CyberWire Daily

Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique insights on embracing the responsibility of serving as a role model to women aspiring to contribute to the cybersecurity field, and the importance of building a diverse team. She says "Really, it's about building community in your organization and outside your organization of strong women or strong friends that you have that you can lean on when you know you're the only person in the room." We thank Nicole for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware called HiatusRAT that targeted business-grade routers. The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observed reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations." This shift in information gathering and targeting preference exhibited in the latest campaign is synonymous with the strategic interest of the People’s Republic of China according to the 2023 ODNI threat assessment. The research can be found here: No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action Learn more about your ad choices. Visit megaphone.fm/adchoices

Eastern European gangs overcome their reservations about working with anglophone criminals. Mirth Connect is vulnerable to a critical flaw. A look at a mercenary spyware strain. “PepsiCo” as phishbait. Ben Yelin explains the FCC’s renewed interest in Net Neutrality. Our guest is Wade Baker from the Cyentia Institute with insights on measuring risk. And Europol thinks police should take a good look at quantum computing and law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/206 Selected reading. Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction (Microsoft Security) MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (Record) Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data (SecurityWeek) Examining Predator Mercenary Spyware (HYAS) Fresh Phish: The Case of the PepsiCo Procurement Ploy (INKY) U.S. Tries New Tack on Russian Disinformation: Pre-Empting It (New York Times) ESET APT Activity Report Q2–Q3 2023 (We Live Security) Russian hackers claim takedown of WA’s Transperth transport agency with DDoS attack (Cyber Daily) The Second Quantum Revolution: The impact of quantum computing and quantum technologies on law enforcement (Europol Innovation Lab) Learn more about your ad choices. Visit megaphone.fm/adchoices

StripedFly gets reclassified. YoroTrooper is interested in the Commonwealth of Independent States. The current state of DDoS attacks. Ukrainian hacktivists deface Russian artists' Spotify pages. Trolls amplify a Musky meme. In our Industry Voices segment, Matt Howard from Virtru explains securing data at the employee edge. Our guest is Seth Blank from Valimail, to discuss email security and DMARC. And while trolls might like Mr.Musk, the crooks heart Mr. Gosling. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/205 Selected reading. Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner (Zeroday) Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan (Cisco Talos Blog) DDoS threat report for 2023 Q3 (The Cloudflare Blog) Russian artists’ Spotify accounts defaced by pro-Ukraine hackers (Record) Elon Musk Mocked Ukraine, and Russian Trolls Went Wild (WIRED) Ryan Gosling Tops McAfee’s 2023 Hacker Celebrity Hot List (Business Wire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And Winter Vivern exploits a mail service 0-day. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/204 Selected reading. AI vs. human deceit: Unravelling the new age of phishing tactics (Security Intelligence) Ransomware attacks on US healthcare organizations cost $20.8bn in 2020 (Comparitech) Cyberattack at 5 southwestern Ontario hospitals leaves patients awaiting care (CBC News) State of Security for Financial Services (Swimlane) Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services (Business Wire) Hamas’ online infrastructure reveals ties to Iran APT, researchers say (CSO Online) Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future (Recorded Future) Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities (Record) Bloomberg: Russia steps up cyberattacks to disrupt Ukraine’s key services (Euromaidan) Pro-Russia group behind today’s mass cyberattack against Czech institutions (Expats.cz) Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers (We Live Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank. How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexity. And hey, Marianne–don’t let the bedbugs bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/203 Selected reading. Cyber attacks in the Israel-Hamas war (The Cloudflare Blog) China's crackdown on cyber scams in Southeast Asia ensnares thousands but leaves the networks intact (AP News) 12 people arrested for bank malware scam, youngest being just 17 (The Independent Singapore News) Spain arrests 34 cybercriminals who stole data of 4 million people (BleepingComputer) Police Disrupt Ragnar Locker Ransomware Group (Infosecurity Magazine) Ragnar Locker Ransomware Boss Arrested in Paris (Dark Reading) E-Root marketplace credential-selling admin extradited to US (Register) Ukraine security services involved in hack of Russia’s largest private bank (Record) NordVPN study: Privacy policy awareness (NordVPN) Russia spread bedbug panic in France, intelligence services suspect (The Telegraph) Learn more about your ad choices. Visit megaphone.fm/adchoices

Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for the next Super BowI. And the International Criminal Court confirms that it’s sustained a cyberespionage incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/202 Selected reading. Okta says hackers used stolen credentials to view customer files (Record) Cisco discloses new IOS XE zero-day exploited to deploy malware implant (BleepingComputer) Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers (IC3) A stern glance from all Five Eyes. (CyberWire) DarkGate malware campaign (WithSecure) The Fraud Next Door: First-Party Fraud Runs Rampant in America (PR Newswire) Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups (Wall Street Journal) Israel's burial society website comes under cyberattack (Jerusalem Post) Sheba Medical Center Hit by Cyber Attack (Jewish Press) Health Ministry disconnects the remote connection of several hospitals following cyber attack (Jerusalem Post) EU asks Meta, TikTok to account for their response to Israel-Hamas disinformation (Record) Pro-Palestinian creators use secret spellings, code words to evade social media algorithms (Washington Post) Web Summit CEO resigns after comments on Israel-Hamas conflict (Reuters) YouTube is Autogenerating Videos for Songs Advocating the Expulsion of Muslims from India (bellingcat) Palestinians Claim Social Media 'Censorship' Is Endangering Lives (WIRED) International Criminal Court says cyberattack was attempted espionage (TechCrunch) War crimes tribunal says September cyberattack was act of espionage (Record) International Criminal Court investigating “unprecedented” cyberattack (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we welcome Jennifer Reed, a Principal Solutions Architect at Amazon Web Services (AWS) to sit down and share her amazing story. After Jennifer graduated high school, she immediately went into Marine Corps training, which she shared was a shock to her because she was the only woman when she got out into the fleet and every single place that she went. She eventually moved on from the military after learning some programming tools, and went into the financial services industry doing systems engineering. She got called back to active duty, and then afterwards landed at AWS. She shares that being a woman in this industry can be challenging at time, but she says "I do feel, um, good about the things I've overcome, but I also don't want it to be so hard for the next person, if that makes sense. I don't want them to have to have those same struggles to kind of overcome any perceptions that someone might have due to their their gender or their background." We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation." Attackers are targeting what are typically considered secure AWS services, like AWS Fargate and Amazon SageMaker. This means that defenders generally aren’t as concerned with their security from end-to-end. The research states "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances." This poses additional challenges targeting multiple services since it requires finding and killing all miners in each exploited service. The research can be found here: AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivism and influence operations in the Hamas-Israel war. An OilRig cyberespionage campaign prospects a Middle Eastern government. Emailed bomb threats in the Baltic. Darkweb advertising yields insight into ExelaStealer malware. Casio discloses breach of customer data. The FCC proposes a return to net neutrality, while Consumer Financial Protection Bureau proposes data-handling rules under Dodd-Frank. Deepen Desai from ZScaler shares insights on MOVEit transfer vulnerabilities. Our own Simone Petrella speaks with Google’s Tatyana Bolton about the challenges of bridging the cyber talent gap. And RagnarLocker has been taken down by international law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/201 Selected reading. Intel, defense officials tell senators that Israel did not strike hospital (The Hill) Early U.S. and Israeli Intelligence Says Palestinian Group Caused Hospital Blast. Cyberattacks linked to Israel-Hamas war are soaring (Fast Company) NSO, Israeli cyber firms help track missing Israelis and hostages (Haaretz) Lithuanian interior minister says emailed bomb threats are coordinated regional cyber-attack (Baltic Times) Another InfoStealer Enters the Field, ExelaStealer (Fortinet Blog) Q3 Report: Email Threat Trends Latest edition: PDF Popularity, Callback Phishing and Redline Malware (VIPRE) Casio Issues Apology and Notice Concerning Personal Information Leak Due to Unauthorized Access to Server | CASIO (CASIO Official Website) Human Error: Casio ClassPad Data Breach Impacting 148 Countries (Hackread) Casio data breach 2023 caused worldwide panic (Dataconomy) Casio discloses data breach impacting customers in 149 countries (BleepingComputer) FCC Revives ‘Net Neutrality,’ Proposes New Regulations for Internet Service (Wall Street Journal) FCC begins second quest for net neutrality (TechCrunch) CFPB Proposes Rule to Jumpstart Competition and Accelerate Shift to Open Banking (Consumer Financial Protection Bureau) RagnarLocker ransomware dark web site seized in international sting (TechCrunch) Ragnar Locker ransomware site taken down by FBI, Europol (Record) One of the most destructive ransomware gangs is being taken down by law enforcement (Axios) Learn more about your ad choices. Visit megaphone.fm/adchoices

Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On today’s Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick Howard talks with Jen Miller Osborn about the 10th anniversary of ATT&CKcon. And the epistemology of open source intelligence: tweets, TikToks, Instagrams–they’re not necessarily ground truth. Threat Vector To delve further into this topic, check out this upcoming webinar by Palo Alto's Unit 42 team on November 9, 2023, "The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations." Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/200 Selected reading. Government-backed actors exploiting WinRAR vulnerability (Google) The forgotten malvertising campaign (Malwarebytes) Hacker leaks millions of new 23andMe genetic data profiles (BleepingComputer) Exploring The Malicious Usage of QR Codes (SlashNext |) How to Protect Against Evolving Phishing Attacks (National Security Agency/Central Security Service) GuidePoint Research and Intelligence Team’s (GRIT) 2023 Q3 Ransomware Report Examines the Continued Surge of Ransomware Activity (GuidePoint) Ukrainian activists hack Trigona ransomware gang, wipe servers (BleepingComputer) Navigating the Mis- and Disinformation Minefield in the Current Israel-Hamas War (ZeroFox) War Tests Israeli Cyber Defenses as Hack Attempts Soar (Bloomberg) U.S. says Israel ‘not responsible’ for Gaza hospital blast; Biden announces ‘unprecedented’ aid package in speech (Washington Post) Three clues the Ahli Arab Hospital strike came from Gaza (The Telegraph) Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know What’s Real (WIRED) ‘Verified’ OSINT Accounts Are Destroying the Israel-Palestine Information Ecosystem (404 Media) Learn more about your ad choices. Visit megaphone.fm/adchoices

Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator’s ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's Sam Meisenberg is joined by Phil, an N2K client who leads Talent Development at a large telecommunication company. They discuss the challenges and best practices of rolling out a large-scale corporate re-skilling program, including increasing learner engagement, accountability, and the importance of internal talent development and recognition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/199 Selected reading. Blast kills hundreds at Gaza hospital; Hamas and Israel trade blame, as Biden heads to Mideast (AP News) In deadly day for Gaza, hospital strike kills hundreds (Reuters) Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine (ComputerWeekly.com) Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine) Israel-Hamas war illuminates trouble with political hacking groups (Axios) ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE (CYFIRMA) Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation (New York Times) Hamas Hijacked Victims’ Social Media Accounts to Spread Terror (New York Times) TV advertising sales giant affected by ransomware attack (Record) Chilean government warns of Black Basta ransomware attacks after customs incident (Record) Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks (Cado Security) DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future (DigiCert) SpyNote Android malware spreads via fake volcano eruption alerts (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measuring human risk. And, as always, criminals see misery as opportunity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/198 Selected reading. Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information (The Cloudflare Blog) Disclosing the BLOODALCHEMY backdoor (Elastic Security Labs) BLOODALCHEMY provides backdoor to ASEAN secrets (Register) Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos Blog) Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica) Cisco warns of actively exploited zero-day in IOS XE software (Computing) Widespread Cisco IOS XE Implants in the Wild (VulnCheck) Steam enforces SMS verification to curb malware-ridden updates (BleepingComputer) Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide (Cybersecurity and Infrastructure Security Agency) CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (The Hacker News) CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations (Cluster25) Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (The Hacker News) Cyberattack targets Belgian public service websites for second time in a week (Brussels Times) Spam trends of the week: Spammers piggyback on the Israel-Gaza war to plunder donations (Hot for Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivism and disinformation in the war between Hamas and Israel. LockBit claims an attack on CDW. Shadow PC's breach. Void Rabisu deploys a lightweight RomCom backdoor against the Brussels conference. Rick Howard describes Radical Asymmetric Distribution. Our guest is Jason Birmingham from Broadridge Financial Solutions with a look at asset management. And coin mining as a potential front for espionage or a staging area for sabotage. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/197 Selected reading. How hackers piled onto the Israeli-Hamas conflict (POLITICO) Israel-Gaza War Now Includes Accompanying Cyber Warfare (Channel Futures) How Cyberattacks Could Affect the Israel-Hamas War (Bank Info Security) Medical aid for Palestinians website under cyber attack affecting relief efforts (mint) Rumors of a ‘Global Day of Jihad’ Have Unleashed a Dangerous Wave of Disinformation (WIRED) Hamas in rare English ‘press conference’ as it tries to counter global condemnation (The Telegraph) In Israel-Hamas conflict, social media become tools of propaganda and disinformation (DFRLab) A flood of misinformation is shaping how panicked citizens, global public view the war (Washington Post) How Israel-Hamas War Misinformation Is Spreading Online (TIME) Misinformation Is Warfare (TIME) Meta responds to EU misinformation concerns regarding Israel-Hamas conflict (Engadget) Briefing: Meta Details Efforts to Remove War-Related Disinformation (The Information) Cloud gaming firm Shadow says hackers stole customers' personal data (TechCrunch) PC streaming service Shadow discloses security breach (The Verge) Shadow silent on data breach as hacked data appears genuine (TechCrunch) 530K people's info stolen from cloud PC gaming's Shadow (Register) CDW investigating ransomware gang claims of data theft (Record) Lockbit ransomware gang demanded an 80 million ransom to CDW (Security Affairs) Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (Trend Micro) Women Political Leaders Summit targeted in RomCom malware phishing (BleepingComputer) Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (New York Times) Learn more about your ad choices. Visit megaphone.fm/adchoices

Susan Hinrichs, Chief Scientist at Aviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and academic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect at Cisco where she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for eight years at the University of Illinois at Urbana-Champaign (UIUC) where she developed a hands-on Security Lab introduction course for students in her first year, and later in her tenure, along with two colleagues, created a malware analysis course designed for senior students. With all of the amazing things she's done in her career, she shares the advice to new comers into the field, saying "I think also as you're trying to get that next job either as a student or as a professional trying to change direction a little bit, if you're coming into interviews being able to talk about a project that you worked on, even if it's not a project that really anyone uses, but if it's something that's interesting that you have in depth understanding of, uh, I think is super valuable to get you noticed." We thank Susan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat research team identified a new threat referred to as QwixxRAT. The Uptycs team discovered this tool being widely distributed by the threat actor through Telegram and Discord platforms. The research states "QwixxRAT is meticulously designed to harvest an expansive range of information from browser histories and credit card details, to keylogging insights." This newly found tool poses a risk to both businesses and individual users Unwanted Guests: Mitigating Remote Access Trojan Infection Risk Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivism and nation-state involvement in the cyber phases of war in the Middle East, and the use of Telegram. Russian groups squabble online. Healthcare cybersecurity and its implications for patient care. The Looting of FTX on the day of its bankruptcy. Joe Carrigan shares research from the Johns Hopkins University Information Security Institute. Our guest is Mike Walters from Action1, marking the 20th anniversary of Patch Tuesday. And CISA releases two new resources against ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/196 Selected reading. Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) Israel Sees Cyber Incursions Across Digital Systems (Wall Street Journal) Hackers infiltrated Israeli smart billboards to post pro-Hamas messages, reports say (Business Insider) THE HAMAS ISRAEL : CONFLICT EXPLAINER - CYFIRMA (CYFIRMA) The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram (Flashpoint) Cyber Aggression Rises Following the October 2023 Israel-Hamas Conflict (Radware) EU opens probe into X over Israel-Hamas war misinformation (Financial Times) EU opens formal investigation into illegal content on X (Computing) X removes hundreds of Hamas-affiliated accounts since attack, CEO says (Reuters) US cyber agencies in 'very close contact' with Israel after unprecedented Hamas attacks (Nextgov.com) Five threats security pros everywhere need to focus on as the Middle East war escalates (SC Media) Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023 (Proofpoint) New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers (WIRED) CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware | CISA (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists join both sides of Hamas's renewed war. Disinformation and content control in social media. Storm-0062 exploits an Atlassian 0-day. Curl and Libcurl vulnerabilities. Betsy Carmelite from Booz Allen on how to expand and diversify the Cyber Talent Pool. Our guest is Kuldip Mohanty, CIO of North Dakota. And some further reflections on hacktivism and the laws of war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/195 Selected reading. False Alarm of Hezbollah Aircraft Infiltration Underlines Israeli Concern of Multi-Front War (FDD) Israel-Hamas conflict extends to cyberspace (CSO Online) Hamas-Israel Cyber War Escalates: What We Know So Far (Technopedia) Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) X promises 'highest level' response on posts about Israel-Hamas war. Misinformation still flourishes (AP News) Europe gives Mark Zuckerberg 24 hours to respond about Israel-Hamas conflict and election misinformation (CNBC) Elon Musk Is Shitposting His Way Through the Israel-Hamas War (WIRED) Facebook video of Biden prompts probe into Meta content policy (Financial Times) MIDDLE EAST : A CYBER ARMS RACE (CYFIRMA) Storm0062 exploits Atlassian 0-day. (CyberWire) Curl and Libcurl vulnerabilities. (CyberWire) Ukraine at D+595: Sabotage in the Baltic Sea. (CyberWire) A Hacktivist Code of Conduct May Be Too Little Too Late (OODA Loop) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber operations in Hamas's war, Cryptocurrency as a source of funding, and Russian hacktivist auxiliaries shifting their focus. Not all influence operations involve disinformation. Rapid Reset is a Novel DDoS attack. A resurgent credential phishing campaign. Ann Johnson from Afternoon Cyber Tea speaks with Ram Shankar Siva Kumar and Dr. Hyrum Anderson about the promise, peril, and impact of AI. Our own Rick Howard talks cyber intelligence in the medical vertical with Taylor Lehmann of Google. And a quick look back at Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/194 Selected reading. Hackers make their mark in Israel-Hamas conflict (Axios) Hacktivists take sides in Israel-Palestinian war (Record) Cyberattacks Targeting Israel Are Rising After Hamas Assault (Time) Hacktivists stoke Israel-Gaza conflict online (Reuters) Hackers, some tied to Russia, target Israeli media and government websites (MSN) Hamas Militants Behind Israel Attack Raised Millions in Crypto (Wall Street Journal) Cryptocurrency fueled Hamas' war machine (Quartz) The Israeli police cyber unit, Lahav 433, has frozen the cryptocurrency accounts of Hamas (Odessa Journal) U.S. surging cyber support to Israel (POLITICO Pro) Savvy Israel-linked hacking group reemerges amid Gaza fighting (CyberScoop) Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) Hamas Seeds Violent Videos on Sites With Little Moderation (New York Times) Social media platforms foment disinformation about war in Israel (Record) Hamas terrorists post murder of Israeli grandmother on her Facebook page (The Telegraph) How to limit graphic social media images from the Israel-Hamas war (Washington Post) Briefing: EU Commissioner Asks Musk for Information on “Illegal Content and Disinformation” Spreading on X (The Information) EU warns Elon Musk of 'penalties' for disinformation circulating on X amid Israel-Hamas war (CNN) Hamas Got Around Israel’s Surveillance Prowess by Going Dark (Bloomberg) ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History (SecurityWeek) New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records (BleepingComputer) The largest cyberattack of its kind recently happened. Here’s how. (Washington Post) New technique leads to largest DDoS attacks ever, Google and Amazon say (Record) HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 (Cybersecurity and Infrastructure Security Agency CISA) LinkedIn Smart Links Fuel Credential Phishing Campaign (Cofense) Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business (SecurityWeek) Microsoft's October Patch Tuesday update resolves three zero-days (Computing) Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop (SecurityWeek) Citrix Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheon’s Jon Check about supporting and shaping the next generation of the cyber workforce. Grady Summers from SailPoint outlines the importance of organizations managing and protecting access to critical data. And a look at CISOs willingness to pay ransom. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/193 Selected reading. The Israel-Hamas War Is Drowning X in Disinformation (WIRED) As false war information spreads on X, Musk promotes unvetted accounts (Washington Post) Elon Musk’s X Cut Disinformation-Fighting Tool Ahead of Israel-Hamas Conflict (The Information) US opinion divided amid battle for narrative over Hamas attack on Israel (the Guardian) Zelensky Compares Assault by Hamas on Israel to Moscow’s Invasion of Ukraine (New York Times) Russia cites ‘concern’ but does not condemn Hamas attack on Israel (Washington Post) The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape (ReliaQuest) Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App Hacktivism erupts in Middle East as Israel declares war (Register) The Israel-Hamas War Erupts in Digital Chaos (WIRED) Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks (SecurityWeek) Israel’s government, media websites hit with cyberattacks (Cybernews) Website of Jerusalem Post crashes after multiple cyberattacks (OpIndia) Ukraine cyber-conflict: Hacking gangs vow to de-escalate (BBC News) North Korea Suspected in Massive Hack of DeFi Project Mixin (OODA Loop) Assessed Cyber Structure and Alignments of North Korea in 2023 (Mandiant) Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan (Symantec) The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages (Akamai) Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service (Hack Read) 23andMe user data breached in credential-stuffing attack (Engadget) ‘Your DNA is for sale on the black market’: 23andMe data breach exposes customers (The Daily Dot) 23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (WIRED) 23andMe data breach affects a million users with Jewish heritage (Dataconomy) D.C. voter records for sale in cybercrime forum (CyberScoop) Hackers access voter information in DC Board of Elections data breach (WTOP News) DC Board of Elections investigates voter data breach (NBC4 Washington) The CISO Report (Splunk) October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty (Help Net Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. You can view the video of this interview here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Susie Squier, President of the Retail and Hospitality ISAC, or Information Sharing and Analysis Center, sits down to share her incredible story starting to get her into the cyber community. She first started getting into PR through an internship she did in college, then moved around a few times gaining experience everywhere she went. Susie shares some wise advice, discussing not only her managing style, but also how she handles situations, along with how she deals with adversity. She says "I also have realized over time that I'm never in this alone, whether that's your personal life or your work life and even here, uh, in addition to a great team, all great team." She hopes people will jump in to the world of cyber with an open mind, and though it may be frightening at first, she says you just need to dive in anyway and not be afraid to try new things. We thank Susie for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collection operation to decode DuckTail’s maneuvers. Through an intensive three-month period of monitoring, Zscaler was able obtain unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. The research states "DuckTail threat actors primarily target users working in the digital marketing and advertising space. Unfortunately, the tech layoffs occurring in 2022 and 2023 introduced more eager candidates into the digital market - meaning more prime targets for DuckTail." The research can be found here: A Look Into DuckTail Learn more about your ad choices. Visit megaphone.fm/adchoices

NSA and CISA release a list of the ten most common misconfigurations along with Identity and access management guidelines. The Predator Files. Cyber cooperation between Russia and North Korea. Hacktivist auxiliaries hit Australia. Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law. The direction of Russian cyber operations. Dave Bittner speaks with Andrea Little Limbago from Interos to talk about geopolitics, cyber and the C-suite. Rick Howard talks with John Hultquist, Chief Analyst at Mandiant, at the mWISE 2023 Cybersecurity Conference about cyber threat intelligence. And, finally, adventures in catphishing: “LoveGPT.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/192 Selected reading. NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations (Cybersecurity and Infrastructure Security Agency CISA) CISA and NSA Release New Guidance on Identity and Access Management (Cybersecurity and Infrastructure Security Agency CISA) Microsoft Digital Defense Report 2023 (Microsoft) Predator Files | EIC (European Investigative Collaborations) Meet the ‘Predator Files,’ the latest investigative project looking into spyware (Washington Post) NORTH KOREA–RUSSIA SUMMIT : A NEW ALLIANCE IN CYBERSPACE? - CYFIRMA (CYFIRMA) Australia’s home affairs department hit by DDoS attack claimed by pro-Russia hackers (the Guardian) Pro-Russia hacktivist group targets Australian government agencies over support for Ukraine (Cyberdaily.au) Home Affairs, Administrative Appeals Tribunal websites hit by cyber attacks (SBS News) ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines (Record) Espionage fuels global cyberattacks (Microsoft On the Issues) LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT (Avast Threat Labs) Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple patches actively exploited iOS 17 vulnerability. Qakbot's survival of a major takedown. BADBOX puts malware into the device supply chain. LoonyTunables and a privilege-escalation risk. Scattered Spider believed responsible for cyberattack against Clorox. Sony discloses information on its data breach. In today’s Threat Vector segment, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. Dave Bittner sits down with Eric Goldstein, Executive Assistant Director at CISA, to discuss shared progress against the ransomware threat. And the Kremlin tightens control over the Russian information space. On this segment of Threat Vector, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/191 Selected reading. Apple emergency update fixes new zero-day used to hack iPhones (BleepingComputer) Apple releases iOS 17.0.3 to address iPhone 15 overheating issues (Computing) Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day (SecurityWeek) Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (Cisco Talos Blog) HUMAN Disrupts Digital Supply Chain Threat Actor Scheme Originating from China (HUMAN) Trojans All the Way Down: BADBOX and PEACHPIT (Human) 'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover (Dark Reading) Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions (The Hacker News) Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg) Clorox Warns of a Sales Mess After Cyberattack (Wall Street Journal) Sony confirms data breach impacting thousands in the U.S. (BleepingComputer) Sony sent data breach notifications to about 6,800 individuals (Security Affairs) Russian Offensive Campaign Assessment, October 4, 2023 (Institute for the Study of War) Learn more about your ad choices. Visit megaphone.fm/adchoices

EvilProxy phishes for executives. Typosquatting to deliver a rootkit. Stream-jacking on YouTube. A global look at risk management. Assistance from a diverse set of international partners. In our Solution Spotlight segment, Simone Petrella speaks with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. Dave Bittner previews the 3rd annual SOC Analyst Appreciation Day with Kayla Williams of Devo. And some guidelines for hacktivists engaged in hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/190 Selected reading. EvilProxy Phishing Attack Strikes Indeed (Menlo Security) Typosquatting campaign delivers r77 rootkit via npm (ReversingLabs) A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular (Bitdefender Labs) The C-suite playbook: Putting security at the epicenter of innovation (PwC) European Peace Foundation (EPF) opens cyber classroom for Ukrainian Armed Forces - EU NEIGHBOURS east (EU NEIGHBOURS east) Rethinking Security When So Many Threats Are Invisible (New York Times) 8 rules for “civilian hackers” during war, and 4 obligations for states to restrain them (EJIL: Talk!) Learn more about your ad choices. Visit megaphone.fm/adchoices

Nearly 100,000 ICS services exposed to the Internet. BunnyLoader in the C2C market. Phantom Hacker scams. API risks. Cybersecurity attitudes and behaviors. Homeland Security IG finds flaws in TSA pipeline security programs, and privacy issues with CBP, ICE, and USSS use of commercial telemetry. Kyiv prepares for Russian attacks on Ukraine's power grid. Ben Yelin on the Department of Commerce placing guardrails on semi-conductor companies. As part of our sponsored Industry Voices segment, Dave Bittner sits down with Nick Ascoli, Founder and CTO at Foretrace, to discuss the last year in data leaks. And Russian disinformation is expected to aim at undermining US support for Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/189 Selected reading. Bitsight identifies nearly 100,000 exposed industrial control systems (Bitsight) New BunnyLoader threat emerges as a feature-rich malware-as-a-service (BleepingComputer) "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings (FBI) FBI warns of surge in 'phantom hacker' scams impacting elderly (BleepingComputer) APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (Hacker News) Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 (National Cybersecurity Alliance) Watchdog says pipeline security regulations, data collection safeguards not up to snuff at DHS (Washington Post) Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED) (Office of Inspector General, Department of Homeland Security) CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data (REDACTED) (Office of Inspector General, Department of Homeland Security) Ukraine prepares for winter again as Russia targets its power grid (The Economist) Putin’s Next Target: U.S. Support for Ukraine, Officials Say (New York Times Learn more about your ad choices. Visit megaphone.fm/adchoices

Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrust is a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors targeting macOS. And Cybersecurity Awareness Month begins this week. Learn more about the Blu Ventures Conference here: https://www.bluventureinvestors.com/cyber-venture-forum For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/188 Selected reading. Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI) FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher) A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs) New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News) APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology) APT34 Deploys Phishing Attack With New Malware (Trend Micro) Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News) Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record) North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop) Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread) North Korean Lazarus targeted a Spanish aerospace company (Security Affairs) Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (BleepingComputer) Ukraine at D+585: Trench fighting in the south. (CyberWire) Royal Family's official website targeted in cyber attack (Sky News) Royal family website hit by cyber attack (The Independent) The country ‘dodged a bullet’ after shutdown avoided, but the cyber threat still hovers (Washington Post) US Federal shutdown averted (or postponed): effects on cybersecurity. (CyberWire) Cybersecurity Awareness Month: perspectives from the cyber sector. (CyberWire) Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series (NIST) Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Ted Wagner, Chief Information Security Officer at SAP National Security Services, or SAP NS2. Ted sits down to share his story on how he got introduced into the industry and why he chose this as a career path. He went straight into the Armyas a second lieutenant in the artillery field after high school, which after his time was up he decided to move on and started working for a company that allowed him to do a management training program. After that he found himself working on IT projects which got him interested in the field. Ted shares that one thing that has helped him throughout his career is teaching about very technical terms and turning it into more operational or business like terms for his students at MIT. He shares that people getting into this field should get as much hands on experience as they can, saying "I think those are all things that can really help someone who may not have all the experience, but this is a pathway to, to learn." We thank Ted for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was not published by Cisco Talos' team. Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served inside Bing's AI chatbot (Malwarebytes) Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress) Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media) A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica) Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security) Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) CL0P Seeds ^_- Gotta Catch Em All! (Unit 42) A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post) 2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense) NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) NSA starts AI security center with eye on China and Russia (Fortune) NSA is creating a hub for AI security, Nakasone says (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs) Johnson Controls reports data breach after severe ransomware attack (BeyondMachines) Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board) Split privacy board urges big changes to Section 702 surveillance law (Washington Post) Democrats fear cyberattacks as government shutdown looms (Nextgov.com) Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters) Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information) Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency) Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer) Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web) Suspicious New Ransomware Group Claims Sony Hack (Dark Reading) Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer) Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek) Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission) Ukraine: Russian hackers infiltrating software supply chains (Computing) Russian hacking operations target Ukrainian law enforcement (CyberScoop) Ukraine accuses Russian spies of hacking law enforcement (Register) Russian hackers target Ukrainian government systems involved in war crimes investigations (Record) Ukraine Cyber Defenders Prepare for Winter (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense) ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint) More MOVEit-related data breaches are disclosed. (CyberWire) Mixin Network suspends deposits and withdrawals. (CyberWire) OpenSea NFT market warns of third-party risk to its API. (CyberWire) Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix) Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News) British Army general says UK now conducting ‘hunt forward’ operations (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity) From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon) New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer) Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News) 0-days exploited by commercial surveillance vendor in Egypt (Google). PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab) New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News) Egyptian presidential hopeful targeted by Predator spyware (Washington Post) Russian news outlet in Latvia believes European state behind phone hack (the Guardian) Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters). Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (Ukrinform). Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent) NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading) Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your ad choices. Visit megaphone.fm/adchoices

This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS’ largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served as Lead Cyber Advisor to the Federal Communications Commission. Merritt shares some amazing advice for up and comers into the field, saying "my personal philosophy is that no one has to go down for you to go up. I'm always encouraging my colleagues, um, and other executives to be thinking about how we can, you know, steal, sharpen, steal, how we can be good for each other, how we can collaborate, how we can, um, create more strengths in one another." We thank Merritt for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server. The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad choices. Visit megaphone.fm/adchoices

A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer) Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2K’s Simone Petrella sits down with Chris Krebs at the mWise conference. In today’s Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Unit 42. And MGM Resorts says it’s well on the way to recovery. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/181 Threat Vector links. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Selected reading. #StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) 2023 .Phishing Trends (ZeroFox) Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire) 2023 Cyber Claims Report: Mid-year Update (Coalition) Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone (Comparitech) Canada blames border checkpoint outages on cyberattack (Record) Cyberattack hits International Criminal Court (SC Media) International Criminal Court hacked amid Russia probe (Register) International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) Our hotels and casinos are operating normally. (FAQ - MGM Resorts) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News - 09-20-2023) Learn more about your ad choices. Visit megaphone.fm/adchoices

The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks (and related social engineering capers). In our Learning Layer segment, Sam Meisenberg drops into a CISSP tutoring session and offers some test-taking tips. Our guest is Aaron Brazelton, Dean of Admissions and Advancement at the Alabama School of Cyber Technology and Engineering. And the Clorox incident shows how one company navigates unfamiliar new SEC rules. Join Sam Meisenberg as he drops into a CISSP tutoring session talking about the difference between due diligence and due care along with some test-taking tips. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/180 Learning Layer. Learning about the CISSP certification from (ISC)² Selected reading. War crimes tribunal ICC says it has been hacked (Reuters) International Criminal Court says cybersecurity incident affected its information systems last week (AP News) Hackers breached International Criminal Court’s systems last week (BleepingComputer) New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint) Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack) MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post) Caesars reports cyberattack but did not go offline (Top Class Actions) What Las Vegas tourists need to know about casino hacks (Washington Post) MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (Dark Reading) Clorox Cyberattack Brings Early Test of New SEC Cyber Rules (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And there’s talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack -Petro (Reuters) Colombia Mulls Legal Action Against US Firm Targeted In Cyber Attack (Barron's) Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (Microsoft Security Response Center) Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages (SecurityWeek) Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (Trend Micro) Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) The Clorox Company FORM 8-K (US Securities and Exchange Commission) Clorox Warns of Product Shortages Following Cyberattack (Wall Street Journal) Clorox warns of product shortages, profit hit from August cyberattack (The Street) Can't find the right Clorox product? A recent cyberattack is causing some shortages (USA Today) Clorox warns of product shortages after cyberattack (Fox Business) As flu season looms, hackers force a shortage of Clorox products (Fortune) New Research Finds Cyberattacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% (Business Wire) Death By a Billion Bots (Netacea) Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (EconoTimes) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains the policies, tools and safeguards in place to enable the safe use of generative AI. And more details emerge in the Las Vegas casinos’ ransomware incidents. Danny Ocean, call your office. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/178 Selected reading. Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness (Microsoft Security Compliance and Identity) Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say (Record) CoinEx invites hackers to negotiate after suffering data breach (The Times of India BlackCat ransomware hits Azure Storage with Sphynx encryptor (BleepingComputer) MGM websites up, but reservation systems still affected by hack (Las Vegas Review-Journal) The chaotic and cinematic MGM casino hack, explained (Vox) Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water commission confirms 'cybersecurity incident' (Register) Ukraine's Fusion of Cyber and Kinetic Warfare: Illia Vitiuk's Stand Against Russian Cyber Operations (AFCEA International) Learn more about your ad choices. Visit megaphone.fm/adchoices

Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring gratification as long as possible" when building your career. He says, "People early in their career, looking at government service, those positions don't, you know, make anybody rich overnight, but they are amazing career cornerstones to build on." He closes sharing the importance of relationships. We thank Karl for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Saïd Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk. Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list – with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents. Even the largest and most technologically advanced companies are not immune. CEOs must formally answer to regulators, shareholders and board members for their organisation’s cybersecurity. Yet the majority (72%) of CEOs we interviewed as part of our research said they were not comfortable making cybersecurity-related decisions. The research and associated article can be found here: Research: The CEO Report on Cyber Resilience Article: Make Cybersecurity a Strategic Asset Learn more about your ad choices. Visit megaphone.fm/adchoices

"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/177 Selected reading. Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft) Hackers Backed by Iran Caught in Apparent Global Spy Campaign (The Messenger) BNamericas - Colombia cyberattack hits government, corpor... (BNamericas.com) Colombia's judicial branch thrown offline in major cyber attack (Colombia Reports) Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down (AP News) Casino Operators Caesars and MGM Still Reeling From Cyber Attacks (Kiplinger.com) Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs (CyberScoop) MGM still responding to wide-ranging cyberattack as rumors run rampant (Record) Ransomware in the casinos. (CyberWire) MGM Resorts shuts down some systems. (CyberWire) Manchester police officers’ data stolen following ransomware attack on supplier (Record) Contractor Data Breach Impacts 8k Greater Manchester Police Officers (Hackread) A Second Major British Police Force Suffers a Cyberattack in Less Than a Month (SecurityWeek) Who is behind the latest wave of UK ransomware attacks? (the Guardian) Learn more about your ad choices. Visit megaphone.fm/adchoices

The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading. Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg) Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal) The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal) Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal) ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters) MGM Resorts says cyberattack could have material effect on company (NBC News) MGM Resorts cybersecurity breach could cost millions, expert says (KLAS) MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire) macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek) “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence) Unit 42 Attack Surface Threat Report (Palo Alto Networks) The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal) Learn more about your ad choices. Visit megaphone.fm/adchoices

An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/175 Selected reading. Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security) 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec) Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security) Contextualizing Deepfake Threats to Organizations (US Department of Defense) Bipartisan push to ban deceptive AI-generated ads in US elections (Reuters) DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) New DOD cyber strategy notes limits of digital deterrence (DefenseScoop) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) September 2023 Security Updates (Microsoft Security Response Center) Microsoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA) Zero Day Summer: Microsoft Warns of Fresh New Software Exploits (SecurityWeek) Microsoft Patch Tuesday: Two zero-days addressed in September update (Computing) Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) (Help Net Security) Adobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs) Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer) Apple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA) SAP Security Patch Day for September 2023 (Onapsis) Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (The Hacker News) Critical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading) Zero-day affecting Chrome, Firefox and Thunderbird patched (Computer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter. And MGM Resorts are dealing with a “cybersecurity issue.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/174 Selected reading. Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET) Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News) Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading) Iranian hackers break into networks of more than 30 companies in Israel (ynetnews) “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer) Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News) Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) Sales and Purchases of Vulnerability Exploits (Flashpoint) Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek) MGM Resorts shuts down some computer systems after cyber attack (Reuters) Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News) MGM Resorts shuts down IT systems after cyberattack (BleepingComputer) MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business) MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News) MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch) FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV) MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg) Learn more about your ad choices. Visit megaphone.fm/adchoices

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book, “Irreducibly Complex Systems: An Introduction to Continuous Security Testing.” In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/173 Selected reading. Ransomware, extortion and the cyber crime ecosystem (NCSC) HijackLoader (Zscaler) New HijackLoader malware is rapidly growing in popularity (Security Affairs) New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (Hacker News) Spyware Telegram mod distributed via Google Play (Secure List) Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (The Hacker News) 'Evil Telegram' Android apps on Google Play infected 60K with spyware (BleepingComputer) Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life (Financial Times) Russia warns "all-out war" with US could erupt over worsening cyber clashes (Newsweek) New strategy for global cybersecurity cooperation coming soon: State cyber ambassador (Breaking Defense) Learn more about your ad choices. Visit megaphone.fm/adchoices