CyberWire Pro Research Briefing from 12/21/2021.

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 25 December 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Enjoy a peek into CyberWire Pro's Research Briefing as the team is off taking our long winter's nap. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as they’re played out in cyberspace. This week's headlines: US Commission on International Religious Freedom reportedly hacked. Sophistication of NSO exploit on par with nation-state tooling. Conti ransomware actors exploit Log4Shell. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more.

Transcript

Click on a timestamp to play from that location

0:00.0	Here's your Cyberair Pro research briefing for Tuesday, December 21st, 2021.
0:15.0	A vast has discovered a new targeted attack against a small lesser known U.S. Federal Government Commission associated
0:25.4	with international rights.
0:27.0	A vast doesn't name the affected entity, but the record reports that it was the United States
0:32.4	Commission on International Religious Freedom.
0:35.2	A vast isn't sure what the attackers were after, but they note that the threat actor had significant
0:40.8	access within the network.
0:42.8	Quote, while we have no information on the impact of this attack or the actions
0:46.9	taken by the attackers, based on our analysis of the files in question, we believe it's reasonable to conclude that the attackers were able
0:54.8	to intercept and possibly exfiltrate all local network traffic in this organization.
1:00.5	This could include information exchanged with other US government agencies and other international governmental and non-governmental organizations focused on international rights.
1:11.0	We also have indications that the attackers could run code of their choosing in the operating
1:16.3	systems context on infected systems, giving them complete control. Taken altogether, this attack could have given total visibility of the network and complete control of a system, and thus could be used as the first step in a and receiving no response. Quote,
1:43.0	after initial communication directly to the affected organization,
1:47.0	they would not respond, return communications,
1:49.4	or provide any information.
1:51.5	The attempts to resolve this issue included repeated direct follow-up
1:55.4	outreach attempts to the organization. We also used other standard channels for reporting
2:01.2	security issues directly to affected organizations and
2:04.8	standard channels the United States government has in place to receive reports like
2:09.2	this. In these conversations and outreach we have received no follow-up or information on whether the issues we reported have been resolved and no further information was shared with us.
2:22.0	Researchers at Google's Project Zero have analyzed an iOS exploit developed by Spyware
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.