Thursday, June 1, 2023
The CyberWire Podcast

Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.

SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites...
The CyberWire Podcast

Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.

New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from...
The CyberWire Podcast

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.

CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion...
The CyberWire Podcast

Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.

China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent...
The CyberWire Podcast

CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]

Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon. AA23-144A Alert,...
The CyberWire Podcast

Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.

Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit...
The CyberWire Podcast

BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.

AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks...
The CyberWire Podcast

Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.

The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944...
The CyberWire Podcast

Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie...
The CyberWire Podcast

Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]

Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she...
The CyberWire Podcast

Dangerous vulnerabilities in H.264 decoders. [Research Saturday]

Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking...
The CyberWire Podcast

Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.

Section 230 survives SCOTUS. Lemon Group's pre-infected devices. The IRS is sending cyber attachés to four countries in a new pilot program. A Wisconsin man is charged with stealing DraftKings credentials....
The CyberWire Podcast

BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.

Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against...
The CyberWire Podcast

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]

FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC...
The CyberWire Podcast

A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.

Cyber agencies warn of BianLian ransomware. There’s a new gang using leaked Baduk-based ransomware. Chinese government-linked threat actors target TP-link routers with custom malware. ChatGPT-themed fleeceware is showing up in online...
The Register

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...