The Rise and Fall of True-Bot Malware

US and Canadian agencies warn of Truebot. A look at "Operation Brainleaches." Jumpcloud resets API keys. An update on the MOVEit vulnerability exploitation. Andrea Little Limbago from Interos shares insights on rising geopolitical instability. Our guest is Mike Hamilton from Critical Insight discussing what you need to know about NIST 2.0. OSCE trains Ukrainian students in cybersecurity.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/128

Selected reading.

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA)

Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) 

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks (ReversingLabs)

Mandatory JumpCloud API Key Rotation (JumpCloud)

JumpCloud resets admin API keys amid ‘ongoing incident’ (BleepingComputer)

JumpCloud Says All API Keys Invalidated to Protect Customers (SecurityWeek)

More organizations confirm MOVEit-related breaches as hackers claim to publish stolen data (TechCrunch)

Important information about MOVEit Transfer cyber security incident | Shell Global (Shell Global)

Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data (SecurityWeek)

OSCE helps future generation of Ukraine’s law enforcers and emergency personnel build skills for safe work in cyberspace (OSCE)

Learn more about your ad choices. Visit megaphone.fm/adchoices