CyberWire Daily

The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs) Johnson Controls reports data breach after severe ransomware attack (BeyondMachines)  Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board)  Split privacy board urges big changes to Section 702 surveillance law (Washington Post) Democrats fear cyberattacks as government shutdown looms (Nextgov.com)  Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)  Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters)  Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information) Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency)  Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer)  Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web)  Suspicious New Ransomware Group Claims Sony Hack (Dark Reading)  Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer)  Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek)  Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission)  Ukraine: Russian hackers infiltrating software supply chains (Computing) Russian hacking operations target Ukrainian law enforcement (CyberScoop)  Ukraine accuses Russian spies of hacking law enforcement (Register)  Russian hackers target Ukrainian government systems involved in war crimes investigations (Record)  Ukraine Cyber Defenders Prepare for Winter (Bank Info Security)  Learn more about your ad choices. Visit megaphone.fm/adchoices

An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense)  ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint)  More MOVEit-related data breaches are disclosed. (CyberWire) Mixin Network suspends deposits and withdrawals. (CyberWire) OpenSea NFT market warns of third-party risk to its API. (CyberWire) Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix)  Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News)  British Army general says UK now conducting ‘hunt forward’ operations (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity)  From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon)  New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer)  Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News)  0-days exploited by commercial surveillance vendor in Egypt (Google). PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab)  New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News)  Egyptian presidential hopeful targeted by Predator spyware (Washington Post) Russian news outlet in Latvia believes European state behind phone hack (the Guardian)  Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters). Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (Ukrinform). Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent)  NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading)  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your ad choices. Visit megaphone.fm/adchoices

This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS’ largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served as Lead Cyber Advisor to the Federal Communications Commission. Merritt shares some amazing advice for up and comers into the field, saying "my personal philosophy is that no one has to go down for you to go up. I'm always encouraging my colleagues, um, and other executives to be thinking about how we can, you know, steal, sharpen, steal, how we can be good for each other, how we can collaborate, how we can, um, create more strengths in one another." We thank Merritt for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server.  The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad choices. Visit megaphone.fm/adchoices

A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer)  Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2K’s Simone Petrella sits down with Chris Krebs at the mWise conference. In today’s Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Unit 42. And MGM Resorts says it’s well on the way to recovery. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/181 Threat Vector links. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected reading. #StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) 2023 .Phishing Trends (ZeroFox) Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire)  2023 Cyber Claims Report: Mid-year Update (Coalition)  Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone (Comparitech) Canada blames border checkpoint outages on cyberattack (Record) Cyberattack hits International Criminal Court (SC Media) International Criminal Court hacked amid Russia probe (Register) International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) Our hotels and casinos are operating normally. (FAQ - MGM Resorts) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News - 09-20-2023) Learn more about your ad choices. Visit megaphone.fm/adchoices

The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks (and related social engineering capers). In our Learning Layer segment, Sam Meisenberg drops into a CISSP tutoring session and offers some test-taking tips. Our guest is Aaron Brazelton, Dean of Admissions and Advancement at the Alabama School of Cyber Technology and Engineering. And the Clorox incident shows how one company navigates unfamiliar new SEC rules. Join Sam Meisenberg as he drops into a CISSP tutoring session talking about the difference between due diligence and due care along with some test-taking tips. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/180 Learning Layer. Learning about the CISSP certification from (ISC)² Selected reading. War crimes tribunal ICC says it has been hacked (Reuters) International Criminal Court says cybersecurity incident affected its information systems last week (AP News)  Hackers breached International Criminal Court’s systems last week (BleepingComputer) New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint)  Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack)  MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post)  Caesars reports cyberattack but did not go offline (Top Class Actions)  What Las Vegas tourists need to know about casino hacks (Washington Post)  MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (Dark Reading) Clorox Cyberattack Brings Early Test of New SEC Cyber Rules (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And there’s talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack -Petro (Reuters)  Colombia Mulls Legal Action Against US Firm Targeted In Cyber Attack (Barron's) Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (Microsoft Security Response Center) Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages (SecurityWeek) Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (Trend Micro)  Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) The Clorox Company FORM 8-K (US Securities and Exchange Commission)  Clorox Warns of Product Shortages Following Cyberattack (Wall Street Journal) Clorox warns of product shortages, profit hit from August cyberattack (The Street)  Can't find the right Clorox product? A recent cyberattack is causing some shortages (USA Today)  Clorox warns of product shortages after cyberattack (Fox Business)  As flu season looms, hackers force a shortage of Clorox products (Fortune) New Research Finds Cyberattacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% (Business Wire) Death By a Billion Bots (Netacea) Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (EconoTimes)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains the policies, tools and safeguards in place to enable the safe use of generative AI. And more details emerge in the Las Vegas casinos’ ransomware incidents. Danny Ocean, call your office. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/178 Selected reading. Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness (Microsoft Security Compliance and Identity) Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say (Record)  CoinEx invites hackers to negotiate after suffering data breach (The Times of India BlackCat ransomware hits Azure Storage with Sphynx encryptor (BleepingComputer) MGM websites up, but reservation systems still affected by hack (Las Vegas Review-Journal) The chaotic and cinematic MGM casino hack, explained (Vox) Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water commission confirms 'cybersecurity incident' (Register)  Ukraine's Fusion of Cyber and Kinetic Warfare: Illia Vitiuk's Stand Against Russian Cyber Operations (AFCEA International) Learn more about your ad choices. Visit megaphone.fm/adchoices

Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring gratification as long as possible" when building your career. He says, "People early in their career, looking at government service, those positions don't, you know, make anybody rich overnight, but they are amazing career cornerstones to build on." He closes sharing the importance of relationships. We thank Karl for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Saïd Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk. Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list – with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents. Even the largest and most technologically advanced companies are not immune. CEOs must formally answer to regulators, shareholders and board members for their organisation’s cybersecurity. Yet the majority (72%) of CEOs we interviewed as part of our research said they were not comfortable making cybersecurity-related decisions. The research and associated article can be found here: Research: The CEO Report on Cyber Resilience Article: Make Cybersecurity a Strategic Asset Learn more about your ad choices. Visit megaphone.fm/adchoices

"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/177 Selected reading. Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft) Hackers Backed by Iran Caught in Apparent Global Spy Campaign (The Messenger) BNamericas - Colombia cyberattack hits government, corpor... (BNamericas.com) Colombia's judicial branch thrown offline in major cyber attack (Colombia Reports)  Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down (AP News) Casino Operators Caesars and MGM Still Reeling From Cyber Attacks (Kiplinger.com)  Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs (CyberScoop)  MGM still responding to wide-ranging cyberattack as rumors run rampant (Record) Ransomware in the casinos. (CyberWire) MGM Resorts shuts down some systems. (CyberWire) Manchester police officers’ data stolen following ransomware attack on supplier (Record) Contractor Data Breach Impacts 8k Greater Manchester Police Officers (Hackread)  A Second Major British Police Force Suffers a Cyberattack in Less Than a Month (SecurityWeek)  Who is behind the latest wave of UK ransomware attacks? (the Guardian)  Learn more about your ad choices. Visit megaphone.fm/adchoices

The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading. Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg)  Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal)  The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal)  Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal)  ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters)  MGM Resorts says cyberattack could have material effect on company (NBC News)  MGM Resorts cybersecurity breach could cost millions, expert says (KLAS)  MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire) macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek)  “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence)  Unit 42 Attack Surface Threat Report (Palo Alto Networks) The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal)  Learn more about your ad choices. Visit megaphone.fm/adchoices

An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/175 Selected reading. Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security)  3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec) Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security) Contextualizing Deepfake Threats to Organizations (US Department of Defense)  Bipartisan push to ban deceptive AI-generated ads in US elections (Reuters) DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) New DOD cyber strategy notes limits of digital deterrence (DefenseScoop) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)  September 2023 Security Updates (Microsoft Security Response Center)  Microsoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA)  Zero Day Summer: Microsoft Warns of Fresh New Software Exploits (SecurityWeek) Microsoft Patch Tuesday: Two zero-days addressed in September update (Computing)  Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) (Help Net Security)  Adobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs)  Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer)  Apple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA)  SAP Security Patch Day for September 2023 (Onapsis)  Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (The Hacker News)  Critical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading) Zero-day affecting Chrome, Firefox and Thunderbird patched (Computer)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter. And MGM Resorts are dealing with a “cybersecurity issue.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/174 Selected reading. Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET)  Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News)  Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading)  Iranian hackers break into networks of more than 30 companies in Israel (ynetnews)  “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer)  Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News)  Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) Sales and Purchases of Vulnerability Exploits (Flashpoint) Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek) MGM Resorts shuts down some computer systems after cyber attack (Reuters)  Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News)  MGM Resorts shuts down IT systems after cyberattack (BleepingComputer) MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business)  MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News)  MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch)  FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV)  MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg)  Learn more about your ad choices. Visit megaphone.fm/adchoices

UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book, “Irreducibly Complex Systems: An Introduction to Continuous Security Testing.” In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/173 Selected reading. Ransomware, extortion and the cyber crime ecosystem (NCSC) HijackLoader (Zscaler) New HijackLoader malware is rapidly growing in popularity (Security Affairs) New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (Hacker News) Spyware Telegram mod distributed via Google Play (Secure List) Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (The Hacker News) 'Evil Telegram' Android apps on Google Play infected 60K with spyware (BleepingComputer) Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life (Financial Times) Russia warns "all-out war" with US could erupt over worsening cyber clashes (Newsweek) New strategy for global cybersecurity cooperation coming soon: State cyber ambassador (Breaking Defense)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Caroline Wong, Chief Strategy Officer from Cobalt sits down to share her story of her 15+ years in cybersecurity leadership, including practitioner, product, and consulting roles. As well as being a member of our very own Hash Table, Caroline also authored the popular textbook, Security Metrics: A Beginner's Guide and teachers cybersecurity courses on LinkedIn Learning as well as hosts the Humans of InfoSec podcast. Caroline's father pushed her to start her career in engineering, she went to UC Berkeley and got accepted into their Electrical Engineering and Computer Sciences program. As a college student, she was looking for an internship and found eBay, where she says she worked an entry level position available on the information security team, and says the rest is history. She shares that she loves to teach her peers, and how she would like to be remembered for being a good teacher, saying "I think that my favorite part of the work that I get to do is teaching. Um, and in particular, um, being able to communicate about cybersecurity concepts to a wide audience. I have such tremendous gratitude." We thank Caroline for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices