CyberWire Daily

CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way...

"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And it’s Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams...

SideWinder is an APT with possible origins in India. MortalKombat ransomware debuts. The GoAnywhere zero day was exploited in a data breach. Belarusian Cyber-Partisans release Russian data. Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. Our guest is Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape. And notes on Patch Tuesday...

North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen. Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist...

The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events...

GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last week’s cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students...

CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast...

Cyberattacks in Russia's war so far, and their future prospects. The Lazarus Group may be employing a new backdoor. Clasiopa targets materials research organizations. Ransomware interferes with food production. Evernote is used in a BEC campaign to bypass security filters. Identity-based cyberattacks. Pirated versions of Final Cut Pro deliver cryptominers. Caleb Barlow has thoughts on Twitter, Mudge, and lessons learned...

CISA advises increased vigilance on the first anniversary of Russia's war. CERT-UA reports current Russian cyberattacks were prepared in December 2021. How the war has changed the cyber underworld. Air raid alerts sound in nine Russian cities; Russia blames hacking. Our space correspondent Maria Varmazis speaks with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US. Kathleen Smith of ClearedJobs...

Social engineering with generative AI. Mylobot and BHProxies. PureCrypter is deployed against government organizations and staged through Discord. Dish Network reports disruption. Third-party app and software as a service risk. Further assessments of the cyber phase of Russia's war so far, with warnings to stay alert. Are tough times coming in gangland? Comments on NIST's revisions to its Cybersecurity Framework are due this Friday. AJ Nash from ZeroFox on Mis/Dis/and Malinformation...