TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shouldn't get cocky. DevSecOps survey results show tension between innovation and security. Russian hacktivist auxiliaries hit German targets. Tim Starks from the Washington Post Cyber 202 shares insights from his interview with Senator Warner. Our guest is Keith McCammon of Red Canary to discuss cyber accessibility. And Private sector support for Ukraine's cyber defense.
For links to all of today's stories check out our CyberWire daily news briefing:
TA444: The APT Startup Aimed at Acquisition (of Your Funds) (Proofpoint)
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI (Akamai)
Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection (Securonix)
BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute (BlackBerry)
Global CIO Report Reveals Growing Urgency for Observability and Security to Converge (Dynatrace)
Russian 'hacktivists' briefly knock German websites offline (Reuters)
How Microsoft is helping Ukraine’s cyberwar against Russia (Computerworld)
CISA Releases Two Industrial Control Systems Advisories (CISA)