The CyberWire Daily Podcast 10.3.22
Ep 1675 | 10.3.22

Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.

Show Notes

Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s your off-boarding program working out?

Selected reading.

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) 

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center)

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC)

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security)

Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer) 

Two Microsoft Exchange zero-days exploited in the wild. (CyberWre) 

CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA)

Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters)

Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future) 

CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com)

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity)

Lazarus & BYOVD: evil to the Windows core (Virus Bulletin)

Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer)

Mexican government suffers major data hack, president's health issues revealed (Reuters)

Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future)

Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters)

Russians dodging mobilization behind flourishing scam market (BleepingComputer) 

Honolulu Man Pleads Guilty to Sabotaging Former Employer’s Computer Network (US Department of Justice)