Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
Nuisance-level DDoS and cyberespionage continue to mark Russia's cyber campaign in the hybrid war. There’s a US Presidential memorandum on software supply chain security. Webworm repurposes older RATs. Trends in cyber insurance claims. OriginLogger may be the new Agent Tesla. The SparklingGoblin APT described. Mathieu Gorge of VigiTrust describes cyber vulnerabilities in the hospitality industry. Dinah Davis from Arctic Wolf explains a PayPal phishing attack. And Royal funeral phishbait.
Pro-Russia hackers claim to have temporarily brought down Japanese govt websites (Asia News Network)
Russia-linked Gamaredon APT target Ukraine with a new info-stealer (Security Affairs)
Fears grow of Russian spies turning to industrial espionage (The Record by Recorded Future)
White House releases post-SolarWinds federal software security requirements (Federal News Network)
Webworm: Espionage Attackers Testing and Using Older Modified RATs (Threat Hunter Team Symantec)
Coalition Releases 2022 Cyber Claims Report: Mid-year Update (GlobeNewswire News Room)
You never walk alone: The SideWalk backdoor gets a Linux variant (WeLiveSecurity)
[Scam site harvests credentials] (Proofpoint)
Senators Have Stopped Embarrassing Themselves at Tech Hearings (Slate Magazine)