CyberWire Daily

Kristen Bell, cybersecurity expert from GuidePoint Security, discusses the cyberattacks in Colombia and accidental data exposure by Microsoft. The podcast covers the impact of cyberattacks on Clorox, state-sponsored attacks on critical infrastructure, and bot-fueled attacks. Additionally, it explores the difference between vulnerability and exploitability, the evolving nature of vulnerabilities, and the importance of vetting charities during hurricane season.

Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains policies for safe use of generative AI. Podcast covers Lazarus Group's crypto theft, BlackCat's ransomware on Azure storage, cyber warfare in Ukraine, and the MGM ransomware incident.

Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring gratification as long as possible" when building your career. He says, "People early in their career, looking at government service, those positions don't, you know, make anybody rich overnight, but they are amazing career cornerstones to build on." He closes sharing the importance of relationships. We thank Karl for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Saïd Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk.Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list – with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents. Even the largest and most technologically advanced companies are not immune.CEOs must formally answer to regulators, shareholders and board members for their organisation’s cybersecurity. Yet the majority (72%) of CEOs we interviewed as part of our research said they were not comfortable making cybersecurity-related decisions.The research and associated article can be found here: Research: The CEO Report on Cyber Resilience Article: Make Cybersecurity a Strategic Asset Learn more about your ad choices. Visit megaphone.fm/adchoices

"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/177Selected reading.Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft)Hackers Backed by Iran Caught in Apparent Global Spy Campaign (The Messenger)BNamericas - Colombia cyberattack hits government, corpor... (BNamericas.com)Colombia's judicial branch thrown offline in major cyber attack (Colombia Reports) Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down (AP News)Casino Operators Caesars and MGM Still Reeling From Cyber Attacks (Kiplinger.com) Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs (CyberScoop) MGM still responding to wide-ranging cyberattack as rumors run rampant (Record)Ransomware in the casinos. (CyberWire)MGM Resorts shuts down some systems. (CyberWire)Manchester police officers’ data stolen following ransomware attack on supplier (Record)Contractor Data Breach Impacts 8k Greater Manchester Police Officers (Hackread) A Second Major British Police Force Suffers a Cyberattack in Less Than a Month (SecurityWeek) Who is behind the latest wave of UK ransomware attacks? (the Guardian)  Learn more about your ad choices. Visit megaphone.fm/adchoices

The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/176Selected reading.Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg) Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal) The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal) Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal) ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread)FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters) MGM Resorts says cyberattack could have material effect on company (NBC News) MGM Resorts cybersecurity breach could cost millions, expert says (KLAS) MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire)macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek) “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence) Unit 42 Attack Surface Threat Report (Palo Alto Networks)The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal)  Learn more about your ad choices. Visit megaphone.fm/adchoices

An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/175Selected reading.Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security) 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec)Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security)Contextualizing Deepfake Threats to Organizations (US Department of Defense) Bipartisan push to ban deceptive AI-generated ads in US elections (Reuters)DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense)New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense)New DOD cyber strategy notes limits of digital deterrence (DefenseScoop)New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense)CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) September 2023 Security Updates (Microsoft Security Response Center) Microsoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA) Zero Day Summer: Microsoft Warns of Fresh New Software Exploits (SecurityWeek)Microsoft Patch Tuesday: Two zero-days addressed in September update (Computing) Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA)Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) (Help Net Security) Adobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs) Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer) Apple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA) SAP Security Patch Day for September 2023 (Onapsis) Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (The Hacker News) Critical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading)Zero-day affecting Chrome, Firefox and Thunderbird patched (Computer)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter. And MGM Resorts are dealing with a “cybersecurity issue.”For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/174Selected reading.Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET) Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News) Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading) Iranian hackers break into networks of more than 30 companies in Israel (ynetnews) “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium)Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer) Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News) Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec)Sales and Purchases of Vulnerability Exploits (Flashpoint)Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade)New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com)After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek)MGM Resorts shuts down some computer systems after cyber attack (Reuters) Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News) MGM Resorts shuts down IT systems after cyberattack (BleepingComputer)MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business) MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News) MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch) FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV) MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg)  Learn more about your ad choices. Visit megaphone.fm/adchoices

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book, “Irreducibly Complex Systems: An Introduction to Continuous Security Testing.” In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/173Selected reading.Ransomware, extortion and the cyber crime ecosystem (NCSC)HijackLoader (Zscaler)New HijackLoader malware is rapidly growing in popularity (Security Affairs)New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (Hacker News)Spyware Telegram mod distributed via Google Play (Secure List)Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (The Hacker News)'Evil Telegram' Android apps on Google Play infected 60K with spyware (BleepingComputer)Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life (Financial Times)Russia warns "all-out war" with US could erupt over worsening cyber clashes (Newsweek)New strategy for global cybersecurity cooperation coming soon: State cyber ambassador (Breaking Defense)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Caroline Wong, Chief Strategy Officer from Cobalt sits down to share her story of her 15+ years in cybersecurity leadership, including practitioner, product, and consulting roles. As well as being a member of our very own Hash Table, Caroline also authored the popular textbook, Security Metrics: A Beginner's Guide and teachers cybersecurity courses on LinkedIn Learning as well as hosts the Humans of InfoSec podcast. Caroline's father pushed her to start her career in engineering, she went to UC Berkeley and got accepted into their Electrical Engineering and Computer Sciences program. As a college student, she was looking for an internship and found eBay, where she says she worked an entry level position available on the information security team, and says the rest is history. She shares that she loves to teach her peers, and how she would like to be remembered for being a good teacher, saying "I think that my favorite part of the work that I get to do is teaching. Um, and in particular, um, being able to communicate about cybersecurity concepts to a wide audience. I have such tremendous gratitude." We thank Caroline for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices