The CyberWire Daily Podcast 10.6.22
Ep 1678 | 10.6.22

Updated mitigations for ProxyNotShell. Lloyd’s investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.

Show Notes

Microsoft updates mitigations for ProxyNotShell. Lloyd's of London investigates a suspected cyberattack. Killnet hits networks of US state governments. The FBI and CISA weigh in on election security. Credential theft in the name of Zoom. Tim Eades from Cyber Mentor Fund on the move to early-stage investing in times of war and recession. Our guest is Nick Lumsden of Tenacity Cloud on cloud infrastructure sprawl. The former security chief  at Uber was found guilty in a case involving data breach cover-up.

Selected reading.

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center)

Microsoft updates guidance for ‘ProxyNotShell’ bugs after researchers get around mitigations (The Record by Recorded Future)

Microsoft Updates Mitigation for Exchange Server Zero-Days (Dark Reading) 

Microsoft updates mitigation for ProxyNotShell Exchange zero days (BleepingComputer) 

Lloyd's of London investigates possible cyber attack (Reuters)

Insurance giant Lloyd’s of London investigating cyberattack (The Record by Recorded Future)

Russian-speaking hackers knock US state government websites offline (CNN) 

Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting (FBI and CISA)

FBI: Cyberattacks targeting election systems unlikely to affect results (BleepingComputer) 

Zoom: 1 Phish, 2 Phish Email Attack (Armorblox)

Former Uber Security Chief Found Guilty of Obstructing FTC Probe (Wall Street Journal)

Former Uber security chief convicted of covering up 2016 data breach (Washington Post)

Uber’s Former Security Chief Convicted of Data Hack Coverup (Bloomberg)

Former Uber Security Chief Found Guilty of Hiding Hack From Authorities (New York Times)

Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover Up (SecurityWeek)