CyberWire Daily

GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last week’s cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students. Our guests are Max Shuftan & Monisha Bush from the SANS Institute, on the reopening of their HBCU Cyber Academy application window. And is Bing channeling Tay?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/34Selected reading.GoDaddy Inc. - Statement on recent website redirect issues (GoDaddy)GoDaddy: Hackers stole source code, installed malware in multi-year breach (Bleeping Computer)GoDaddy SEC Filing (SEC)An update on two-factor authentication using SMS on Twitter(Twitter)Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (The Hacker News)SMS-Based 2FA Will Be Limited to Twitter Blue Users (HackRead)Twitter will limit uses of SMS 2-factor authentication. What does this mean for users? (NPR)Twitter's Two-Factor Authentication Change 'Doesn't Make Sense' (WIRED)Twitter Shuts Off Text-Based 2FA for Non-Subscribers (SecurityWeek)Official: Twitter will now charge for SMS two-factor authentication (The Verge)German airport websites downed by DDoS attacks (Register)German airports hit by DDoS attack, ‘Anonymous Russia’ claims responsibility (The Record from Recorded Future)Russian phishing attacks flooded Ukraine, tripled against NATO nations in 2022: Report (Breaking Defense)Civilian hackers could become military targets, Red Cross warns (The Record from Recorded Future News)I helped create a 'cyber army' to help Ukraine defeat Russia. We can't fight with guns, but we can fight with our laptops. (Business Insider)How Uncle Sam enlisted Big Tech to thwart Russia from launching catastrophic cyberwar (The Washington Times)Big Tech Descends on Munich Conference in Support of Ukraine (Bloomberg)Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal)Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record by Recorded Future)How should AI systems behave, and who should decide? (OpenAI)Why Bing Is Being Creepy (Intelligencer)Microsoft's new chatbot is a liar. And it says it's ready to call the cops. (Mother Jones)After AI chatbot goes a bit loopy, Microsoft tightens its leash (Washington Post).My Week of Being Gaslit and Lied to by the New Bin (Information) Learn more about your ad choices. Visit megaphone.fm/adchoices

Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. They discussed the Navy’s cybersecurity advances and how they have implemented them.Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020 where they protect, detect, and respond to global cyber threats against Navy networks.Captain J. Steve Correia is the Commanding Officer of Naval Network Warfare Command and the Commander of Task Force 1010 under the U.S. Navy’s Fleet Cyber Command where they execute tactical-level command and control to direct, operate, maintain and secure Navy communication and network systems. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rachel Tobac, CEO from SocialProof Security sits down to share her amazing story on becoming what's known in the industry as an ethical hacker and CEO of a company. Rachel shares how she was always fascinated with spy movies and as she grew older that fascination turned into a real desire. Finding out she liked learning how the human brain works, she decided to start off in neuroscience. Wanting a change and with the help of her husband she was able to start getting more into hacking, finding she loved the fact that she was pretending to be someone to hack into a company and finding the weak spots. She shares how as a leader now she likes to be authentic with her team. She says "I think in the security world sometimes we take ourselves pretty seriously and a lot of times it's because we're dealing with really serious topics, and so in the moment we have to be extremely serious, but when you get a five minute break in between your crisis meetings, find a way to laugh if you can." We thank Rachel for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilience.Wendy talks through some of the key findings based off of the report, and after surveying 4,751 active information security and privacy professionals from 26 countries, we find out some of the top priorities to achieving security resilience. From there the research goes on to explain from the findings which data-backed practices lead to the outcomes that can be implemented in cybersecurity strategies.The research can be found here: Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report Achieving Security Resilience Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/33Selected reading.Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN)Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software)ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec) Attacks with novel Havoc post-exploitation framework identified (SC Media)Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer) German airport websites down in possible hacker attack (Deutsche Welle) The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute)U.S. launches 'disruptive technology' strike force to target national security threats (Reuters)Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal)ICS-CERT Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen. Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist. And Grand Theft Auto is now also a TikTok challenge. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/32Selected reading.RedEyes hackers use new malware to steal data from Windows, phones (BleepingComputer) Multilingual Executive Impersonation Attacks (Abnormal Intelligence) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group)Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals (Flashpoint) Hyundai, Kia patch bug allowing car thefts with a USB cable (BleepingComputer) Hyundai and Kia Launch Service Campaign to Prevent Theft of Millions of Vehicles Targeted by Social Media Challenge (NHTSA) Learn more about your ad choices. Visit megaphone.fm/adchoices

SideWinder is an APT with possible origins in India. MortalKombat ransomware debuts. The GoAnywhere zero day was exploited in a data breach. Belarusian Cyber-Partisans release Russian data. Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. Our guest is Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape. And notes on Patch Tuesday.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/31Selected reading.Molted skin: APT SideWinder 2021 campaign that targeted over 60 companies in the Asia-Pacific (Group-IB)New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign (Cisco Talos Blog)Tonga is the latest Pacific Island nation hit with ransomware (The Record from Recorded Future News) LockBit demanded £66mn from Royal Mail (Computing) City of Oakland declares state of emergency after ransomware attack (BleepingComputer) City of Oakland Targeted by Ransomware Attack, Work Continues to Secure and Restore Services Safely (City of Oakland)Huge data dump from Russia’s censorship agency posted online (Cybersecurity Connect)Russian system to scan internet for undesired content and dissent (Reuters)Patch Tuesday: Three zero-days and nine 'Critical' RCE flaws fixed (Computing) Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws (BleepingComputer)Apple Releases Security Updates for Multiple Products (CISA) SAP Security Patch Day for February 2023 (Onapsis) Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops (CISA)Adobe Releases Security Updates for Multiple Products (CISA)The first national cyber director's last day is today (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And it’s Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/30Selected reading.Has a Sanctioned Bitcoin Mixer Been Resurrected to Aid North Korea’s Lazarus Group? (Elliptic Connect)Nice Try Tonto Team (Group-IB)Hackers attack Israel’s Technion University, demand over $1.7 million in ransom (ARN)Israel's top tech university postpones exams after ransomware attack (The Record from Recorded Future News)Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on Nato (The Independent) Killnet DDoS attacks disrupt Nato websites (ComputerWeekly.com)Russian Hackers Disrupt NATO Earthquake Relief Operations (Dark Reading)What Happened to #OpRussia? (Dark Reading)Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (POLITICO)2022 ICS/OT Cybersecurity Year in Review Executive Summary (Dragos)What’s love got to do with it? 4 in 5 Valentine’s Day-themed spam emails are scams, Bitdefender Antispam Lab warns (Hot for Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can you name and shame the shameless?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/29Selected reading.CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks (SecurityWeek) Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (BleepingComputer) Fool’s Gold: dissecting a fake gold market pig-butchering scam (Sophos)Iranian State TV Hacked During President's Speech on Revolution Day (HackRead) Russian hackers disrupt Turkey-Syria earthquake relief (The Telegraph)Hacking marketplace emerges from Killnet partnership, seeks pro-Russia donations (SC Media)Russian Government evaluates the immunity to hackers acting in the interests of Russia (Security Affairs)Russia’s Ransomware Gangs Are Being Named and Shamed (WIRED) Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaden Dicks, a new intern at CyberVista, a company that merged with CyberWire to become N2K Networks, shares his story as a young man growing up trying to get into the cyber community. From a very young age, Jaden hoped to become part of the cybersecurity field, He recalls growing up constantly being surrounded by technology, and now with the help of Urban Alliance, Jaden was able to secure this internship with CyberVista. Urban Alliance is a nonprofit that connects young adults with paid work experiences, such as internships to help them bridge the gaps between education and the workforce. Jaden hopes that this internship will help him further advance his career and help him to pursue his goals of working in cyber. He also shares advice to younger people like him who are looking to branch out and start working toward your goals, even as a teenager, and what has helped him to find his rhythm. We thank Jaden for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices