastructure Security Agency | CISA) CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (BleepingComputer) SAP Security Patch Day for November 2023 (Onapsis) The ALPHV/BlackCat Ransomware Gang is Using Google Ads to Conduct… (eSentire) Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage (Kroll) OpenText Cybersecurity 2023 Global Ransomware Survey: The risk perception gap (OpenText Blogs) TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities (Proofpoint) Israel's NSO unleashes controversial spyware in Gaza conflict (Axios) APT29 Attacks Embassies Using CVE-2023-38831 (NCSCC) Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the FBI issue an update on Royal Ransomware. A look at Smash-and-grab ransomware attacks as well as Cloud vulnerabilities. A pre-Black Friday look at card skimmers. Fences, and their place in organized cybercrime. DP World Australia restores port operations. Joe Carrigan on scammers taking advantage of the Bitrex crypto market being shut down. In our Industry Voices segment, Usama Houlila from CrossRealms International shares his insights on the pivotal role of AI in cybersecurity. And LockBit may be drawing unwelcome attention to itself. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/217 Selected reading. #StopRansomware: Royal Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) FBI: Royal ransomware asked 350 victims to pay $275 million (BleepingComputer) The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners (Sophos) Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation (Illumio Cybersecurity Blog) Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season (PR Newswire) Credit card skimming on the rise for the holiday shopping season (Malwarebytes) The Fencers: The Lynchpin of Organized Retail Crime Enterprise (Nisos) DP World cyberattack blocks thousands of containers in ports (BleepingComputer) Operations at Major Australian Ports Significantly Disrupted by Cyberattack (SecurityWeek) Australian Ports Recover From Cyber Incident (Bank Info Security) DP World: Australia sites back online after cyber-attack (BBC News) Australian ports resume some operations after major cyberattack (CNN) Australia Cyberattack Leaves 30,000 Containers Stuck at Ports (Bloomberg) Hacking Gang Behind Attack on Largest Global Lender Says It Got Ransom Payment (Bloomberg) Gang says ICBC paid ransom over hack that disrupted US Treasury market (Reuters) After a surprise cyberattack, the world's largest bank had to shuffle a USB stick around Manhattan to do business (PC Gamer) WSJ News Exclusive | ICBC Hackers Used Methods Previously Flagged by U.S. Authorities (Wall Street Journal) Inside Wall Street's scramble after ICBC hack (Reuters) Did a ransomware gang mess up by attacking a U.S. arm of China’s biggest bank? (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

Australian ports are recovering from a cyberattack. SysAid is hit by Cl0p user Lace Tempest. Ransomware targets China's largest bank. LockBit doxes Boeing as Boeing hangs tough on paying ransom. Docker Engine for DDoS. Rick Howard looks at the SEC’s targeting of SolarWinds’ CISO. And Anonymous Sudan claims attacks on ChatGPT and Cloudflare. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/216 Selected reading. Freight giant DP World recovers from cyber attack, but warns investigation and remediation is 'ongoing' (ABC) DP World port operations in Australia recovering after cyber-attack (The Loadstar) Ransomware attack against China's largest bank. (CyberWire) China's biggest lender ICBC hit by ransomware attack (Reuters) Ransomware attack on ICBC disrupts trades in US Treasury market (Financial Times) Hackers Hit Wall Street Arm of Chinese Banking Giant ICBC (Wall Street Journal) LockBit finally publishes its proof-of-hack as Boeing hangs tough. (CyberWire) SysAid On-Prem Software CVE-2023-47246 Vulnerability (SysAid) Critical Vulnerability: SysAid CVE-2023-47246 (Huntress) SysAid Zero-Day Vulnerability Exploited By Lace Tempest (Rapid7) SysAid vulnerability exploited. (CyberWire) OracleIV - A Dockerised DDoS Botnet (Cado Security) Anonymous Sudan and OpenAI. (CyberWire) Russia-Linked Hackers Claim Credit for OpenAI Outage This Week (Bloomberg) Major ChatGPT Outage Caused by DDoS Attack (SecurityWeek) Anonymous Sudan and Skynet claim Cloudflare DDoS takedown (Cyber Daily) Cloudflare website downed by DDoS attack claimed by Anonymous Sudan (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Grace Cassy, and Associate Fellow from Ten Eleven Ventures sits down to share her career path, getting her to where she is now. Grace spent 10 years in the UK Diplomatic Service, working on global security policy in Asia, Europe, and the Americas. Earlier in her career she was an advisor to Prime Minister Tony Blair, specializing in Asia and national security. She also co-founded Epsilon Advisory Partners, a strategy and growth firm working with world-leading global technology companies and investors. Now she is a Co-founder at CyLon and is an Early Stage Investor in cybersecurity companies. She says "I think we probably don't need too many more words, but we definitely need a bit more action." We thank Grace for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA, FEMA, and Shields Ready. Ransomware operators exploit 3rd-party tools. A Bittrex bankruptcy phishing campaign. Spammers abuse Google Forms quizzes. Imperial Kitten in action against Israeli targets. Iranian cyberattacks against Israel are called "reactive and opportunistic." In our sponsored Industry Voices segment, Adam Bateman from Push Security outlines how attackers are targeting cloud identities. Luke Vander Linden from RH-ISAC speaks with Target's Ryan Miller and Leah Schwartzman about the evolving fraud landscape retailers are facing with the holidays approaching. And Sandworm and Ukraine's power grid: 2022 attacks may foreshadow the winter of 2023 and 2024. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/215 Selected reading. Shields Ready | CISA (Cybersecurity and Infrastructure Security Agency CISA) DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) US Urges Critical Infrastructure Firms to Get “Shields Ready” (Infosecurity Magazine) US launches “Shields Ready” campaign to secure critical infrastructure (CSO Online) DHS Launches New Critical Infrastructure Security and Resilience Campaign (SecurityWeek) Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (FBI) Phishing Attack Driven by Bittrex Bankruptcy (Abnormal) Spammers abuse Google Forms’ quiz to deliver scams (Cisco Talos Blog) IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations (CrowdStrike) Microsoft shares threat intelligence at CYBERWARCON 2023 (Microsoft Security) Iran and Hamas showed no signs of cyber coordination in run-up to war, researchers say (Washington Post) Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) Russian spies behind cyber attack on Ukraine power grid in 2022 - researchers (Reuters) Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption (RadioFreeEurope/RadioLiberty) Ukraine updates: Russia hacked Kyiv's power grid — report – DW – 11/09/2023 (Deutsche Welle) Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes (SecurityWeek) Energy security at forefront of NATO-Ukraine Council meeting (NATO) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security. Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/214 Selected reading. CISA Sees Smooth Election Day Operations, No ‘Credible’ Threats (Meritalk) The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft) Singapore’s Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Chinese APT Targeting Cambodian Government (Unit 42) Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post) Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) Learn more about your ad choices. Visit megaphone.fm/adchoices

Data brokers offer information on active US military personnel. Current BlueNoroff activity. A new Gootloader variant is active in the wild. Atlassian vulnerabilities actively exploited. The prevalence of breaches. Update on a Barracuda vulnerability. Hacktivism and the cyber course of the Hamas-Israel war. Bot-hunting in Ukraine. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Sharon Barber, Chief Information Officer at Lloyds Banking Group, about cyber trends in financial services. Ben Yelin looks at the ease of purchasing US military personnel data from data brokers And election security is in the news–an off-year election is an election nonetheless. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/213 Selected reading. Researchers find sensitive personal data of US military personnel is for sale online (CNN) How foreigners can buy data on US military members, for the right price (POLITICO) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) BlueNoroff strikes again with new macOS malware (Jamf) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 (Rapid7) Armis Research Finds One-Third of Global Organizations Experienced Multiple Security Breaches in Last 12 Months (Armis) Technical analysis: Barracuda Email Security Gateway by Quentin Olagne (Vectra) Maccabi Tel Aviv basketball team website comes under cyber attack (The Jerusalem Post) The Digital Frontline of the Israel-Hamas Conflict Could Extend Long After the War (Inkstick) Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war (SC Media) Israel’s cyber defense chief tells CNN he is concerned Iran could increase severity of its cyberattacks (CNN) SBU blocks 76 bot farms with 3 mln fake accounts since start of full-scale war (Interfax-Ukraine) On Election Day, CISA and Partners Coordinate on Security Operations (Cybersecurity and Infrastructure Security Agency) Cerby Releases “Threat Briefing: Social Media Security and Elections Volume II,” Providing a Detailed Analysis of Security Gaps in Social Media Platforms (Cerby) Learn more about your ad choices. Visit megaphone.fm/adchoices

A precautionary shutdown at a major US mortgage lender. Call centers as targets. A push to decouple data and identity. The cyber front in the Hamas-Israeli war. Hacktivism and state-sponsored cyberattacks against Israel. The instructive case of TASS and managing influence operations. Deepen Desai from Zscaler talking about the TOITOIN Trojan. Our guest is Joe Nocera, of PwC sharing their latest Global Digital Trust Insights survey and the impact of the SEC's new cybersecurity disclosure rules. And cybercrime on the side of Ukraine (or at least, cybercrime against Russia). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/212 Selected reading. Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack (SecurityWeek) TransUnion Report Shows Fraud Attacks on Financial Industry Call Centers Rising (Transunion) A Bold New Plan to Make Cloud Computing More Secure (IEEE Spectrum) The Cyberwarfare Front of the Israel-Gaza War (The National Interest) Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors (Unit 42) GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel (Uptycs) Kremlin Sacks TASS Chief for Wagner Mutiny Coverage (The Moscow Times) Russia's 2nd-Largest Insurer Rosgosstrakh Hacked; 400GB of Data Sold Online (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Learn more about your ad choices. Visit megaphone.fm/adchoices

As we progress in this technological age, both cybersecurity and critical infrastructure continue to be at the forefront of prevention, protection, mitigation, and recovery conversation topics. From a frontline worker to the top of the C-Suite, security is something we all should be aware of and concerned about. The CyberCon event began in 2018 and provides an opportunity to learn more about cybersecurity and critical infrastructure as well as collaborate with fellow security professionals. Dave Bittner recently spoke at CyberCon 2023 at Bismarck State College in North Dakota. While there, he had the opportunity to interview 4 members of the conference planning committee (all past or current chairs of the event) for a better understanding of the event, its focus on a mix of critical infrastructure and cybersecurity, and how the event has evolved over the years. Dave speaks with: Troy Walker, Director of Sales and Marketing at Dakota Carrier Network & 2023 conference chair, sharing the history of CyberCon its unique focus on critical infrastructure and cybersecurity. Tony Aukland, Technology Outreach Manager for the State of North Dakota IT & previous conference chair, giving us the truth about CyberCon and its origin story. Bill Heinzen, Information Security Team Lead at National Information Solutions Cooperative and previous event chair, talking about developing the cybersecurity candidate pool in North Dakota. John Nagel, CEO and Founder of CYBERNET SECURITY and past event chair, discussing sustainability of the CyberCon and its critical infrastructure focus. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jeffrey Wheatman, Cyber Risk Evangelist, from Black Kite joins to share his amazing story. As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremost as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs. In his current role as Cyber Risk Evangelist at Black Kite, Jeffrey works to get the message out about the business impact of third-party risk and solutions to treat those risks. Jeffrey shared his career, along with is passion for cyber by explaining some of the roles he did moving up into his role today. He says as a leader we all need to be aware of the fact that "We make mistakes and I I'm a, I'm a big believer in sharing those mistakes and I think it's important to open the raincoat as it were, and let people understand that we're not perfect, we all need help and then that way they feel comfortable coming to you and asking for help" We thank Jeffrey for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman. The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, they call this malware "LuaDream," which exfiltrates system and user information, paving the way for further precision attacks. The research can be found here: Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit Learn more about your ad choices. Visit megaphone.fm/adchoices

An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evidence of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a lesson from Russia's war: cyber defense now has the advantage over cyber offense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/211 Selected reading. Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware (SecurityWeek) HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (BleepingComputer) Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 (Huntress) Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 (Rapid7) HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation (U.S. Department of Health and Human Services) AP news site hit by apparent denial-of-service attack (AP News) Associated Press hit by Anonymous Sudan DDoS attack? (Tech Monitor) Satellites and social media offer hints about Israel's ground war strategy in Gaza (NPR) Revisiting the Gaza Hospital Explosion (New York Times) Microsoft Vows to Revamp Security Products After Repeated Hacks (Bloomberg) A new world of security: Microsoft’s Secure Future Initiative (Microsoft On the Issues) Announcing Microsoft Secure Future Initiative to advance security engineering (Microsoft Security) Ukraine at D+617: Advantage defense. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SEC’s case against Solar Winds. In today’s Threat Vector segment David Moulton from Unit 42 is joined by Matt Kraning of the Cortex Expanse Team for a look at Attack Surface Management. And Venomous Bear rolls out some new tools. On the Threat Vector segment, David Moulton, Director of Thought Leadership for Unit 42, is joined by Matt Kraning, CTO of the Cortex Expanse Team. They dive into the latest Attack Surface Management Report. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/210 Threat Vector Read the Attack Surface Management Report. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Selected reading. The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (GOV.UK) US Vice President Harris calls for action on "full spectrum" of AI risks (Reuters) Elastic catches DPRK passing out KANDYKORN (Elastic Security Labs) North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware (The Hacker News) Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic (Cointelegraph) An info-stealer campaign is now targeting Facebook users with revealing photos (Record) Mass Exploitation of 'Citrix Bleed' Vulnerability Underway (SecurityWeek) MuddyWater eN-Able spear-phishing with new TTPs | Deep Instinct Blog (Deep Instinct) Centre's Cyber Watchdog CERT-In To Probe iPhone "Hacking" Attempt Charges (NDTV.com) Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) (Unit 42) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Hamas-Israel war continues to be marked by hacktivism. Arid Viper's exploitation of Arabic speaker's Android devices. Iran shows improved cyberespionage capabilities. A URL shortener in the C2C market. Taking down the Mozi botnet. Ransomware in healthcare. Two are Russians arrested on treason charges, accused of hacking for Ukraine. In our sponsored Industry Voices segment, Anna Belak from Sysdig shares a new threat framework for the cloud. Rick Howard previews his new online course on cyber security first principles. And no, Russia hasn’t really replaced its currency with Arctic Ocean gastropods. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/209 Selected reading. ‘Hacktivists’ join the front lines in Israel-Hamas war (C4ISRNet) The global cyber divide between Gaza and Israel - IT-Online (IT-Online) Arid Viper disguising mobile spyware as updates for non-malicious Android applications (Cisco Talos Blog) In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities (New York Times) FBI ‘keeping a close eye’ on Iranian hackers as Israel-Hamas war intensifies (Record) Why Iran Is Gambling on Hamas (Foreign Affairs) To Aid and Abet: Prolific Puma Helps Cybercriminals Evade Detection (Infoblox Blog) Who killed Mozi? Finally putting the IoT zombie botnet in its grave (ESET) The State of Ransomware in Healthcare 2023 (Sophos) Russian security service detains two hackers allegedly working for Ukraine (Record) Pro-Ukraine group says it breached Russian card payment system (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious packages are found attached to NuGet. Russia will establish its own substitute for VirusTotal. Commodity tools empower low-grade Russian cybercriminals. Malware mealkits, and other notes from the cyber underground. Insights from a Cybersecurity workforce study. Mr Security Answer Person John Pescatore looks at MFA. Drew Rose from Living Security on the very scary human side of cyber attacks. And more details from President Biden’s Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/208 Selected reading. IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations (ReversingLabs) Russia to launch its own version of VirusTotal due to US snooping fears (Record). Russian hacking tool floods social networks with bots, researchers say (Record) How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime (Trend Micro) HP Wolf Security Threat Insights Report Q3 2023 (HP Wolf Security) How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce (ISC2) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (The White House) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Hive ransomware gang may be back, and rebranded. Coinminers exploit AWS IAM credentials. LockBit claims to have obtained sensitive information from Boeing. Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory, while internet and telecoms are down in Gaza. Deepfakes have an effect even when they're not used. Joe Carrigan explains executive impersonations on social media. Our guest is David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security firm, ForAllSecure, discussing spooky zero days and vulnerabilities. And President Biden releases a US Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/207 Selected reading. New Hunters International ransomware possible rebrand of Hive (BleepingComputer) CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys (Palo Alto Networks Unit 42) Boeing assessing Lockbit hacking gang threat of sensitive data leak (Reuters) Ukrainian hackers disrupt internet providers in Russia-occupied territories (Record) Israel steps up air and ground attacks in Gaza and cuts off the territory's communications (AP News) The Destruction of Gaza’s Internet Is Complete (WIRED) Rocket Alert Apps Warn Israelis of Incoming Attacks While Gaza Is Left in the Dark (WIRED). Elon Musk’s Starlink to help Gaza amid internet blackout (Record) Families of Hostages Kidnapped by Hamas Turn to Phone Pings for Proof of Life (WIRED) Israel Taps Blacklisted Pegasus Maker to Track Hostages in Gaza (Bloomberg) A.I. Muddies Israel-Hamas War in Unexpected Way (New York Times) FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (The White House) Administration Actions on AI (AI.gov) The US Executive Order on artificial intelligence is out. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this CyberWire classic. They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices