CyberWire Daily N2K Networks

This week, we are joined by Ted Wagner, Chief Information Security Officer at SAP National Security Services, or SAP NS2. Ted sits down to share his story on how he got introduced into the industry and why he chose this as a career path. He went straight into the Armyas a second lieutenant in the artillery field after high school, which after his time was up he decided to move on and started working for a company that allowed him to do a management training program. After that he found himself working on IT projects which got him interested in the field. Ted shares that one thing that has helped him throughout his career is teaching about very technical terms and turning it into more operational or business like terms for his students at MIT. He shares that people getting into this field should get as much hands on experience as they can, saying "I think those are all things that can really help someone who may not have all the experience, but this is a pathway to, to learn." We thank Ted for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors.
Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information.
This research article was not published by Cisco Talos' team.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/187

Selected reading.
Malicious ad served inside Bing's AI chatbot (Malwarebytes)
Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress) 
Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media) 
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica) 
Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security) 
Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica)
CL0P Seeds ^_- Gotta Catch Em All! (Unit 42) 
A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post) 
2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense)
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense)
NSA starts AI security center with eye on China and Russia (Fortune) 
NSA is creating a hub for AI security, Nakasone says (Record)
Learn more about your ad choices. Visit megaphone.fm/adchoices

The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/186

Selected reading.
Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs)
Johnson Controls reports data breach after severe ransomware attack (BeyondMachines) 
Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board) 
Split privacy board urges big changes to Section 702 surveillance law (Washington Post)
Democrats fear cyberattacks as government shutdown looms (Nextgov.com) 
Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) 
Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters) 
Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information)
Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews)
Learn more about your ad choices. Visit megaphone.fm/adchoices

A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/185

Selected reading.
CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency) 
Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB)
Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs)
Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer) 
Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web) 
Suspicious New Ransomware Group Claims Sony Hack (Dark Reading) 
Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer) 
Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek) 
Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric)
The High Stakes of Innovation: Attack Trends in Financial Services (Akamai)
FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission) 
Ukraine: Russian hackers infiltrating software supply chains (Computing)
Russian hacking operations target Ukrainian law enforcement (CyberScoop) 
Ukraine accuses Russian spies of hacking law enforcement (Register) 
Russian hackers target Ukrainian government systems involved in war crimes investigations (Record) 
Ukraine Cyber Defenders Prepare for Winter (Bank Info Security) 
Learn more about your ad choices. Visit megaphone.fm/adchoices

An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/184

Selected reading.
Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense) 
ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint) 
More MOVEit-related data breaches are disclosed. (CyberWire)
Mixin Network suspends deposits and withdrawals. (CyberWire)
OpenSea NFT market warns of third-party risk to its API. (CyberWire)
Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix) 
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News) 
British Army general says UK now conducting ‘hunt forward’ operations (Record)
Learn more about your ad choices. Visit megaphone.fm/adchoices