CyberWire Daily

A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/12Selected reading.Friday the 13th on the Dark Web: $150 Million Russian Drug Market Solaris Hacked by Rival Market Kraken (Elliptic Connect) Russia-linked drug marketplace Solaris hacked by its rival (The Record from Recorded Future News) Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency (the Guardian)Ukraine: Russians Aim to Destroy Information Infrastructure (Gov Info Security) Ukraine says Russia is coordinating missile strikes, cyberattacks and information operations (The Record by Recorded Future)ICS Vulnerabilities and CVEs: Second Half of 2022 (SynSaber)Abusing a GitHub Codespaces Feature For Malware Delivery (Trend Micro)The Blank Image Attack (Avanan)Phishing Attacks Pose as Updated 2023 HR Policy Announcements (Abnormal Security)Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns (Bitdefender) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/11Selected reading.Bolster Your Company Defenses With Zero Trust Edge (iBoss)CISA Adds One Known Exploited Vulnerability to Catalog (CISA)GE Digital Proficy Historian (CISA)Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) Siemens SINEC INS (CISA)Contec CONPROSYS HMI System (CHS) Update A (CISA)Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape (Nozomi Networks)A look at IoT/ICS threats. (CyberWire)DNV's fleet management software recovering from ransomware attack. (CyberWire)DNV says up to 1,000 ships affected by ransomware attack (Computing)Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News)Chinese Playful Taurus Activity in Iran (Unit 42)Playful Taurus: a Chinese APT active against Iran. (CyberWire)Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios)Russia's Ukraine War Drives 62% Slump in Stolen Cards (Infosecurity Magazine)Annual Payment Fraud Intelligence Report: 2022 (Recorded Future) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO group’s attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsoft’s Chris Young about the importance of the security ecosystem. And Ukraine calls for a "digital United Nations."For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/10Selected reading.Cloud 9: Top Cloud Penetration Testing Tools (Bishop Fox)Our Top Favorite Fuzzer crowdsourcing pen testing tools (Bishop Fox)DHL Phishing Attack. Simply Delivered. (ArmorBlox) Credential phishing campaign impersonates DHL. (CyberWire)Phishing scam invites Russian Telegram users to check ‘conscription lists’ to see if they’ll be drafted in February (Meduza)NortonLifeLock warns that hackers breached Password Manager accounts (BleepingComputer)Norton LifeLock says thousands of customer accounts breached (TechCrunch).NortonLifeLock notifies thousands of users about compromised Password Manager accounts (Computing) Data Protection Trends Report 2023 (Veeam)Trends in data protection. (CyberWire)How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services (Orca Security)Orca describes four Azure vulnerabilities. (CyberWire)State Of Software Security (Veracode) A look at the state of software security. (CyberWire)Ukraine calls for ‘Cyber United Nations’ amid Russian attacks (POLITICO)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Gene Fay, CEO of ThreatX sits down to share his experience rising through the ranks to get to where he is today. He shares how even at a young age he wanted to work in an office and become a businessman, though at the time he did not understand what that entailed. After college he acquired a job that was revolutionizing video editing for post-production studios as well as TV stations, where he started to really learn about technology. Gene talks about leading from the front and how a good leader will always do so, even if he has to lead from two different fronts. He said "it's kind of the two fronts, sometimes you've gotta put on the leadership face, and believe it, that, that you can get, and we can get through any situation, cuz sometimes you're, your gut feelings are, might be wrong and, or it's a moment in time and if you can help the team grind through that situation, it does get better." We thank Gene for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mohammad Kazem Hassan Nejad from WithSecure joins Dave to discuss the team’s research, “DUCKTAIL returns - Underneath the ruffled feathers.” DUCKTAIL is a financially motivated malware operation that targets individuals and businesses operating on the Facebook Ads and Business platform.The research states “The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account.” WithSecure has found that after a short hiatus, DUCKTAIL has returned with slight changes in their mode of operation.The research can be found here:DUCKTAIL returns: Underneath the ruffled feathers Learn more about your ad choices. Visit megaphone.fm/adchoices

GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/9Selected reading. Impact of Technology in 2023 and Beyond (IEEE)Ukraine at D+323: Fighting in Soledar, and industrial mobilization. (CyberWire)GitHub disables pro-Russian hacktivist DDoS pages (CyberScoop)Russia criticises Reuters story on Russian hackers targeting U.S. nuclear scientists (Reuters)Royal Mail cyber incident now identified as ransomware attack. (CyberWire)Not a cyberattack, but an IT failure. (CyberWire)The Guardian breach and news media as targets. (CyberWire)Citrix vulnerability exploited by ransomware group. (CyberWire)2022 Year In Review (CISA)Russia’s largest hacking conference reflects isolated cyber ecosystem (Brookings) Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market. And HR phishbait dangles raises, and some employees bite.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/8Selected reading.EyeSpy - Iranian Spyware Delivered in VPN Installers (Bitdefender Labs)Phishing on the Static Expressway. (CyberWire)NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO (SentinelOne) Not a cyberattack, but an IT failure. (CyberWire)FAA NOTAM Statement (FAA)Canadian Pilot-Alert System Reports Outage Hours After U.S. Grounding Order (Wall Street Journal)US air travel resumes but thousands of flights delayed after planes grounded - live updates (The Telegraph) US Flights Latest: Departures Resume After FAA Lifts Ground Stop (Bloomberg)Royal Mail suffers ‘severe service disruption’ after cyber incident (Glasgow Times)Royal Mail issues major disruption warning after 'cyber incident' (Computing) Parcels and letters stuck in limbo as Royal Mail is hit by a suspected hack (The Telegraph) Cyber Incident Hits UK Postal Service, Halts Overseas Mail (SecurityWeek) Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post’s Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokémon NFTs.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/7Selected reading.The Daily 202 (Latest Cybersecurity 202)Microsoft Releases January 2023 Security Updates (CISA) >Adobe Releases Security Updates for Multiple Products (CISA) Black Box KVM (CISA)Delta Electronics InfraSuite Device Master (CISA)Known Exploited Vulnerabilities Catalog (CISA)Dark Pink (Group-IB)New Dark Pink APT group targets govt and military with custom malware (BleepingComputer)Kinsing cryptojacking. (CyberWire)Ukraine at D+321: "Difficult in places." (CyberWire)Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media) Ransomware attack against SickKids said to be unusual. (CyberWire)Health3PT seeks a uniform approach to healthcare supply chain issues. (CyberWire)Breaking the glass ceiling: My journey to close the leadership gap. (CyberWire, Creating Connections)Pokémon NFTs used as malware vectors. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

A look back at ransomware in 2022. Lessons from Russia's war: crooks, hacktivists, and auxiliaries. Cyberattacks as war crimes. The state of SSE adoption. RSA Conference 2023 opens applications for the Launch Pad and the Innovation Sandbox. Joe Carrigan looks at online scams targeting military members. Our guest is Richard Caralli from Axio on the State of Ransomware Preparedness. And the most common known exploited vulnerabilities affecting the financial sector.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/6Selected reading.Ransomware trends: 2022. (CyberWire)State of Ransomware Preparedness Research Study: 2022 (Axio)Kyiv argues Russian cyberattacks could be war crimes (POLITICO)Ukraine official says Russian cyberattacks on its energy network could equate to war crimes (Yahoo)Ukraine war and geopolitics fuelling cybersecurity attacks - EU agency (EU Reporter)Industry-first research from Axis Security finds 65% percent of organizations plan to adopt a Security Service Edge platform within next two years (Axis Security)RSAC Launch Pad is Back! (RSA Conference 2023)The Best in Innovation Programs Starts Here (RSA Conference 2023)Top KEVs in the U.S. Financial Services Sector (LookingGlass) Learn more about your ad choices. Visit megaphone.fm/adchoices

Telegram impersonation affects a cryptocurrency firm. Phishing with Facebook termination notices. Russian phishing continues to target Moldova. The IEEE on the impact of technology in 2023. Glass ceilings in tech leadership. Seattle Schools sue social media platforms. Malek Ben Salem from Accenture explains coding models. Our guest is Julie Smith, identity security leader and executive director at IDSA, with insights on identity and security strategies. And dealing with the implications of ChatGPT. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/5Selected reading.Impact of Technology in 2023 and Beyond (IEEE)Telegram insider server access offered to Dark Web customers (SafetyDetectives)Moldovaʼs government hit by flood of phishing attacks (The Record from Recorded Future News) OPWNAI : Cybercriminals Starting to Use ChatGPT (Check Point Research)Hackers exploiting ChatGPT to write malicious codes to steal your data (Business Standard)Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots (Forbes) Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (HackRead)Cybercriminals are already using ChatGPT to own you (SC Media)Threat Report: Impersonation Detected in Telegram Chats to Deliver Malware (Safeguard Cyber) Seattle schools sue tech giants over social media harm (ABC News) Seattle Public Schools sues TikTok, YouTube, Instagram and others, seeking compensation for youth mental health crisis (GeekWire)Ghost Writer: Microsoft Looks to Add OpenAI’s Chatbot Technology to Word, Email (The Information)Microsoft plans to use ChatGPT in Bing. Here's why it could be a threat to Google. (Freethink) ChatGPT Hits Ethical Roadblock; Blocked (Analytics India Magazine)A College Kid Built an App That Sniffs Out Text Penned by AI (The Daily Beast) A Princeton student built an app which can detect if ChatGPT wrote an essay to combat AI-based plagiarism (Business Insider) Learn more about your ad choices. Visit megaphone.fm/adchoices