The CyberWire Daily Podcast 7.13.22
Ep 1618 | 7.13.22

AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.

Show Notes

Adversary-in-the-middle sites support business email compromise. Silent validation carding bot discovered. Attempted social engineering at the European Central Bank. Germany puts its shields up. Carole Theriault speaks with Jen Caltrider about Mozilla's *Privacy Not Included initiative. Our guest is Lucia Milica on Proofpoint’s Voice of the CISO report. And Hacktivism in a hybrid war.

Selected reading.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (Microsoft Security Blog) 

PerimeterX Discovers New Silent Validation Carding Bot (PerimeterX)

Hackers posing as Merkel target ECB's Lagarde - German source (Reuters) 

European Central Bank head targeted in hacking attempt (AP NEWS)

Cyberangriff auf Spitzenpolitiker: Hacker nutzten Merkels Handynummer, um das Whatsapp-Konto von Lagarde zu knacken (Business Insider)

Germany bolsters defenses against Russian cyber threats (Deutsche Welle) 

Ukraine's cyber army hits Russian cinemas (CyberNews)

DDoS attacks surge in popularity in Ukraine — but are they more than a cheap thrill? (The Record by Recorded Future)

Microsoft Releases July 2022 Security Updates (CISA)

CISA orders agencies to patch new Windows zero-day used in attacks (BleepingComputer)

SAP Releases July 2022 Security Updates (CISA)

Schneider Electric Easergy P5 and P3 (CISA)

Dahua ASI7213X-T1 (CISA)