CyberWire Daily

It’s partial mobilization in Russia, and airline flights departing Russia are said to be sold out. Further notes on the IT Army's claimed hack of the Wagner Group. Leveraging Netflix for credential harvesting. Rockstar Games suffers a leak of new Grand Theft Auto footage. Ben Yelin has the latest on regulations targeting crypto. Our guest is Amy Williams from BlueVoyant discussing the value of feminine energy in the male dominated field of cybersecurity. CISA releases eight ICS Advisories.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/182Selected reading.Russia moves toward annexing Ukraine regions in a major escalation (Washington Post)Four occupied Ukraine regions plan imminent ‘votes’ on joining Russia (the Guardian) Putin sets partial military call-up, won’t ‘bluff’ on nukes (AP NEWS)Putin announces partial military mobilization for Russian citizens (Axios)Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group (Vice) Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist (INKY)Leveraging Netflix for credential harvesting. (CyberWire)Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games (Forbes)Rockstar Games suffers leak of new Grand Theft Auto footage. (CyberWire) LastPass source code breach – incident response report released (Naked Security)Notice of Recent Security Incident (The LastPass Blog)The LastPass incident. (CyberWire)Medtronic NGP 600 Series Insulin Pumps (CISA)Hitachi Energy PROMOD IV (CISA) Hitachi Energy AFF660/665 Series (CISA) Dataprobe iBoot-PDU (CISA)Host Engineering Communications Module (CISA)AutomationDirect DirectLOGIC with Ethernet (CISA)AutomationDirect DirectLOGIC with Serial Communication (CISA)MiCODUS MV720 GPS tracker (Update A) (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

An overview of Russian cyber operations. The IT Army of Ukraine claims to have doxed the Wagner Group. Who dunnit? Lapsus$ dunnit. Emily Mossburg from Deloitte and Shelley Zalis of the Female Quotient on why gender equality is essential to the success of the cyber industry. We’ve got a special preview of the International Spy Museum's SpyCast's latest episode with host Andrew Hammond interviewing Robert Gates on the 75th anniversary of the CIA. And a look at the risk of stolen single sign-on credentials.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/181Selected reading.Ukraine's IT Army hacks Russia's Wagner Group (Computing)Untangling the Russian web: Spies, proxies, and spectrums of Russian cyber behavior  (Atlantic Council)Security update | Uber Newsroom (Uber Newsroom)Tentative attribution in the Uber breach. (CyberWire)Uber says Lapsus$-linked hacker responsible for breach (Reuters)Uber blames security breach on Lapsus$, says it bought credentials on the dark web (ZDNET)Uber's breach shows how hackers keep finding a way in (Protocol)Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation (The Record by Recorded Future)Uber data breach spotlights need for enterprises to ‘get the basics right’, say experts (ITP.net)"Keys to the Kingdom" at Risk: Analyzing Exposed SSO Credentials of Public Companies (Bitsight) Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. Grayson Milbourne of OpenText Security Solutions on the arms race for vulnerabilities. Rick Howard continues his exploration of cyber risk. And risky piracy sites–that’s on the Internet, kids, not the high seas.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/180Selected reading.Developments in the case of the Uber breach. (CyberWire)Preliminary lessons from the Uber breach. (CyberWire)Uber says “no evidence” user accounts were compromised in hack (The Verge)Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This (The Hacker News)Uber apparently hacked by teen, employees thought it was a joke (The Verge)Uber hacker claims to have full control of company's cloud-based servers (9to5Mac)The Uber Hack’s Devastation Is Just Starting to Reveal Itself (WIRED) Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known (Ars Technica)Uber hacked by teen who annoyed employee into logging them in - report (Jerusalem Post)18-year-old allegedly hacks Uber and sends employees messages on Slack (Interesting Engineering)Uber Investigating Massive Security Breach by Alleged Teen Hacker (Gizmodo)Uber cyber attack: protecting against social engineering (Information Age)Threat actor breaches many of Uber’s critical systems (Cybersecurity Dive)Uber hacker claims to have full control of company's cloud-based servers (9to5Mac)Uber confirms hack in the the latest access and identity nightmare for corporate America (SC Media)Uber hacked, attacker tears through the company's systems (Help Net Security)Uber confirms it is investigating cybersecurity incident (The Record by Recorded Future)UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you (Naked Security)Emotet and other malware delivery systems. (CyberWire)Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer)AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 (AdvIntel)August’s Top Malware: Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index (Check Point Software)How Belarusian hacktivists are using digital tools to fight back (The Record by Recorded Future)Malvertising on piracy sites. (CyberWire)Unholy Triangle (Digital Citizens' Alliance)Piracy Advertising Researchers Fall Victim to Ransomware Attacks (TorrentFreak) Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sam Crowther, CEO of Kasada join's Dave to discuss their work on "The New Way Fraudsters Bypass Bot Management." Kasada researchers recently discovered a new type of bot called Solver Services, which is used and created by bad actors to bypass the majority of bot management systems.The research states "Now it’s easier than ever for mainstream bot operators to scrape content, take over accounts, hoard inventory, and commit other forms of automated fraud against organizations using legacy bot management solutions." Attackers are able to by these “Solver” bots, APIs, and services for less than $500 per month to make a profit.The research can be found here:The Emergence of Solver Services: The New Way Fraudsters Bypass Bot Management Vendors Learn more about your ad choices. Visit megaphone.fm/adchoices

Uber suffers a data breach. Social media executives testify before Congress. A Large DDoS attack is thwarted in Eastern Europe. The FBI warns of increased cyberattacks against healthcare payment processors. Policy makers consider new OT security incentives. Malek Ben Salem from Accenture on future-proof cloud security. Our guest Diana Kelley from Cybrize discusses the need for innovation and entrepreneurship in cybersecurity. And if you’ve been hoping for a LockerGoga decryptor, you’re in luck.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/179Selected reading.Uber hacked, internal systems breached and vulnerability reports stolen (BleepingComputer) Uber suffers computer system breach, alerts authorities (Washington Post)Uber Investigating Data Breach After Hacker Claims Extensive Compromise (SecurityWeek) Uber Investigating Breach of Its Computer Systems (New York Times)Uber investigating "total compromise" of its internal systems (Computing) There’s No Honor Among Thieves: Carding Forum Staff Defraud Users in an ESCROW Scam (Digital Shadows) Social media hearings highlight lack of trust, transparency in sector (The Record by Recorded Future) Breaking the Boycott (Cybersixgill)Record-Breaking DDoS Attack in Europe (Akamai)Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses (FBI)Siemens Mobility CoreShield OWG Software (CISA)Siemens Simcenter Femap and Parasolid (CISA)Siemens RUGGEDCOM ROS (CISA) Siemens Mendix SAML Module (CISA)Siemens SINEC INS (CISA)Siemens RUGGEDCOM ROS (Update A) (CISA)Simcenter Femap and Parasolid (CISA) Siemens Industrial Products Intel CPUs (Update A) (CISA)Siemens OpenSSL Affected Industrial Products (CISA) Siemens OpenSSL Vulnerability in Industrial Products (Update E) (CISA)Siemens SCALANCE (CISA) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA)Building on our Baseline: Securing Industrial Control Systems Against Cyberattacks (House Committee on Homeland Security) Bitdefender Releases Universal LockerGoga Decryptor in Cooperation with Law Enforcement (Bitdefender Labs) Learn more about your ad choices. Visit megaphone.fm/adchoices

This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. AA22-257A Alert, Technical Details, and MitigationsAA22-257A.stixCISA’s Iran Cyber Threat Overview and AdvisoriesFBI’s Iran Threat webpage.Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious ActivitiesTechnical Approaches to Uncovering and Remediating Malicious ActivityAll organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Nuisance-level DDoS and cyberespionage continue to mark Russia's cyber campaign in the hybrid war. There’s a US Presidential memorandum on software supply chain security. Webworm repurposes older RATs. Trends in cyber insurance claims. OriginLogger may be the new Agent Tesla. The SparklingGoblin APT described. Mathieu Gorge of VigiTrust describes cyber vulnerabilities in the hospitality industry. Dinah Davis from Arctic Wolf explains a PayPal phishing attack. And Royal funeral phishbait.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/178Selected reading.Pro-Russia hackers claim to have temporarily brought down Japanese govt websites (Asia News Network)Gamaredon APT targets Ukrainian government agencies in new campaign (Cisco Talos)Russia-linked Gamaredon APT target Ukraine with a new info-stealer (Security Affairs)Fears grow of Russian spies turning to industrial espionage (The Record by Recorded Future)Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (The White House)Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience (The White House)White House releases post-SolarWinds federal software security requirements (Federal News Network)Webworm: Espionage Attackers Testing and Using Older Modified RATs (Threat Hunter Team Symantec)Coalition Releases 2022 Cyber Claims Report: Mid-year Update (GlobeNewswire News Room)OriginLogger: A Look at Agent Tesla’s Successor (Unit 42) You never walk alone: The SideWalk backdoor gets a Linux variant (WeLiveSecurity)[Scam site harvests credentials] (Proofpoint)Current, former social media execs address national security issues at Senate hearing (Fox Business)Senators Have Stopped Embarrassing Themselves at Tech Hearings (Slate Magazine) Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday notes. The US Senate Judiciary Committee hears from the Twitter whistleblower. Joint warning of IRGC cyber activity. Rob Boyce from Accenture on cybercriminals weaponizing leaked ransomware data. Chris Novak from Verizon describes his participation in the CISA Advisory Board. And Ukraine reiterates confidence in its resiliency.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/177Selected reading.Adobe Patches 63 Security Flaws in Patch Tuesday Bundle (SecurityWeek)Microsoft Releases September 2022 Security Updates (CISA)Microsoft's September Patch Tuesday fixes five critical bugs (Computing)Microsoft Raises Alert for Under-Attack Windows Flaw (SecurityWeek)SAP Security Patch Day September 2022 (Onapsis) Apple Releases Security Updates for Multiple Products (CISA)Apple fixes eighth zero-day used to hack iPhones and Macs this year (BleepingComputer) Apple Will Let You Remove Rapid Security Response Updates in iOS 16 (Mac Rumors)Data Security at Risk: Testimony from a Twitter Whistleblower (United States Senate Committee on the Judiciary)Twitter Employees Have Too Much Access to Data, Whistleblower Says (Wall Street Journal) Twitter whistleblower reveals employees concerned China agent could collect user data (Reuters)Security failures cause ‘real harm to real people’ (Washington Post)Twitter whistleblower testifies to Congress, calls for tech regulation reforms (The Record by Recorded Future)The Search for Dirt on the Twitter Whistle-Blower (The New Yorker)Whistle-Blower Says Twitter ‘Chose to Mislead’ on Security Flaws (New York Times) Twitter whistleblower says site put growth over security (Computing) Written Statement of Peiter (“Mudge”) Zatko United States Senate Judiciary Committee September 13, 2022 (Katz Banks Kumin) What we learned when Twitter whistleblower Mudge testified to Congress (TechCrunch) How China became big business for Twitter (Reuters)Twitter whistleblower exposes limits of FTC’s power (Washington Post)Twitter Whistle-Blower Testimony Spurs Calls for Tech Regulator (Bloomberg)Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations (CISA)Ukraine’s Cyberwar Chief Sounds Like He’s Winning (WIRED) DDoS attacks on financial sector surge during war in Ukraine, new FCA data reveals (PR Newswire) Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, CyberWire Daily Podcast host Dave Bittner sits down with members of the FBI's Baltimore field office: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. As part of the FBI's cybersecurity awareness campaign, they discuss what the FBI can do to enhance and amplify cyber efforts in ways unlike any other public or private organization. This interview from August 30, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices