CyberWire Daily

Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.” Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography. You can find the joint advisory here: Quantum-Readiness: Migration to Post-Quantum Cryptography Quantum computing: A threat to asymmetric encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic. Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberWire Daily podcast host Dave Bittner is joined by CyberWire editor John Petrik for an extended discussion about the Russian invasion of Ukraine and its effect on cybersecurity at the one year anniversary. John and his team have covered the Ukrainian conflict with daily news stories since the invasion began, and in fact, had quite a lot of coverage prior to the invasion. They take stock of where things stand, what has happened, and what we expected versus reality. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. They discussed the Navy’s cybersecurity advances and how they have implemented them. Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020 where they protect, detect, and respond to global cyber threats against Navy networks. Captain J. Steve Correia is the Commanding Officer of Naval Network Warfare Command and the Commander of Task Force 1010 under the U.S. Navy’s Fleet Cyber Command where they execute tactical-level command and control to direct, operate, maintain and secure Navy communication and network systems. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity interview with ChatGPT. In part one of CyberWire’s Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community. ChatGPT is a chatbot launched by OpenAI and built on top of OpenAI’s GPT-3 family of large language models. Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who were the cyber actors involved in each of these attacks? Do you think it's valuable to attribute cyber attacks to specific actors? Learn more about your ad choices. Visit megaphone.fm/adchoices

At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry. Listen in as the panel discusses: What works and doesn’t work in getting a security executive’s attention. Message trust, message fatigue, and what you can do about it. Trusted information sources and how security executives use them. Positioning and messaging that is actually meaningful to decision makers. The security executive’s purchasing behavior and why skepticism is the driving force. Stay tuned until the end to hear us answer some additional bonus questions submitted by attendees. Learn more about your ad choices. Visit megaphone.fm/adchoices

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was not published by Cisco Talos' team. Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served inside Bing's AI chatbot (Malwarebytes) Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress)  Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media)  A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica)  Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security)  Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) CL0P Seeds ^_- Gotta Catch Em All! (Unit 42)  A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post)  2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense) NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) NSA starts AI security center with eye on China and Russia (Fortune)  NSA is creating a hub for AI security, Nakasone says (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs) Johnson Controls reports data breach after severe ransomware attack (BeyondMachines)  Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board)  Split privacy board urges big changes to Section 702 surveillance law (Washington Post) Democrats fear cyberattacks as government shutdown looms (Nextgov.com)  Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)  Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters)  Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information) Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency)  Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer)  Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web)  Suspicious New Ransomware Group Claims Sony Hack (Dark Reading)  Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer)  Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek)  Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission)  Ukraine: Russian hackers infiltrating software supply chains (Computing) Russian hacking operations target Ukrainian law enforcement (CyberScoop)  Ukraine accuses Russian spies of hacking law enforcement (Register)  Russian hackers target Ukrainian government systems involved in war crimes investigations (Record)  Ukraine Cyber Defenders Prepare for Winter (Bank Info Security)  Learn more about your ad choices. Visit megaphone.fm/adchoices

An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense)  ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint)  More MOVEit-related data breaches are disclosed. (CyberWire) Mixin Network suspends deposits and withdrawals. (CyberWire) OpenSea NFT market warns of third-party risk to its API. (CyberWire) Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix)  Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News)  British Army general says UK now conducting ‘hunt forward’ operations (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity)  From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon)  New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer)  Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News)  0-days exploited by commercial surveillance vendor in Egypt (Google). PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab)  New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News)  Egyptian presidential hopeful targeted by Predator spyware (Washington Post) Russian news outlet in Latvia believes European state behind phone hack (the Guardian)  Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters). Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (Ukrinform). Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent)  NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server.  The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad choices. Visit megaphone.fm/adchoices

A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer)  Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2K’s Simone Petrella sits down with Chris Krebs at the mWise conference. In today’s Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Unit 42. And MGM Resorts says it’s well on the way to recovery. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/181 Threat Vector links. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected reading. #StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) 2023 .Phishing Trends (ZeroFox) Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire)  2023 Cyber Claims Report: Mid-year Update (Coalition)  Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone (Comparitech) Canada blames border checkpoint outages on cyberattack (Record) Cyberattack hits International Criminal Court (SC Media) International Criminal Court hacked amid Russia probe (Register) International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) Our hotels and casinos are operating normally. (FAQ - MGM Resorts) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News - 09-20-2023) Learn more about your ad choices. Visit megaphone.fm/adchoices