Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 12 July 2023

⏱️ 34 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsoft’s recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/131 Selected reading. Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues) Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center) Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post) U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal) Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (Cisco Talos Blog) Storm-0978 attacks reveal financial and espionage motives (Microsoft Security) Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer) Diplomats Beware: Cloaked Ursa Phishing With a Twist (Unit 42) Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW (Reuters) Threat spotlight: Extortion attacks (Barracuda) The SpyCloud Malware Readiness And Defense Report (SpyCloud) July 2023 Security Updates (Security Update Guide - Microsoft Security Response Center) Microsoft Releases July 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws (BleepingComputer) Fortinet Releases Security Update for FortiOS and FortiProxy (Cybersecurity and Infrastructure Security Agency CISA) Adobe Releases Security Updates for ColdFusion and InDesign (Cybersecurity and Infrastructure Security Agency CISA) Apple's Rapid Security Response Patches Causing Website Access Issues (SecurityWeek) SAP Security Patch Day – July 2023 (SAP) Return of the ICMAD Critical Vulnerabilities in 2023 (Onapsis) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. And now a word from our sponsor, Six Cents.
1:23.2	Six Cents provides award-winning cloud-based automated endpoint and vulnerability management solutions
1:29.5	to streamline IT and security operations. With its advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT and security risks, and optimizing operational efficiency.
1:43.0	With 6 cents, you'll get real-time alerts,
1:46.0	risk-based vulnerability prioritization and remediations,
1:49.0	and an intuitive automation and orchestration engine
1:52.0	so you can focus on your core business goals
1:55.0	confident in the knowledge that your enterprise is secure,
1:58.0	compliant and running smoothly.
2:00.0	Visit 6Cence.com
2:02.0	to learn why enterprises choose them. A Chinese threat actor hits US organizations with a Microsoft cloud exploit.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.