CyberWire Daily

AJ Nash from ZeroFox sits down with Dave to discuss Cybersecurity threats including social engineering attacks planned surrounding the Qatar 2022 World Cup. The research shares some of the key threats we might see while the World Cup is happening this year. Researchers say "During the World Cup, there will likely be threat actors aiming to acquire personal information or monetary value through phishing and scams." In the research we can find how the venue host is preparing for these claims of attacks. The research can be found here: Qatar 2022 World Cup Event Assessment Learn more about your ad choices. Visit megaphone.fm/adchoices

Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams: that's not Ukraine’s Ministry of Digital Transformation. On the cyber front, nothing new. CISA releases three new ICS advisories. Caleb Barlow on attack surface management. Mike Hamilton from Critical Insight explains how state and local governments apply for the $1 billion allocated by the feds for cybersecurity funding. And criminals prey on other criminals. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/235 Selected reading. Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks) Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers (ThreatFabric) Crypto Winter: Fraudsters Impersonate Ukraine’s Government to Steal NFTs and Cryptocurrency (DomainTools) Danish defence ministry says its websites hit by cyberattack (Reuters) Kela website hit by DoS attack (Yle) Advantech iView (CISA) AVEVA InTouch Access Anywhere (CISA) Rockwell Automation Logix controllers (CISA) The scammers who scam scammers on cybercrime forums: Part 1 (Sophos News) Cyber-criminals Scammed Each Other Out of Millions in 2022 (Infosecurity Magazine) Learn more about your ad choices. Visit megaphone.fm/adchoices

The IT Army of Ukraine claims responsibility for DDoS against a Russian bank. North Korea exploits an Internet Explorer vulnerability. A new variant of Babuk ransomware has been reported. Blind spots in air-gapped networks. Rob Boyce from Accenture has insights on the most recent ransomware trends. Our guest is Nathan Howe from Zscaler with the latest on Zero Trust. And the hacking of cats and dogs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/234 Selected reading. IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack (HackRead) Internet Explorer 0-day exploited by North Korean actor APT37 (Google) Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (PRWeb) Bypassing air-gapped networks via DNS (Pentera) What to Know About an Unlikely Vector for Cyber Threats: Household Pets (Insurance Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/233 Selected reading. Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology) Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future) Antwerp's city services down after hackers attack digital partner (BleepingComputer) Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future) Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry) Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times) Apiiro’s AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security) Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB) Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA22-335A.stix Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email [email protected] To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at [email protected], or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/232 Selected reading. BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs) The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog) Syntax errors are the doom of us all, including botnet authors (Ars Technica) Russia's No. 2 bank VTB suffers largest DDoS in history (Computing) Russia compromises major UK and US organisations to attack Ukraine (Lupovis) Russia’s online attacks target Ukrainians’ feelings (POLITICO) Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Wiper malware hits Russian targets. Microsoft sees an intensification of Russian cyber operations against Ukraine. State policy, privateering, or an APT side-hustle? The US Cyber Safety Review Board will investigate the Lapsu$ Group. Rackspace works to remediate a security incident. The Schoolyard Bully Trojan harvests credentials. Grayson Milbourne of OpenText Security Solutions on attacks on common open source dev libraries. Rick Howard looks at CISO career paths. And trends in ransomware: cybercrime succeeds when the gang runs like a business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/231 Selected reading. CryWiper: fake ransomware (Kaspersky). CryWiper data wiper targets Russian courts and mayors' offices (Computing) Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (Ars Technica) Russian regions attacked by new wiper posing as ransomware (Cybernews) Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft On the Issues) Russia coordinating Ukraine hacks with missiles, could increasingly target European allies, Microsoft warns (POLITICO) Russia Is Boosting Its Cyber Attacks on Ukraine, Allies, Microsoft Says (Bloomberg.com) Hackers linked to Chinese government stole millions in Covid benefits (NBC News) Cyber Safety Review Board to Conduct Second Review on Lapsus$ (US Department of Homeland Security) Rackspace: Ongoing Exchange outage caused by security incident (BleepingComputer) Schoolyard Bully Trojan Facebook Credential Stealer (Zimperium) The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses (LookingGlass Cyber Solutions Inc.) Learn more about your ad choices. Visit megaphone.fm/adchoices

Rohit Dhamankar from Fortra’s Alert Logic sits down with Dave Bittner to share his experiences as he navigates the industry. Rohit has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Before Alert Logic he served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. He has previously worked in senior roles in several start-up companies in security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance, including VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot, acquired by Avast. Rohit shares the advise of never closing a door too prematurely, because you never know what could be behind the door waiting for you. We thank Rohit for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? One of the oldest and most successful banking fraud malwares, URSNIF, which caused an estimated “tens of millions of dollars in losses”, has been discovered by researchers to have been re-tooled into a generic backdoor, dubbed “LDR4”. This new varient was first observed in June 2022. Mandiant researchers believe that the same threat actors who operated the RM3 variant of URSNIF are likely behind LDR4. They say "given the success and sophistication RM3 previously had, LDR4 could be a significantly dangerous variant—capable of distributing ransomware—that should be watched closely." The research can be found here: From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind Learn more about your ad choices. Visit megaphone.fm/adchoices

Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. DDoSing the Vatican. Andrea Little Limbago from Interos on the implications of Albania cutting off diplomatic ties with Iran. Our space correspondent Maria Varmazis speaks with Brandon Bailey about Space Attack Research and Tactic Analysis matrix. And how Google supports Ukrainian startups in wartime. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/230 Selected reading. Alert (AA22-335A) #StopRansomware: Cuba Ransomware (CISA) Novel News on Cuba Ransomware: Greetings From Tropical Scorpius (Palo Alto Networks Unit 42) New ways we're supporting Ukraine (Google) 25 new startup recipients of the Ukraine Support Fund (Google) Vatican shuts down its website amid hacking attempts (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices

A new backdoor, courtesy of the DPRK. The Medibank breach is all over but the shouting (or, all over but the suing and the arresting). Risks and opportunities in telecom’s shift to cloud. Cyber risk in healthcare. An assessment of Russian cyber warfare. Robert M. Lee from Dragos assesses the growing value of the ICS security market. Our guest is Cecilia Seiden of TransUnion to discuss their 2022 Consumer Holiday Shopping Report. And it’s December, which means…predictions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/229 Selected reading. Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin (ESET) Medibank hackers announce ‘case closed’ and dump huge data file on dark web (the Guardian) New details on commercial spyware vendor Variston (Google) Risks and opportunities in telecom’s shift to cloud. (CyberWire) Moody’s discusses cyber risk in healthcare. (CyberWire) 'Do something:' Ukraine works to heal soldiers' mental scars (AP NEWS) Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism (Wall Street Journal) Cybersecurity predictions for 2023. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet claims to have counted coup against the White House. Tim Starks from the Washington Post has the FCC’s Huawei restrictions and ponders what congress might get done before the year end. Our guest is Tom Eston from Bishop Fox with a look Inside the Minds & Methods of Modern Adversaries. And, of course, scams, hacks, and other badness surrounding the World Cup. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/228 Selected reading. LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling (Sophos News) Punisher Ransomware Spreading Through Fake COVID Site (Cyble) Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia (Mandiant) BEC Group Compromises Personal Accounts and Pulls Heartstrings to Launch Mass Gift Card Attacks (Abnormal Security) Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites (Trustwave) Scammers on the pitch: Group-IB identifies online threats to fans at FIFA World Cup 2022 in Qatar (Group-IB) Learn more about your ad choices. Visit megaphone.fm/adchoices

DDoS as a holiday-season threat to e-commerce. A TikTok challenge spreads malware. Meta's GDPR fine. Mr. Security Answer Person John Pescatore has thoughts on phishing resistant MFA. Joe Carrigan describes Intel’s latest efforts to thwart deepfakes. And US Cyber Command describes support for Ukraine's cyber defense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/227 Selected reading. Holiday DDoS Cyberattacks Can Hurt E-Commerce, Lack Legal Remedy (Bloomberg Law) TikTok ‘Invisible Body’ challenge exploited to push malware (BleepingComputer) $275M Fine for Meta After Facebook Data Scrape (Dark Reading) Before the Invasion: Hunt Forward Operations in Ukraine (U.S. Cyber Command) Learn more about your ad choices. Visit megaphone.fm/adchoices

Nighthawk’s at the diner (but maybe not on the crooks’ menu). Internet service in Ukraine and Moldova is interrupted by strikes against Ukraine's power grid. Sandworm renews ransomware activity against Ukrainian targets. Russian cyber-reconnaissance seen at a Netherlands LNG terminal. European Parliament votes to declare Russia a terrorist state (and Russia responds with cyberattacks and terroristic threats). Carole Theriault reports on where these kids today are getting their news. Malek Ben Salem from Accenture on digital identity in Web 3.0. And, hey, the new list of most commonly used passwords looks...depressingly familiar. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/226 Selected reading. Sec firm MDSec slams Proofpoint for post on pen-testing framework (iTWire) Nighthawk: With Great Power Comes Great Responsibility - MDSec Cyberattack Hits Iran's Fars News Agency (RadioFreeEurope/RadioLiberty) Iran’s Fars news agency is hit by cyberattacks, blames Israel (Times of Israel) Ukraine and Moldova suffer internet disruptions after Russian missile strikes (The Record by Recorded Future) New ransomware attacks in Ukraine linked to Russian Sandworm hackers (BleepingComputer) Russian hackers targeting Dutch gas terminal: report (NL Times) Russia labelled state sponsor of terrorism as missile strikes leave Ukraine without power (The Telegraph) Killnet Group Claims Responsibility for European Parliament Cyber Attack (Digit) European Parliament hit by 'sophisticated' cyberattack (Deutsche Welle) European Parliament website suffers 'sophisticated' cyber attack after Russia terrorism vote (Computing) Hackers Temporarily Take Down European Parliament Website (Wall Street Journal) Guess the most common password. Hint: We just told you (Register) Learn more about your ad choices. Visit megaphone.fm/adchoices

Laura Whitt-Winyard, CISO from Malwarebytes, sits down to share her story, beginning with a desire to be a pediatric oncologist that she later discovered was not the path for her. Laura was bouncing around from job to job until she bought her first computer, and a light bulb went off in her head. She set out to make it her goal to learn about this new, interesting field and grow within it. Now as a successful CISO, she wants to make the world more secure and goes from company to company to complete her goal. She considers herself a servant leader whose goal is the greater good. She compares her role to football, explaining that she is not the quarterback, but the center for the team. She believes she is the center that paves the path for the quarterbacks on her team to reduce the noise, to give the quarterback all the tools that they need to do their jobs and do their jobs well. We thank Laura for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited. CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsoft’s Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux system The research can be found here: How Docker Made Me More Capable and the Host Less Secure Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer." Learn more about your ad choices. Visit megaphone.fm/adchoices

Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. Learn more about your ad choices. Visit megaphone.fm/adchoices

Another pentesting tool may soon be abused by threat actors. Cyberattack disrupts Guadeloupe. Ducktail evolves and expands. Warning of the potential disruption cyberattacks might work against European ports. CISA releases eight industrial control system advisories. Patrick Tiquet, VP of Security and Architecture at Keeper Security, talks about the FedRAMP authorization process. Bryan Vorndran of the FBI Cyber Division with reflections on ransomware. And stay safe on Black Friday (and Cyber Monday, and Panic Saturday, and…you get the picture. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/225 Selected reading. Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice (Proofpoint) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Guadeloupe government fights 'large-scale' cyberattack (AP NEWS) Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding (SecurityWeek) Cyber as important as missile defences - ex-NATO general (Reuters) CISA Releases Eight Industrial Control Systems Advisories (CISA) Black Friday and Cyber Monday risks. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected reading. Daixin Team claims AirAsia ransomware attack with five million customer records leaked (Tech Monitor) Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (The Hacker News) DraftKings Users Hacked, Money In Account "Cashed Out" (Action Network) DraftKings says no evidence systems were breached following report of a hack (CNBC) Assessing cyber risk in the US pharmaceutical industry. (CyberWire) Killnet DDoS hacktivists target Royal Family and others (ComputerWeekly.com) Ukraine Data Centers Became Physical Targets When Cyber Attacks Failed (Meritalk) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Google seeks to make Cobalt Strike useless to attackers (Help Net Security) Google Releases YARA Rules to Disrupt Cobalt Strike Abuse (Dark Reading) Google releases 165 YARA rules to detect Cobalt Strike attacks (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Luna Moth's callback phishing offers an unpleasant and less familiar form of social engineering. New activity by China's Mustang Panda is reported. DEV0569 is using malvertising to distribute Royal ransomware. US indicts 10 in a business email compromise case. Developing a cyber auxiliary. Dave Bittner sits down with AJ Nash from ZeroFox to discuss holiday scams. Our own Rick Howard speaks with us about cloud security. And beware of Black Friday scams. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/223 Selected reading. Threat Assessment: Luna Moth Callback Phishing Campaign (Unit 42) DEV-0569 finds new ways to deliver Royal ransomware, various payloads (Microsoft Security) Earth Preta Spear-Phishing Governments Worldwide (Trend Micro) EXCLUSIVE: Rounding up a cyber posse for Ukraine (The Record by Recorded Future) Tech for good: How the IT industry is helping Ukraine (Computing) 10 Charged in Business Email Compromise and Money Laundering Schemes Targeting Medicare, Medicaid, and Other Victims (US Department of Justice) Black Friday and Cyber Monday risks. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Omer Singer, Lead Cybersecurity Strategist from Snowflake, sits down to share his experience getting into the cybersecurity field. Growing up, he knew he wanted to work with computers, but he just didn't know what he wanted to do within the field. His college gave him great hands-on experience to then transition into the workforce. He's played both on the offense and defense of cybersecurity, and he says that experience showed him and he "kind of saw firsthand, uh, what a well funded and motivated, uh, team of cybersecurity experts can do and it's pretty scary." In addition, Omer is a big advocate for encouraging other security professionals to learn data skills, and strongly stands by the belief that the future of cybersecurity is in borrowing from modern data analytics tools and techniques that enable consistent risk reduction. He also makes it a priority to invest in his people, believing that this unlocks intrinsic motivation that enables a ton of personal growth and accomplishment, and is a big believer in the OKR system for enabling security operations and avoiding burnout. We thank Omer for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and its partners issue a Joint Advisory on the Hive ransomware-as-a-service operation. Ransomware continues to trouble governments, internationally and at all levels. The US Defense Department may see enhanced authority to conduct offensive cyber operations. Russian attacks on Ukrainian infrastructure remain kinetic, as missiles show up, but cyberattacks don’t. Kevin Magee from Microsoft about leveraging cybersecurity apprentices. Our guest is Paul Giorgi from XM Cyber describing creative attack path in enterprise networks.And, hey, glupost’ [GLUE-post]–don’t mess with Google’s lawyers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/222 Selected reading. CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. (CyberWire) #StopRansomware: Hive Ransomware (CISA) Vanuatu: Hackers strand Pacific island government for over a week (BBC News) Ransom attack cripples Vanuatu government systems, forces staff to use pen and paper (The Sydney Morning Herald) Ransomware incidents now make up majority of British government’s crisis management COBRA meetings (The Record by Recorded Future) Suffolk County, N.Y., Hack Shows Ransomware Threat to Municipalities (Wall Street Journal) Biden set to approve expansive authorities for Pentagon to carry out cyber operations (CyberScoop) Red Lion Crimson (CISA) Cradlepoint IBR600 (CISA) A ruling in our legal case against the Glupteba botnet (Google) Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI, CISA, and the Department of Health and Human Services are releasing this alert to disseminate known Hive Ransomware Group indicators of compromise and TTPs identified through FBI investigations. AA22-321A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email [email protected] To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at [email protected], or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Meta employees, contractors compromised customer accounts. Nemesis Kitten found in US Government network. Unpatched Magento instances hit with "TrojanOrders." Emotet has returned after three quiet months. DDoS attacks in game servers by RapperBot. Carole Theriault looks at long term lessons learned from the 2019 Capital One breach. FBI Cyber Division AD Bryan Vorndran updates us on cyber threats. And an alleged "Zeus" cybercrime boss has been arrested in Switzerland. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/221 Selected reading. Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. (CyberWire) Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester (CISA) Iranian government-linked hackers got into Merit Systems Protection Board’s network (Washington Post) Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say (CNN) Magento stores targeted in massive surge of TrojanOrders attacks (BleepingComputer) A Comprehensive Look at Emotet’s Fall 2022 Return (Proofpoint) Notorious Emotet botnet returns after a few months off (Register) Updated RapperBot malware targets game servers in DDoS attacks (BleepingComputer) Russia’s cyber forces ‘underperformed expectations’ in Ukraine: senior US official (The Hill) Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Blockchains and cryptocurrency exchanges, and the risks they present. Vulnerabilities in Amazon RDS may expose PII. A study of the language of fraud. Tim Starks from Washington Post's Cybersecurity 202 on a lagging DHS cyber doomsday report. Our guest is Ashif Samnani of Cenovus Energy with insights from the world of OT cyber. And President Zelenskyy offers the benefit of Ukraine's experience with cyber warfare to the "G19”. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/220 Selected reading. Cryptocurrency sector vulnerabilities. (CyberWire) Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots (Mitiga) Amazon RDS may expose PII. (CyberWire) The specious language of fraud. (CyberWire) Zelensky offers G20 leaders to use Ukrainian experience in cyber defense (Ukrinform) Ukraine at D+265: A missile campaign punctuates diplomacy. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch organization where CISA observed suspected advanced persistent threat activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller, compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence. AA22-320A Alert, Technical Details, and Mitigations Malware Analysis Report MAR 10387061-1.v1 For more information on Iranian government-sponsored Iranian malicious cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage. CISA offers several no-cost scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. See www.cisa.gov/cyber-hygiene-services U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email [email protected] To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at [email protected], or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fangxiao works ad scams enroute to other compromises. Killnet claims to have defaced a US FBI site. CISA registers another Known Exploited Vulnerability. Difficulties with Twitter's SMS 2FA system. Zendesk vulnerability discovered. Joe Carrigan explains registration bombing for email addresses. Our guest is Miles Hutchinson from Jumio with insights on defense against sophisticated ransomware attackers. And Billbug romps through Asian government agencies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/219 Selected reading. Fangxiao: a Chinese threat actor (Cyjax) Fangxiao: A Phishing Threat Actor (Tripwire) Russian hackers claim cyber attack on FBI website (Newsweek) CISA Has Added One Known Exploited Vulnerability to Catalog (CISA) Twitter’s SMS Two-Factor Authentication Is Melting Down (WIRED) Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk (Varonis) Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries (Symantec) Chinese hackers target government agencies and defense orgs (BleepingComputer) Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (The Hacker News) Learn more about your ad choices. Visit megaphone.fm/adchoices

Software supply chain risk. Cyber risk across sectors. CISA releases Stakeholder Specific Vulnerability Categorization (SSVC). Sandworm is back in Russia's hybrid war. Another wiper campaign from a Russian cyber auxiliary. Malek Ben Salem from Accenture shares thoughts on future-proofing cloud security. Rick Howard previews the latest CSO Perspectives show. And the Australian Federal Police say they know who hacked Medibank. (and the AFP says they have a good track record getting international criminals). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/218 Selected reading. Exclusive: Russian software disguised as American finds its way into U.S. Army, CDC apps (Reuters) Industries boost cyber defenses against growing number of attacks (Moodys) CISA Releases SSVC Methodology to Prioritize Vulnerabilities (CISA) Transforming the Vulnerability Management Landscape (CISA) Russian Sandworm hackers deployed malware in Ukraine and Poland (Washington Post) New “Prestige” ransomware impacts organizations in Ukraine and Poland (Microsoft) Microsoft links Russia’s military to cyberattacks in Poland and Ukraine (Ars Technica) Microsoft attributes ‘Prestige’ ransomware attacks on Ukraine and Poland to Russian group (The Record by Recorded Future) Wipe it or exfiltrate? How Russia exploits edge infrastructure to disrupt and spy during wartime (SC Media) Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless (WIRED) Russian military hackers linked to ransomware attacks in Ukraine (BleepingComputer) Information on cyberattacks of the group UAC-0118 (FRwL) using the Somnia malware (CERT-UA#5185) (CERT-UA) Ukraine says Russian hacktivists use new Somnia ransomware (BleepingComputer) Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands (Help Net Security) Development of the Ukrainian Cyber Counter-Offensive (Trustwave) Australian Federal Police say cybercriminals in Russia behind Medibank hack (The Record by Recorded Future) Australia tells Medibank hackers: 'We know who you are' (TechCrunch) Learn more about your ad choices. Visit megaphone.fm/adchoices

Lauren Campanara, a SOC Analyst from ThreatX shares her story as she made the decision to break into cybersecurity after spending twelve years in the cosmetology field. She worked her way through college in a job she did not enjoy and felt trapped in while competing her online degree. She found ThreatX and fell in love with the work she is doing now. Lauren hopes to inspire others, especially women, to consider a challenging and rewarding career in cybersecurity. She shares what it's like to be in a field she was not happy in and how she was the only one standing in her way to achieve her goals. She says "Another huge obstacle worth mentioning is learning to get out of my own way. You are your own worst critic. I learned to be more forgiving of myself." She hopes her story will inspire others to follow their dreams and stop holding themselves back. Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai from Zscaler sits down with Dave to talk about the Crytox ransomware family. First observed in 2020, Crytox is a ransomware family consisting of several stages of encrypted code that has fallen under the radar compared to other ransomware families. While other groups normally use double extortion attacks where data is both encrypted and held for ransom, Crytox does not perform this way. The research says "The modus operandi of the group is to encrypt files on connected drives along with network drives, drop the uTox messenger application and then display a ransom note to the victim." It also shares how you may be compromised with this ransomware and goes through each stage in depth. The research can be found here: Technical Analysis of Crytox Ransomware Learn more about your ad choices. Visit megaphone.fm/adchoices

There’s no sign that cyberattacks affected US vote counts. NATO meets to discuss the Atlantic Alliance’s Cyber Defense Pledge. A new APT41 subgroup has been identified. FSB phishing impersonates Ukraine's SSCIP. A look at Cozy Bear's use of credential roaming. Caleb Barlow shares tips on removing implicit bias from your hiring process. Our guests are Valerie Abend and Lisa O'Connor from Accenture with a look at the difference in how women and men pursue the top cyber leadership roles. And an update on Phishing trends and API threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/217 Selected reading. Statement from CISA Director Easterly on the Security of the 2022 Elections (Cybersecurity and Infrastructure Security Agency): No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says (Nextgov.com) U.S. vote counting unaffected by cyberattacks, officials say (PBS NewsHour) What's 'Putin's chef' cooking up with talk on US meddling? (AP NEWS) NATO’s 2022 Cyber Defense Pledge Conference - United States Department of State (United States Department of State) Japan joins NATO cyber defense centre (Telecoms Tech News) China casts wary eye as Japan signs up for Nato cybersecurity platform (South China Morning Post) Hack the Real Box: APT41’s New Subgroup Earth Longzhi (Trend Micro) New hacking group uses custom 'Symatic' Cobalt Strike loaders (BleepingComputer) They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming (Mandiant) APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network (The Hacker News) CAUTION‼️ russian hackers are sending emails with malicious links from the SSSCIP (State Service of Special Communications and Information Protection of Ukraine) Russian hackers send out emails under the name of Ukraine's State Service of Special Communications and Information Protection (Yahoo) Research Report | The State of Email Security 2022 (Tessian) DevOps Tools & Infrastructure Under Attack (Wallarm) Learn more about your ad choices. Visit megaphone.fm/adchoices

US midterm elections proceed without cyber disruption. Communications security lessons learned. CISA publishes new entries to its Known Exploited Vulnerabilities Catalog. Patch Tuesday notes. Carole Theriault examines cross border money laundering. The FBI’s Bryan Vorndran offers guidance on how companies should think about their exposure in china. And a recent study finds reasons to be concerned about off-boarding. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/216 Selected reading. Taking a look at election security on US midterm Election Day. (CyberWire) Communications Security: Lessons Learned From Ukraine (BlackBerry) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) Microsoft November 2022 Patch Tuesday (SANS Institute) November Patch Tuesday Updates | 2022 (Syxsense Inc) Microsoft Fixes Six Actively Exploited Flaws (Decipher) Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (BleepingComputer) Microsoft Scrambles to Thwart New Zero-Day Attacks (SecurityWeek) Infrastructure access and security. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity on US Election Day. Details on the OPERA1ER threat activity. Seasonal and secular trends in Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. Ben Yelin reviews election security and misinformation. Ann Johnson from Afternoon Cyber Tea speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals. And, hey everybody, Mr. Hushpuppi is back in the news (and back in the slammer, the hoosgow, the big house…you get the picture…a sabbatical at Club Fed.) Disclaimer: The content and views expressed do not constitute medical advice and are not a substitute for professional medical advice, diagnosis, or treatment. If you need help, please contact your medical provider. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/215 Selected reading. Your Election Day cyber guide (Washington Post) Putin-linked businessman admits to US election meddling (AP NEWS) OPERA1OR: Playing god without permission (Group-IB) DTEX i3 Team Insider Risk Stats for 2022 (DTEX Systems Inc) Killnet targets Eastern Bloc government sites, but fails to keep them offline (The Record by Recorded Future) Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank (The Record by Recorded Future) Notorious Nigerian influencer ‘Billionaire Gucci Master’ sentenced to 11 years in jail in the U.S. for fraud (Forbes) Hushpuppi: Notorious Nigerian fraudster jailed for 11 years in US (BBC) Learn more about your ad choices. Visit megaphone.fm/adchoices

Election security on the eve of the US midterms. US FBI rates hacktivist contributions to Russia's war as unimportant. Microsoft accuses China of using vulnerability disclosure to develop zero-days. Andrea Little Limbago from Interos addresses accountability for breaches. Our guest is Michelle Amante from the Partnership for Public Service on their Cybersecurity Talent Initiative. And, finally, remember SIlk Road? The Feds do. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/214 Selected reading. Hacktivists Use of DDoS Activity Causes Minor Impacts (FBI) The government says it won’t flag election disinformation on Twitter and other social platforms (Washington Post) What to Expect When You are Expecting an Election (CISA) Hacktivists Use of DDoS Activity Causes Minor Impacts (FBI) Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression (Microsoft On the Issues) U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud (U.S. Attorney’s Office for the Southern District of New York) Learn more about your ad choices. Visit megaphone.fm/adchoices

Gary Brickhouse, CISO from GuidePoint Security, sits down to share his story, looking back over the last 25 years of his career working for Fortune 100 companies, including Disney. He shares that every role he has had, he’s had to grow into and how each one was a pivotal point in his technical career. Gary ended up transitioning to a different organization and says how it was really compliance that was the transitional sort of moment for him as he grew into different roles. He says, “What I found was sort of just, riding the wave of growth and opportunity and trying to take advantage of it along the way." He shares some advice for new people entering the industry, saying that he wants to help shatter the myth that you have to be technical to get into this field. We thank Gary for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice." Ultra-wideband (UWB) is a rapidly-growing radio technology that, according to the UWB Alliance, is forecasted to drive sales volumes exceeding one billion devices annually by 2025. In an effort to strengthen the security of devices utilizing UWB, Nozomi Networks Labs conducted a security assessment of two popular UWB RTLS solutions available on the market. Their research reveals 0-day vulnerabilities and other weaknesses that, if exploited, could allow an attacker to gain full access to all sensitive location data exchanged over-the-air. The research can be found here: UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice Learn more about your ad choices. Visit megaphone.fm/adchoices

Flight-planning services are affected by cyberattack, as are Danish rail service. A BEC gang impersonates international law firms. Effects of the hybrid war on action in cyberspace. Deepen Desai from Zscaler examines the evolution of the X-FILES Stealer. CyberWire Space Correspondent Maria Varmazis has an analysis of the Starlink situation in Ukraine. And a sad, final farewell to Vitali Kremez, gone far too soon. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/213 Selected reading. Boeing subsidiary Jeppesen's services impacted by cyber incident (Reuters) BREAKING: Boeing's Jeppesen Subsidiary Hit With Potential Ransomware Attack (Live and Let's Fly) Danish train standstill on Saturday caused by cyber attack (Reuters) Cyber incident at Boeing subsidiary causes flight planning disruptions (The Record by Recorded Future) Crimson Kingsnake: BEC Group Impersonates International Law Firms in… (Abnormal Security) New Crimson Kingsnake gang impersonates law firms in BEC attacks (BleepingComputer) Ukraine war, geopolitics fuelling cybersecurity attacks -EU agency (Reuters) Microsoft Extends Aid for Ukraine's Wartime Tech Innovation (SecurityWeek) Evaluating the International Support to Ukrainian Cyber Defense (Carnegie Endowment for International Peace) Cyber community mourns renowned researcher Vitali Kremez (The Record by Recorded Future) Remembering Vitali Kremez, Threat Intelligence Researcher (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn’t think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/212 Selected reading. Abusing Microsoft Customer Voice to Send Phishing Links (Avanan) Emotet botnet starts blasting malware again after 5 month break (BleepingComputer) Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne) RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry) Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek) Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts’ Cybersecurity 202 has the latest on election security. A visit to the CyberWire’s Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two ‘high’ severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA’s part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters) XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia’s war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch) Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/210 Selected reading. Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) O How The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security) New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion) Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog) The impact of exploitable misconfigurations on network security within US Federal organizations (Titania) Liz Truss's personal phone hacked by Putin's spies (Mail Online) O Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters) Liz Truss phone hack claim prompts calls for investigation (BBC News) Russian spies hacked Truss's personal phone (Computing) Government urged to investigate report Liz Truss’s phone was hacked (the Guardian) Ministers creating ‘wild west’ conditions with use of personal phones (the Guardian) Suella Braverman admits sending official documents to personal email six times (The Telegraph) Ukraine War: UK reveals £6m package for cyber defence (BBC News) DNS Threat Report — Q3 2022 (Akamai) Learn more about your ad choices. Visit megaphone.fm/adchoices

Leading European metals producer is hit with malware. Cooperative defense in cyberspace. A Ukrainian ally describes its exposure to Russian cyberattacks. Former UK Prime Minister Truss's phone may have been compromised. CISA sees a complex threat environment, but no specific threat to US elections. The Australian Defence network sustains ransomware attack. The three finalists in the DataTribe Challenge share insights on the competition. Rick Howard previews the new season of CSO Perspectives. And a look at threat trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/209 Selected reading. Aurubis says it was hit in wider cyberattack on metals industry (Reuters) Copper Giant Aurubis Shuts Down Systems Due to Cyberattack (SecurityWeek) Inside a US military cyber team’s defence of Ukraine (BBC News) Ukraine's cyber power shows value of public-private partnership (Nikkei Asia) Latvian President: Only the West’s Weakness Can Provoke Russia (Foreign Policy) Latvia’s cyberspace faces new challenges amid war in Ukraine (The Record by Recorded Future) Worries build about winter cyber threats in Ukraine (POLITICO) Liz Truss's personal phone hacked by Putin's spies (Mail Online) Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters) Liz Truss phone hack claim prompts calls for investigation (BBC News) Russian spies hacked Truss's personal phone (Computing) Government urged to investigate report Liz Truss’s phone was hacked (the Guardian) Ministers creating ‘wild west’ conditions with use of personal phones (the Guardian) 'Complex threat environment' ahead of midterm elections, top cybersecurity official says (Reuters) CISA chief sees no "specific or credible threats" to election infrastructure (CBS News) For cyber experts, disinformation overshadows cyberthreats in midterms (Washington Post) Australian Defence Department caught up in ransomware attack (ABC) Cyber-attack on Australian defence contractor may have exposed private communications between ADF members (the Guardian) Cyber Threat Reports (Deep Instinct) Deep Instinct releases its 2022 Interim Cyber Threat Study. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Jenny Brinkley, Director of AWS Security at Amazon Web Services (AWS), sits down to share her empowering story working through the ranks, and even co-founding her own company. While she did not have a typical upbringing in the industry, she credits her parents for ending up where she is now, as they told her that she could do anything and she decided as she was growing up that she could. She had the opportunity to co-found a small startup before selling it to AWS. She says that working in her position is like a rollercoaster, as no one thing is like the other, saying her highs are high and her lows are low. Being a woman in cybersecurity, she is working to empower more women in the field, Jenny says, "I think that we're living in such an interesting time where empathy, kindness, compassion, honesty, partnership in the security space, I mean, heck for any industry, but really for security and cyber security roles today, it's, it's the life blood and to be underestimated, especially as a female or because, you know, my background doesn't follow a cookie cutter pattern of what individuals think of when they think of individuals in security roles." We thank Jenny for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fede Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thousands of routers." The team at Faraday found a vulnerability that made it to DEFCON 30, labeling it high severity. With more and more people working from home for their companies, the research team went looking for where there may be vulnerabilities as employees are working from home. The research states that the team was "seeking and reporting security vulnerabilities in IoT devices, which led to the finding of an exploitable bug in a consumer-grade router popular in Argentina." They also stated in the research that it was escalating quickly and shares about how protecting home networks is important while working remotely. The research can be found here: A vulnerability in Realtek´s SDK for eCos OS: pwning thousands of routers Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Poland’s and Slovakia’s parliaments. The US 2022 National Defense Strategy is out. Insights from SecurityWeek’s ICS Cyber Security Conference. The importance of zero-trust in industrial environments. Malek Ben Salem from Accenture on machine language security and safety. Our guest is Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware. And CISA issues four more ICS Advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/208 Selected reading. Computer networks of parliaments in Poland and Slovakia paralyzed by cyberattacks (Euro Weekly News) Slovak, Polish Parliaments Hit By Cyber Attacks (Barron's) Slovak parliament suspends voting due to suspected cyberattack (Reuters) "Also from Russia" - cyber attack on parliaments in Poland and Slovakia - Today Times Live (Today Times Live) 2022 National Defense Strategy (US Department of Defense) 2022 NDS Fact Sheet | Integrated Deterrence (US Department of Defense) Discussing cyberattacks vs system failures. (CyberWire) Zero-trust in ICS environments. (CyberWire) SANS 2022 Survey: The State of OT/ICS Cybersecurity in 2022 and Beyond | Nozomi Networks (Nozomi Networks) CISA Releases Four Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this CyberWire classic. They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA releases cross-sector cybersecurity performance goals. Trojans are spreading through scanners. Cyber seed rounds are an exception to a general downtrend in venture investment. Whistleblowing and corporate culture. Storing enterprise secrets. Robert M. Lee from Dragos explains the TSA Pipeline Security Directive. Our guests are Jenny Brinkley from Amazon AWS and Lisa Plaggemier from the National Cybersecurity Alliance with a collaborative educational project. Cyberattacks seen as opportunistic and disconnected from strategy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/207 Selected reading. Cross-Sector Cybersecurity Performance Goals (CISA) CISA unveils voluntary cybersecurity performance goals (Federal News Network) Sending Trojans via Scanners (Avanan) DataTribe Insights - Q2 2022: Economic Storm Makes Landfall (DataTribe) Ukraine: Russian cyber attacks aimless and opportunistic (SearchSecurity) Learn more about your ad choices. Visit megaphone.fm/adchoices

Sudan closes its Internet as the country sees protests on the first anniversary of a coup. A Chinese influence campaign targets US elections. A software supply chain security study, and a look at vulnerability scanning tools. Documenting cyber war crimes in Ukraine. CISA issues eight ICS Advisories. Andrea Little Limbago from Interos on the effects of water scarcity on data centers. And if you’ll indulge us, we’ve got some pretty exciting CyberWire news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/206 Selected reading. Internet is shut down in Sudan on anniversary of military coup (The Record by Recorded Future) Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections (Mandiant) Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate (PR Newswire) Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months (BlackBerry) Ukraine Documenting Russian Hacks, Eyeing International Charges (Bloomberg) CISA Releases Eight Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware group phishing campaign. Varonis discovers two Windows vulnerabilities. Mr Security Answer Person John Pescatore on security through obscurity. Ben Yelin on the DOJ’s spying cases against China. CISA expands its Known Exploited Vulnerabilities Catalog with six new entries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/205 Selected reading. Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People’s Republic of China (US Department of Justice) U.S. Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy) Chinese spies charged with trying to thwart Huawei investigation (Quartz) DOJ Charges 13 Over Chinese Interference In US Affairs (Law360) U.S. Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal) U.S. charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News) Cuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer) Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries (BlackBerry) The Logging Dead: Two Event Log Vulnerabilities Haunting Windows (Varonis) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices