CyberWire Daily

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestThis segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more. Check out the Threat Vector podcast and follow it on your favorite podcast app. Selected ReadingResearcher uncovers one of the biggest password dumps in recent history (Ars Technica)Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt)Feds warn China-made drones pose risk to US critical infrastructure (SC Media)TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News)Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today)Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD)PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs)Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes)Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News)Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group)Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint)Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network.You can hear more from the T-Minus space daily show here.While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Caveat BriefingA companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday.Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This podcast explores critical updates by Atlassian, warnings about AndroxGh0st malware, a GPU vulnerability affecting major manufacturers, a cybersecurity breach at a Foxconn subsidiary, Australians facing credit card breaches, various hackers and scammers, CISO accountability at ShmooCon, the plummeting of cybersecurity VC funding, and an A+ tutoring session. It also touches on topics like startups' financial challenges, ensuring data availability in cloud computing, and barriers to economic mobility for young adults of color.

This podcast discusses recent security incidents including zero-day exploitation, info-stealers, exposed firewalls, patched vulnerabilities, foiled phishing scams, shut down cryptojacking campaign, and a ransomware attack. It also explores the impacts and risks associated with these vulnerabilities. Additionally, it covers a lawsuit against OpenAI and Microsoft for copyright infringement and the ongoing cyber attack on the Ohio Lottery's systems causing difficulties for winners to claim their prizes.

Clar Rosso, CEO of ISC2, discusses initiatives to bridge the cybersecurity workforce gap, the need for global standards, professionalization and standards in the industry, key takeaways from the latest cybersecurity workforce study, the impact of economic environment on cybersecurity teams, and efforts in educating cyber professionals and business leaders.

Rohit Dhamankar, Fortra's VP of Product Strategy, and Steve Winterfeld, Akamai's Advisory CISO, join Rick Howard to discuss CISO initiatives, including vendor consolidation and attack surface management. They explore the challenges of security orchestration, the shift to cloud-based platforms, and the potential of AI and ML in cybersecurity. The chapter also highlights the complexity of security environments and the importance of culture, vendor selection, and automation in addressing these challenges.

Guest Kathleen Booth, Vice President of Marketing, shares her career path from political science to marketing for a cybersecurity company. She talks about the importance of gaining experience and expressing passion. Kathleen emphasizes the value of helping and mentoring others and making a positive impact in the world.

Ryan Westman, Senior Manager, Threat Intelligence at eSentire's Threat Response Unit (TRU) discusses two Russian-speaking cyber gangs targeting 23 companies using malicious Google ads. They focus on popular business software like Zoom, Slack, and Adobe. The threat actors are part of Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. They target industries like manufacturing, software, legal, retail, and healthcare. This episode analyzes their tactics, malware types, and activities, including delivering ransomware, harvesting credentials, and installing remote access Trojans. The discussion also explores the capabilities and payment models of the cyber gangs, as well as incident response strategies and cybersecurity programs.

Kim Jones, Director of Intuit, discusses the SEC's heightened focus on cybersecurity. Federal hiring practices are being revised to diversify the workforce. Deepfake regulation and the impact on political ads are explored. GitLab patches vulnerabilities, and Bosch thermostats are found to be vulnerable. The sophistication of online child sex abuse vendors is increasing. SISA releases advisories for industrial control systems. The importance of transparency and the NIST cybersecurity framework is emphasized.

David Moulton, host of the Threat Vector podcast, joins to discuss actively exploited vulnerabilities in Ivanti's VPN tool. They also explore the expansion of Threat Vector segments, the importance of diverse expertise in cybersecurity, and an online scam targeting a man in India.