The CyberWire Daily Podcast 12.14.22
Ep 1723 | 12.14.22

InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.

Show Notes

The FBI’s InfraGard user data shows up for sale. An update on Iranian cyber operations. NSA warns of Chinese cyber threats. Challenges in sharing data for threat detection and prevention. Legitimately signed drivers are used in targeted attacks. Patch Tuesday addressed a lot of actively exploited issues. Tim Starks from the Washington Post Cybersecurity 202 shares his reporting on ICS vulnerabilities. Our guest is Mike Fey from Island with an introduction to the enterprise browser space. And the US indicts five Russian nationals on sanctions-evasion charges.

Selected reading.

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (KrebsOnSecurity)

Would’ve, Could’ve, Should’ve…Did: TA453 Refuses to be Bound by Expectations (Proofpoint) 

APT5: Citrix ADC Threat Hunting Guidance (NSA)

U.S. agency warns that hackers are going after Citrix networking gear (Reuters)

NSA Outs Chinese Hackers Exploiting Citrix Zero-Day (SecurityWeek) 

Effect of data on Federal agencies' policies. (CyberWire)

I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware (Mandiant)

Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers (SentinelOne)

SAP Security Patch Day December 2022 (Onapsis)

December 2022 Security Updates (Microsoft Security Response Center)

December Patch Tuesday Updates | 2022 - Syxsense Inc (Syxsense Inc)

Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws (BleepingComputer)

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update (Dark Reading) 

Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698) (Help Net Security)

Microsoft Releases December 2022 Security Updates (CISA)

Apple security updates (Apple Support)

We finally know why Apple pushed out that emergency 16.1.2 update (Macworld) 

Why You Should Enable Apple’s New Security Feature in iOS 16.2 Right Now (Wirecutter)

Apple Releases Security Updates for Multiple Products (CISA)

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 (Citrix)

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518) (Help Net Security) 

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway (CISA)

VMware Patches VM Escape Flaw Exploited at Geekpwn Event (SecurityWeek) 

Experts detailed a previously undetected VMware ESXi backdoor (Security Affairs)

VMware Releases Security Updates for Multiple products (CISA)

Mozilla Releases Security Updates for Thunderbird and Firefox (CISA)

Adobe Patches 38 Flaws in Enterprise Software Products (SecurityWeek)

CISA Releases Three Industrial Control Systems Advisories (CISA)

Five Russian Nationals, Including Suspected FSB Officer, and Two U.S. Nationals Charged with Helping the Russian Military and Intelligence Agencies Evade Sanctions (US Department of Justice)

Russian Military and Intelligence Agencies Procurement Network Indicted in Brooklyn Federal Court (US Department of Justice)