CyberWire Daily

Citizen Lab finds, and Apple patches, a zero-day used for zero-click installation of Pegasus spyware. A Cobalt Strike beacon has been turned to cyberespionage use against Linux targets. The Russian government could, it seems, take action against cybercrime, but its will-to-enforcement seems to be inconsistent. Ben Yelin from UMD CHHS with more on Apple's CSAM controversy, our guest is Mel Shakir from Dreamit Ventures on selling to CISOs, and their customer sprints. REvil makes nice with grumpy affiliates. And criminals’ commitment to the common good seems weak. That’s not a surprise, is it?For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/177 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Meris botnet continues to disrupt New Zealand banks, and has turned up elsewhere, too. Mustang Panda compromised Indonesian government networks. North Korean operators are using social media to soften up their prospective targets. Al Qaeda sympathizers marked the twentieth anniversary of 9/11 by calling for--what else?--more 9/11s. Malek Ben Salem from Accenture on deep unlearning, our own Rick Howard is in, talking about the latest episode of CSO Perspectives on adversary playbooks, and REvil seems to be back in business after taking what some of its hoods call “a break.”For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/176 Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math. Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathematically intuitive people that he's met are people that also have a creative outlet and a lot of times it's music. Adding a business aspect to his technical work, Joe came to his current position. He recommends going deep into your preferred subject and hopes that it helps you to become something different because of all you put into the work. We thank Joe for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Jon Hencinski from Expel joins Dave Bittner to discuss his team's recent work on "Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via Drive-By Download Disguised as Google Chrome Update."In July, 2021, Expel's SOC stopped a ransomware attack at a large software and staffing company. The attackers compromised the company’s WordPress CMS and used the SocGholish framework to trigger a drive-by download of a Remote Access Tool (RAT) disguised as a Google Chrome update.In total, four hosts downloaded a malicious Zipped JScript file that was configured to deploy a RAT, but we were able to stop the attack before ransomware deployment and help the organization remediate its WordPress CMS. Jons walk us through what happened, how they caught it, and provide recommendations on how to secure your WordPress CMS. The research can be found here:Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via Drive-By Download Disguised as Google Chrome Update Learn more about your ad choices. Visit megaphone.fm/adchoices

The SEC’s inquiry into the SolarWinds incident may expose other, unrelated data breaches. Researchers identify an IoT botnet, Meris, as responsible for DDoS attacks against a number of banks. German prosecutors have opened an investigation into the GhostWriter campaign. Researchers look at the cozy, implausibly deniable relationship between Russia’s security services and cyber gangs. A money-launderer gets eleven years. David Dufour from Webroot has straight talk about paying the ransom. Our guest is Jeff Williams from Contrast Security with a look at AppSec Observability. Congratulations to the SINET 16 winners. And we remember 9/11: has it already been twenty years?For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/175 Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack is reported at the UN, with agency data apparently lost to parties and parts unknown. The Bears are quieter, but the privateers are up and at ‘em. DDoS hits Yandex. Cyberespionage using the SideWalk backdoor. TeamTNT is getting tougher to detect. A SWOT analysis of the newly reconstituted AlphaBay contraband market. The Groove Gang is a new age criminal affiliate program. Caleb Barlow describes attackers leveraging US and European infrastructure to hide in plain sight. Our guest is Brad Thies of BARR Advisory on what the next 5 years may have in store for cloud security. And irritate your online chums for just 50 bucks a pop.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/174 Learn more about your ad choices. Visit megaphone.fm/adchoices

BladeHawk cyberespionage campaign in progress. Microsoft warns of targeted attacks in progress. Hey--the hoods took a breather over Labor Day, but the straw hats are off now, and they’re back at work. Someone is rummaging in REvil’s unquiet grave. Bulletproof hosting services and the criminal marketplace. Mike Benjamin from Black Lotus Labs on ReverseRAT 2.0. Rick Howard checks in with Philip Reiner from the Ransomware Taskforce. And does a New Urgent Message Require Action? Maybe not.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/173 Learn more about your ad choices. Visit megaphone.fm/adchoices

No spectacular flurry of Labor Day ransomware, but Ragnar Locker threatens its victims. Berlin complains to Moscow about GhostWriter. Another Pegasus customer is disclosed. The Taliban is searching for data on potential domestic opponents. France-Visas hacked. Modified apps in circulation. Joe Carrigan unpacks a Covid based phishing scam. Carole Theriault weighs in on the ransomware pay-or-do-not-pay discussion. ProtonMail answers a warrant, Apple delays CSAM screening, and an alleged TrickBot coder is arrested.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/172 Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way to combine her cybersecurity expertise with the passion to impact critical industries like the medical industry. Natali recommends that those entering the field get some hands-on experience and use your unique strengths to find a way to make the world a better place. We thank Natali for sharing her story.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Ben Seri, Armis' VP of Research, joins Dave to talk about a set of remote code execution (RCE) vulnerabilities in the pneumatic tube system of Swisslog. Nine vulnerabilities in critical infrastructure used by 80% of major hospitals in North America.Swisslog’s Translogic Pneumatic Tube System (PTS), a solution that plays a crucial role in patient care, found vulnerable to devastating attack. Dubbed PwnedPiper, the vulnerabilities allow for complete take over of the Translogic Nexus Control Panel, which powers all current models of Translogic PTS stations. Older IP-connected Translogic stations are also impacted, but are no longer supported by Swisslog.The research can be found here:PwnedPiper Learn more about your ad choices. Visit megaphone.fm/adchoices