CyberWire Daily

Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue.In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell."The research can be found here:How the Spring4Shell Zero-Day Vulnerability Works Learn more about your ad choices. Visit megaphone.fm/adchoices

Malibot is an info stealer masquerading as a coin miner. "Hermit" spyware is being used by nation-state security services. Fabricated evidence is planted in Indian computers. The US takes down a criminal botnet. The British Home Secretary signs the Assange extradition order. We wind up our series of RSA Conference interviews with David London from the Chertoff group and Hugh Njemanze from Anomali. And putting the Service into service learning.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/117Selected reading.'MaliBot' Android Malware Steals Financial, Personal Information (SecurityWeek)F5 Labs Investigates MaliBot (F5 Labs)Sophisticated Android Spyware 'Hermit' Used by Governments (SecurityWeek)Lookout Uncovers Android Spyware Deployed in Kazakhstan (Lookout)Police Linked to Hacking Campaign to Frame Indian Activists (Wired)U.S., partners dismantle Russian hacking 'botnet,' Justice Dept says (Reuters)Russian Botnet Disrupted in International Cyber Operation (US Attorney's Office, Southern District of California)Julian Assange: Priti Patel signs US extradition order (The Telegraph)AIVD disrupts activities of Russian intelligence officer targeting the International Criminal Court (AIVD)Alleged Russian spy studied at Johns Hopkins, won ICC internship (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol coordinates international enforcement action against scammers. A new version of IceXLoader is observed. Exploiting versioning limits to render files inaccessible. Reflections on the first large-scale hybrid war. Kelly Shortridge from Fastly on why behavioral science and economics matters for InfoSec. Patrick Orzechowski from DeepWatch on Russian IoCs and critical infrastructure. And the possibility of cyber escalation in Russia’s hybrid war against Ukraine.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/116Selected reading.Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams (Interpol)New IceXLoader 3.0 – Developers Warm Up to Nim (Fortinet Blog) Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive (Proofpoint) Russia’s cyber fog in the Ukraine war (GIS Reports)Russia Might Try Reckless Cyber Attacks as Ukraine War Drags On, US Warns (Defense One)Cyber Attacks in Times of Conflict (CyberPeace Institute)Vladimir Putin’s Ukraine invasion is the world’s first full-scale cyberwar (Atlantic Council)Why Russia has refrained from a major cyber-attack against the West (Cyber Security Hub)In modern war, we have as much to fear from cyber weapons as kinetics (Computing) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Hertzbleed side-channel issue affects Intel and AMD processors. An Iranian spearphishing campaign prospected former Israeli officials. Patch Tuesday notes. A look at software bills of materials. Russia routes occupied Ukraine's Internet traffic through Russia. Intercepts in the hybrid war: the odd and the ugly. Deepen Desai from ZScaler joins us with the latest numbers on ransomware. Rob Boyce from Accenture Security looks at cyber invisibility. And, finally, criminal wannabes and criminal publicity stunts.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/115Selected reading.A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys (Ars Technica) Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials (Check Point Research)Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (BleepingComputer) Microsoft Releases June 2022 Security Updates (CISA) Windows Updates Patch Actively Exploited 'Follina' Vulnerability (SecurityWeek) Adobe Plugs 46 Security Flaws on Patch Tuesday (SecurityWeek)Citrix Releases Security Updates for Application Delivery Management (CISA)SAP Releases June 2022 Security Updates (CISA) So long, Internet Explorer. The browser retires today (AP NEWS)SBOM in Action: finding vulnerabilities with a Software Bill of Materials (Google Online Security Blog)Russia Is Taking Over Ukraine’s Internet (Wired)Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy (CyberScoop) Intercepted call: Russian plan to send PoWs out into minefields (The Telegraph) Hacker Advertises ‘Crappy’ Ransomware on Instagram (Vice) LockBit Ransomware Compromise of Mandiant Not Supported by Any Evidence, May Be a PR Move by Cybercrime Gang (CPO Magazine) Learn more about your ad choices. Visit megaphone.fm/adchoices

Dealing with the GRU's exploitation of the Follina vulnerabilities. SeaFlower uses stolen seed phrases to rifle cryptocurrency wallets. Ukraine moves sensitive data abroad. Anonymous claims to have hacked Russia's drone suppliers and to have hit sensitive targets in Belarus. Rick Howard reports on an NSA briefing at the RSA Conference. Our guest is Ricardo Amper from Incode with a look at biometrics in sports stadiums. And the effects of war on the cyber underworld.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/114Selected reading.Follina flaw being exploited by Russian hackers, info stealers (Computing) Chinese Hackers Adding Backdoor to iOS, Android Web3 Wallets in 'SeaFlower' Campaign (SecurityWeek)How SeaFlower...installs backdoors in iOS/Android web3 wallets to steal your seed phrase (Medium) Ukraine Has Begun Moving Sensitive Data Outside Its Borders (Wall Street Journal) Anonymous claims hack on Russian drones (Computing) How the Cybercrime Landscape has been Changed following the Russia-Ukraine War (Kela) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Chinese APT deploys a new cyberespionage tool. Hacktivism roils India after a politician's remarks about the Prophet. Ukraine reports a "massive" spam campaign against the country's media organizations. A Russian court fines Wikimedia for "disinformation." From the NSA’s Cybersecurity Collaboration Center our guests are Morgan Adamski and Josh Zaritsky. Rick Howard sets the cyber sand table on Colonial Pipeline. And the Martians haven’t landed, and the Right Honorable Mr. Johnson is still PM.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/113Selected reading.CERT-UA warns of cyberattack on Ukrainian media (Interfax-Ukraine)Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer)Massive cyber attack on media organizations of Ukraine using the malicious program CrescentImp (CERT-UA # 4797) (CERT-UA)Wikimedia Foundation appeals Russian fine over Ukraine war articles (The Verge)GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (Unit42)Prophet remark: Slew of cyber attacks on Indian govt, private sites (The Times of India)70 Indian government, private websites face international cyber attacks over Prophet row (The Times of India)Channel 4 faces Ofcom probe over ’emergency news’ stunt to promote cyber attack drama The Undeclared War (INews) Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs have been monitoring malware repositories as a part of their proactive threat hunting process. Danny shares how researchers discovered a series of suspicious ELF files compiled for Debian Linux .The research states how the team identified a series of samples that target the WSL environment, were uploaded every two to three weeks and that they started as early as May 3, 2021 and go until August 22, 20221.The research can be found here: Windows Subsystem For Linux (WSL): Threats Still Lurk Below The (Sub)Surface No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed As Stealth Windows Loaders Learn more about your ad choices. Visit megaphone.fm/adchoices

Looking at Russia's hybrid war as a cautionary example. Russia warns, again, that it will meet cyberattacks with appropriate retaliation. (China says "us too.") NSA and FBI warn of nation-state cyber threats. SentinelOne finds a Chinese APT that's been operating, quietly, for a decade. "Unpatchable" vulnerability in Apple chips reported. We’ve got more interviews from RSA Conference, including the FBI’s Cyber Section Chief David Ring, ExtraHop’s CEO, Patrick Dennis. And the overhead projector said, “Go Tigers.”For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/112Selected reading.Top Senate Democrats sound the alarm about Russian interference in the 2022 midterms (Business Insider) Russia says West risks ‘direct military clash’ over cyberattacks (NBC News)Russia, China, oppose US cyber support of Ukraine (Register) #RSAC: NSA Outlines Threats from Russia, China and Ransomware (Infosecurity Magazine) FBI official: Chinese hackers boost recon efforts (The Record by Recorded Future) Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years (SentinelOne) MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips (TechCrunch)New Jersey school district forced to cancel final exams amid ransomware recovery effort (The Record by Recorded Future) Learn more about your ad choices. Visit megaphone.fm/adchoices