The CyberWire Daily Podcast 11.17.22
Ep 1706 | 11.17.22

Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.

Show Notes

Meta employees, contractors compromised customer accounts. Nemesis Kitten found in US Government network. Unpatched Magento instances hit with "TrojanOrders." Emotet has returned after three quiet months. DDoS attacks in game servers by RapperBot. Carole Theriault looks at long term lessons learned from the 2019 Capital One breach. FBI Cyber Division AD Bryan Vorndran updates us on cyber threats. And an alleged "Zeus" cybercrime boss has been arrested in Switzerland.

Selected reading.

Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal)

CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. (CyberWire)

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester (CISA)

Iranian government-linked hackers got into Merit Systems Protection Board’s network (Washington Post)

Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say (CNN)

Magento stores targeted in massive surge of TrojanOrders attacks (BleepingComputer) 

A Comprehensive Look at Emotet’s Fall 2022 Return (Proofpoint) 

Notorious Emotet botnet returns after a few months off (Register) 

Updated RapperBot malware targets game servers in DDoS attacks (BleepingComputer) 

Russia’s cyber forces ‘underperformed expectations’ in Ukraine: senior US official (The Hill)

Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police (BleepingComputer)