Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 24 April 2023

⏱️ 28 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/78 Selected reading. 3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine) That 3CX supply chain attack keeps getting worse (Register) Energy sector orgs in US, Europe hit by same supply chain attack as 3CX (Record) Even more victims found in complex 3CX supply chain attack (CybersecurityConnect) X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs) URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut) PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise (Horizon3.ai) Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (The Hacker News) CISA KEV Breakdown | April 21, 2023 (Nucleus Security) CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug (The Hacker News) CISA adds printer bug, Chrome zero-day and ChatGPT issue to exploited vulnerabilities catalog (Record) Bumblebee Malware Distributed Via Trojanized Installer Downloads (Secureworks). Google ads push BumbleBee malware used by ransomware gangs (BleepingComputer) Bumblebee malware infects victims via fake Zoom, Cisco and ChatGPT software installers (Record) Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (BleepingComputer) Analyzing DNS Traffic for Anomalous Domains and Threat Detection (Infoblox Blog) Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known (New York Times) FBI leak investigators home in on members of private Discord server (Washington Post) From Discord to 4chan: The Improbable Journey of a US Intelligence Leak (bellingcat) Europe’s Planes Keep Flying Despite Cyberattack (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. And now a word from our sponsor, Six Cents.
1:23.2	Six Cents provides award-winning cloud-based automated endpoint and vulnerability management solutions
1:29.5	to streamline IT and security operations. With its advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT and security risks, and optimizing operational efficiency.
1:43.0	With 6 cents, you'll get real-time alerts,
1:46.0	risk-based vulnerability prioritization and remediations,
1:49.0	and an intuitive automation and orchestration engine
1:52.0	so you can focus on your core business goals
1:55.0	confident in the knowledge that your enterprise is secure,
1:58.0	compliant and running smoothly.
2:00.0	Visit 6Cence.com
2:02.0	to learn why enterprises choose them. 3X is not the only victim in the recent supply chain attack. The paper cut critical vulnerability is under active
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.