CyberWire Daily

Charming Kitten collects against Iranian expatriate dissidents. The Cyber Safety Review Board reports on Lapsus$. A Call for comment on open-source, memory-safe standards. How NSA is coping with the cyber labor market. Yandex is restructuring. The Washington Post’s Tim Starks joins us with the latest cyber security efforts from the DOD. Our guest is Dan L. Dodson, CEO of Fortified Health Security with insights on protecting patient data. And How Viasat was hacked.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/153Selected reading.Germany says Charming Kitten hackers target Iran dissidents (Deutsche Welle)Cyber Safety Review Board Releases Report on Activities of Global Extortion-Focused Hacker Group Lapsus$ (US Department of Homeland Security) Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report (Cybersecurity and Infrastructure Security Agency CISA)Fact Sheet: Office of the National Cyber Director Requests Public Comment on Open-Source Software Security and Memory Safe Programming Languages (ONCD | The White House) Amid historic hiring surge, NSA considers hybrid, unclassified work options (Federal News Network)Exclusive: Fear of tech 'brain drain' prevents Russia from seizing Yandex for now, sources say (Reuters)Yandex co-founder Volozh slams Russia's 'barbaric' invasion of Ukraine (Reuters) Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices

A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity.On this segment of Threat Vector, Kristopher Russo, Senior Threat Researcher for Unit 42, joins host David Moulton to discuss part one of two Muddled Libra.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/152Threat Vector links.Threat Group Assessment: Muddled LibraGuest: Kristopher Russo: From practitioner to researcher Kristopher Russo has spent years entrenched in various specializations of cybersecurity. As a researcher focused on ransomware and cybercrime he brings a from the trenches perspective to cyber threat intelligence.Selected reading.Xurum: New Magento Campaign Discovered (Akamai)Gootloader: Why your Legal Document Search May End in Misery (Trustwave)Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks)New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingComputePanasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED) MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security) Belarus hackers target foreign diplomats with help of local ISPs, researchers say (TechCrunch) Pro-Russian hackers claim attacks on French, Dutch websites (Record) Zhora: Russia's cyber 'war crimes' will outlast invasion (Register)The Power of Resilience (Cybersecurity and Infrastructure Security Agency CISA)Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software (The White House)AIxCC (AIxCC)The Biden administration wants to put AI to the test for cybersecurity (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

Reports of a Wide-ranging cyberespionage campaign by China's Ministry of State Security. EvilProxy phishing tool targets executives, and defeats multifactor authentication. Vulnerabilities in CPUs. Yashma ransomware targets a wide range of countries. MacOS threat trends. Is there a Russian attempt to disrupt British elections? Rob Boyce from Accenture checks in from the Blackhat conference. Maria Varmazis talking with Black Hat Aerospace Village's Kaylin Trychon and Steve Luczynski. Ukraine claims to have stopped a Russian spyware campaign. And Patch Tuesday has come and gone, but the vulnerabilities remain–unless, of course, you’ve applied the patches.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/151Selected reading.Chinese hackers targeted at least 17 countries across Asia, Europe and North America (Record)RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale (Recorded Future)Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk  (CyberScoop) New Inception attack leaks sensitive data from all AMD Zen CPUs (BleepingComputer)New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (The Hacker News) Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware (Record)Black Hat USA 2023 – Bitdefender macOS Threat Report Reveals Key Dangers for Mac Users (Bitdefender) Russia ‘tops list of suspects’ in cyber attack which exposed data of 40m UK voters (The Telegraph)Electoral Commission hack: Five things you need to know (Computing)‘Hostile actors’ hacked British voter registry, electoral agency says (Washington Post)Electoral Commission apologises for security breach involving UK voters’ data (the Guardian) Ukraine says it prevented Russian hacking of armed forces combat system (Reuters) Ukraine says it thwarted attempt to breach military tablets (Record)Russian secret services try to penetrate operation planning electronic system of Ukraine's army (Ukrainska Pravda)Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns (SecurityWeek) Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days (SecurityWeek)Microsoft Releases August 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA)Fortinet Releases Security Update for FortiOS (Cybersecurity and Infrastructure Security Agency CISA)Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Patch Tuesday review: August 2023. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Reports on a 2020 Chinese penetration of Japan's defense networks. MOVEit-connected supply chain issues aren't over. Akamai looks at the current state of ransomware. Mallox ransomware continues its evolution. Machine identities and shadow access. Ukrainian hacktivist auxiliaries hit Russian websites. Joe Carrigan unpacks statistics recently released by CISA. Our guest is Jeffrey Wheatman from Black Kite discussing the market shift from SRS to cyber risk intelligence. And radiation sensor reports from Chernobyl may have been manipulated.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/150Selected reading.China hacked Japan’s sensitive defense networks, officials say (Washington Post) Japan says cannot confirm leakage after report says China hacked defence networks (Reuters)MOVEit hack spawned around 600 breaches but isn't done yet - cyber analysts (Reuters)Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (Dark Reading)TargetCompany Ransomware Abuses FUD Obfuscator Packers (Trend Micro)New IAM Research by Stack Identity Finds Machine Identities Dominate Shadow Access in the Cloud, Revealing Easy Attack Vector for Hackers (Business Wire)Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau (RadioFreeEurope/RadioLiberty)Ukraine-linked group claims it hacked Moscow property registration bureau website – RFE/RL (Euromaidan Press)Pro-Ukrainian hackers breach Moscow engineering service website (New Voice of Ukraine)Ukrainian state agencies targeted with open-source malware MerlinAgent (Record)The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED)  Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korean cyberespionage against a Russian aerospace firm. The Reptile rootkit is used against South Korean systems. An update on Cloudzy. Cl0p is using torrents to move data stolen in MOVEit exploitation. Andrea Little Limbago from Interos wonders about the dangers of jumping head first into new technologies? Rick Howard ponders quantum computing. And Meduza is back on Apple Podcasts.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/149Selected reading.Exclusive: North Korean hackers breached top Russian missile maker (Reuters)North Korean hackers stole secrets of Russian hypersonic missile maker (Euractiv) Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company (SentinelOne)Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News) UPDATE: Cloudzy Command and Control Provider Report (Halcyon)Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News)Clop ransomware now uses torrents to leak data and evade takedowns (BleepingComputer)Ukraine may be winning ‘world’s first cyberwar’ (The Kyiv Independent)Apple has removed Meduza’s flagship news podcast ‘What Happened’ from Apple Podcasts, without explaining the reason (Meduza) Learn more about your ad choices. Visit megaphone.fm/adchoices

Manuel Hepfer a cybersecurity researcher from ISTARI sits down to share his story with us. Manuel shares as a kid he was very interested in STEM, and in school he remembered a programming class that he fell in love which made him want to pursue a career in cyber. Studying at the University of Oxford he began working towards acquiring a degree in Cybersecurity and Strategic Management. He found research to be a passion and wanted to share his passion, he decided he wanted to publish, so Manuel published an article in MIT Sloan management review that's titled "Make Cybersecurity a Strategic Asset." He shares that finding a passion, like he did, is the key to working in cyber, saying "I think what I learned at the time is the value of discipline and self motivation. And now you can always come up with a lot of discipline and self motivation, but you'll run out of steam at some point if you're not very passionate about some of the things that you're doing." We thank Manuel for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence." Researchers have been tracking the North Korean APT group Kimsuky and their attempt at a social engineering campaign targeting experts in North Korean affairs.The research states "The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware." Kimsuky has been tracked engaging in extensive email correspondence using spoofed URLs and extensive email correspondence, along with Office documents weaponized with the ReconShark malware.The research can be found here:Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence Learn more about your ad choices. Visit megaphone.fm/adchoices

The Five Eyes warn against top exploited vulnerabilities. The Rilide info stealer in the wild. Malicious PyPI packages. Valerie Abend, Global Cyber Strategy Lead from Accenture, unpacks the Securities and Exchange Commission’s recently announced cyber regulations. In our Solution spotlight: Our own Simone Patrella speaks with Microsoft’s Ann Johnson on how Microsoft is attracting and retaining top cyber talent. And cyber attacks continue to gutter on both sides of Russia's war against Ukraine.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/148Selected reading.CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 | CISA (Cybersecurity and Infrastructure Security Agency CISA)CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vu (National Security Agency/Central Security Service)New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3 (Trustwave)Tunnel Vision: CloudflareD AbuseD in the WilD (GuidePoint Security) VMConnect: Malicious PyPI packages imitate popular open source modules (ReversingLabs) Bilyana Lilly on how cybersecurity assistance to Ukraine has helped thwart Russian cyberattacks (CyberScoop)Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks (Reuters)Ukraine's invisible battle to jam Russian weapons (BBC News)How Ukraine’s cyberwarriors are upending everyday life in Russia (Times) Learn more about your ad choices. Visit megaphone.fm/adchoices

Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (that’s Russia’s FSB) shakes up its infrastructure. Midnight Blizzard (and that’s Russia’s SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White House’s national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/147Selected reading.No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada)“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… (Medium)Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer)Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing) Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record) Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security) Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware)Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch) NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service)Cisco Firepower Hardening Guide (US National Security Agency) Learn more about your ad choices. Visit megaphone.fm/adchoices

An illicit market in account restoration. Resilience and the cyber workforce. New post-exploitation techniques in Amazon Web Services. Incursions into Norwegian government networks went on for four months. Rob Boyce from Accenture Security describes a “Perfect Storm” in the Dark Web threat landscape. Carole Theriault shares mental health social media warnings for teens. And the Russian legislation seeks to reduce or eliminate online privacy.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/146Selected reading.Amazon employees leak secret info that marketplace sellers can buy on Telegram (CNBC)Cyber Workforce Benchmark Report (Immersive Labs)Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan (Mitiga)Cado Security Labs 2023 Threat Findings Report (Cado Security)Cyberattack on Norway Ministries Lasted at Least Four Months (Bloomberg)CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities (Cybersecurity and Infrastructure Security Agency)Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime (TorrentFreak)Russia Is Returning to Its Totalitarian Past (Foreign Policy) Learn more about your ad choices. Visit megaphone.fm/adchoices