At a glance.
- Access broker's phishing facilitates ransomware.
- 3AM is fallback malware.
- Cross-site-scripting vulnerabilities reported in Apache services.
- US agencies warn organizations to be alert for deepfakes.
- US Department of Defense publishes its 2023 Cyber Strategy, informed by lessons from Russia's war against Ukraine.
- Observability and security.
- Patch Tuesday.
Access broker's phishing facilitates ransomware.
Storm-0324 is financially motivated, straightforwardly criminal, but its attack methods show considerable sophistication. “The actor’s email chains are highly evasive, making use of traffic distribution systems (TDS) like BlackTDS and Keitaro, which provide identification and filtering capabilities to tailor user traffic. This filtering capability allows attackers to evade detection by certain IP ranges that might be security solutions, like malware sandboxes, while also successfully redirecting victims to their malicious download site.” For more on this criminal service, see CyberWire Pro.