The CyberWire Daily Podcast 8.26.22
Ep 1650 | 8.26.22

A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.

Show Notes

Palo Alto describes the Black Basta ransomware-as-a-service operation. Okta on Scatter Swine, the threat actor that compromised Twilio. Microsoft describes Nobelium's new approach to establishing persistence. Russia's war against Ukraine has induced stresses in the cyber underworld. LastPass discloses a security incident. Josh Ray from Accenture on cyber crime and the cost-of-living crisis. Our own Dave Bittner sits down with Chris Handman from TerraTrue to discuss how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way. And CISA adds ten entries to its Known Exploited Vulnerabilities Catalog.

Selected reading.

Threat Assessment: Black Basta Ransomware (Palo Alto Networks Unit 42)

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone (Microsoft Threat Intelligence Center)

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (The Hacker News)

Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass (ZDNET)

Detecting Scatter Swine: Insights into a relentless phishing campaign (Okta Security)

Twilio hackers hit over 130 orgs in massive Okta phishing attack (BleepingComputer)

Twilio says breach also compromised Authy two-factor app users (TechCrunch)

How the war in Ukraine is reshaping the dark web (New Statesman)

Notice of Recent Security Incident (The LastPass Blog)

LastPass Says Source Code Stolen in Data Breach (SecurityWeek)

LastPass developer systems hacked to steal source code (BleepingComputer)