Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
CyberWire Daily · N2K Networks
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
BianLian gang’s pivot. HinataBot is a Go-based threat. The US Social Security Administration is impersonated in attempted vishing attacks. BlackSnake in the RaaS criminal market. More Silicon Valley Bank-themed phishing. Caleb Barlow from Cylete on security implications you need to consider now about Chat GPT. Our guest is Isaac Roth from LeakSignal with advice on securing the microservices application layer. And Russian operators exploit an Outlook vulnerability.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/52
Selected reading.
BianLian Ransomware Gang Continues to Evolve ([redacted])
Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai)
Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox)
Netskope Threat Coverage: BlackSnake Ransomware (Netskope)
Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY)
Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive)
CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct)
Everything We Know About CVE-2023-23397 (Huntress)
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (Microsoft Security Response Center)
Learn more about your ad choices. Visit megaphone.fm/adchoices