Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases.
For links to all of today's stories check out our CyberWire daily news briefing:
Friday the 13th on the Dark Web: $150 Million Russian Drug Market Solaris Hacked by Rival Market Kraken (Elliptic Connect)
Russia-linked drug marketplace Solaris hacked by its rival (The Record from Recorded Future News)
Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency (the Guardian)
Ukraine: Russians Aim to Destroy Information Infrastructure (Gov Info Security)
Ukraine says Russia is coordinating missile strikes, cyberattacks and information operations (The Record by Recorded Future)
ICS Vulnerabilities and CVEs: Second Half of 2022 (SynSaber)
Abusing a GitHub Codespaces Feature For Malware Delivery (Trend Micro)
The Blank Image Attack (Avanan)
Phishing Attacks Pose as Updated 2023 HR Policy Announcements (Abnormal Security)
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns (Bitdefender)