The CyberWire Daily Podcast 9.14.22
Ep 1662 | 9.14.22

Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russia’s hybrid war (but Ukraine is sounding confident).

Show Notes

Patch Tuesday notes. The US Senate Judiciary Committee hears from the Twitter whistleblower. Joint warning of IRGC cyber activity. Rob Boyce from Accenture on cybercriminals weaponizing leaked ransomware data. Chris Novak from Verizon describes his participation in the CISA Advisory Board. And Ukraine reiterates confidence in its resiliency.

Selected reading.

Adobe Patches 63 Security Flaws in Patch Tuesday Bundle (SecurityWeek)

Microsoft Releases September 2022 Security Updates (CISA)

Microsoft's September Patch Tuesday fixes five critical bugs (Computing)

Microsoft Raises Alert for Under-Attack Windows Flaw (SecurityWeek)

SAP Security Patch Day September 2022 (Onapsis) 

Apple Releases Security Updates for Multiple Products (CISA)

Apple fixes eighth zero-day used to hack iPhones and Macs this year (BleepingComputer) 

Apple Will Let You Remove Rapid Security Response Updates in iOS 16 (Mac Rumors)

Data Security at Risk: Testimony from a Twitter Whistleblower (United States Senate Committee on the Judiciary)

Twitter Employees Have Too Much Access to Data, Whistleblower Says (Wall Street Journal) 

Twitter whistleblower reveals employees concerned China agent could collect user data (Reuters)

Security failures cause ‘real harm to real people’ (Washington Post)

Twitter whistleblower testifies to Congress, calls for tech regulation reforms (The Record by Recorded Future)

The Search for Dirt on the Twitter Whistle-Blower (The New Yorker)

Whistle-Blower Says Twitter ‘Chose to Mislead’ on Security Flaws (New York Times) 

Twitter whistleblower says site put growth over security (Computing) 

Written Statement of Peiter (“Mudge”) Zatko United States Senate Judiciary Committee September 13, 2022 (Katz Banks Kumin) 

What we learned when Twitter whistleblower Mudge testified to Congress (TechCrunch) 

How China became big business for Twitter (Reuters)

Twitter whistleblower exposes limits of FTC’s power (Washington Post)

Twitter Whistle-Blower Testimony Spurs Calls for Tech Regulator (Bloomberg)

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations (CISA)

Ukraine’s Cyberwar Chief Sounds Like He’s Winning (WIRED) 

DDoS attacks on financial sector surge during war in Ukraine, new FCA data reveals (PR Newswire)