CyberWire Daily

It seems that Fancy Bear may be interested in Log4shell after all. CISA issues Emergency Directive 22-02, which addressed Log4j. Huawei’s reputation as a security risk may be traceable to a 2012 incident in an Australian telco’s networks. Tropic Trooper is back, and interested in transportation. Meta kicks out seven “cyber mercenary” surveillance outfits. PseudoManusrypt looks curiously indiscriminate. Johannes Ullrich from SANS Technology Institute on making the great Chinese firewall work for you. Our guest is Terry Halvorsen from IBM on next-gen cybersecurity efforts to fix the cybersecurity inequity. And the US Commission on International Religious Freedom is reportedly hacked.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/241 Learn more about your ad choices. Visit megaphone.fm/adchoices

Log4Shell is exploited by criminals and intelligence services. Private sector offensive cyber capabilities are on par with nation-states. Noberus ransomware is used in double-extortion attacks. Malek Ben Salem from Accenture looks at cyber twins. Our guest is Tom Kellermann from VMware with reaction to CISA’s Binding Operational Directive. And Squid Game phishbait.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/240 Learn more about your ad choices. Visit megaphone.fm/adchoices

A second vulnerability is found and fixed in Log4j as both criminals and nation-state intelligence services increase their exploitation of Log4shell. Iranian intelligence services have been actively conducting cyberespionage against a range of targets in the Middle East and Asia. Andrea Little Limbago from Interos checks in on supply chain issues. Our guest is Suzy Greenberg from Intel with a look ahead toward the coming year. A quick look back at Patch Tuesday, and, finally, some musing on literacy, orality, and the way you pronounce stuff people tweet about...For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/239 Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on the Log4shell, and how it’s being exploited in the wild. A ransomware attack disrupts a cloud-based business service provider. NSO Group is said to be considering selling off its Pegasus unit. A marketing presentation suggests Huawei has been deeply implicated in providing tools for Chinese repression. Nigeria’s cyber gangs are actng like Murder, Inc. An arrest in Romania, sentences in Germany. Joe Carrigan looks at the language of cyber security. Our guest Brad Hawkins of SaferNet wonders if digital privacy even exists anymore. And news from Mars.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/238 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Log4shell vulnerability is trouble, and its remediation isn’t going to be quick or easy. In India, Prime Minister Modi’s Twitter account was hijacked. Official Brazilian COVID vaccination data bases are stolen and rendered unavailable. Extortionists claim to have taken sensitive, proprietary R&D information from Volvo. Phishing sites appear and vanish in a matter of hours. Rick the Toolman Howard expands his cast of characters. Robert M. Lee from Dragos shines a light on solar storms and risk management. And sentence is passed in a case related to the Kelihos botnet.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/237 Learn more about your ad choices. Visit megaphone.fm/adchoices

Manager in BARR Advisory's Cyber Risk Advisory Practice, Hannah Kenney, shares her journey from never considering technology as a career to having it click in an informations systems class in college. After noticing she was the only one in the room who enjoyed the lecture, Hannah knew she wanted to go down the technology route. In talking about her work, Hannah describes it as creative problem solving. She hopes "people see me as someone who viewed cybersecurity and risk as something that is focused on people first and foremost." We thank Hannah for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Ilya Volovik, Team Lead of Cyber Intelligence at Gemini Advisory, discusses his team's work on "FIN7 Recruits Talent For Push Into Ransomware." The cybercriminal group FIN7 gained notoriety in the mid-2010s for large-scale malware campaigns targeting the point-of-sale (POS) systems. In 2018, Gemini Advisory reported FIN7’s compromise of Saks Fifth Avenue and Lord & Taylor stores and the subsequent sale of over 5 million payment cards on the dark web. According to the US Department of Justice, the broader FIN7 carding campaigns have resulted in the theft of over 20 million payment card records and cost victims over $1 billion, making FIN7 one of the most infamous and prolific cybercriminal groups of the last decade. Now with ransomware proving to be cybercriminals’ preferred high-profit, jackpot venture, FIN7 has redeployed their expertise and capacity towards ransomware, with reports indicating that the group was involved in attempted ransomware attacks on US companies as early as 2020. Furthermore, despite focus from law enforcement and the arrest of four FIN7 members from 2018 to 2020, FIN7’s continued activity shows that the group remains a powerful, active threat.The research can be found here:FIN7 Recruits Talent For Push Into Ransomware Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberespionage in support of Belt and Road, and of Beijing’s claims in the South China Sea. Karakurt ransomware skips the encryption and goes right to the doxing. Black Cat ransomware is rising. Vulnerable MikroTik devices are bot-herders’ favorites. The Log4Shell zero-day is being exploited in the wild, and will be a tough one to remediate. Julian Assange moves closer to extradition. Johannes Ullrich on changing user behavior. Our guest is Oliver Rochford of Securonix on the affordability of good security. And shoulder-surfing as a threat to Snapchat users.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/236 Learn more about your ad choices. Visit megaphone.fm/adchoices

Conti continues, undeterred. Magecart skimmers are infesting WooCommerce instances. Users are finding url redirection attacks difficult to detect. A quick look at the workings of the Hive ransomware gang. Russia blocks Tor. The US Senate holds hearings on social media and adolescent mental health. Dinah Davis from Arctic Wolf on assessing your security posture. Our guest Neal Dennis of Cyware discusses Automation And Unification. And Grinchbots are still prowling for presents. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/235 Learn more about your ad choices. Visit megaphone.fm/adchoices

Amazon resolves its Tuesday outage as observers wonder about cloud risks. A stand-off at the Russo-American summit, but chatter in the dark web suggests that the Russophone underworld is feeling uneasy. A look at the arbitrage process that governs the criminal-to-criminal market. Carole Theriault reads the fine print. Andrea Little Limbago looks at global regulatory regimes. A DeFi platform asks for its stolen money back, and a guy looks for his private key in a physical garbage dump.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/234 Learn more about your ad choices. Visit megaphone.fm/adchoices