The CyberWire Daily Podcast 1.17.23
Ep 1740 | 1.17.23

Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”

Show Notes

A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO group’s attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsoft’s Chris Young about the importance of the security ecosystem. And Ukraine calls for a "digital United Nations."

Selected reading.

Cloud 9: Top Cloud Penetration Testing Tools (Bishop Fox)

Our Top Favorite Fuzzer crowdsourcing pen testing tools (Bishop Fox)

DHL Phishing Attack. Simply Delivered. (ArmorBlox) 

Credential phishing campaign impersonates DHL. (CyberWire)

Phishing scam invites Russian Telegram users to check ‘conscription lists’ to see if they’ll be drafted in February (Meduza)

NortonLifeLock warns that hackers breached Password Manager accounts (BleepingComputer)

Norton LifeLock says thousands of customer accounts breached (TechCrunch).

NortonLifeLock notifies thousands of users about compromised Password Manager accounts (Computing) 

Data Protection Trends Report 2023 (Veeam)

Trends in data protection. (CyberWire)

How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services (Orca Security)

Orca describes four Azure vulnerabilities. (CyberWire)

State Of Software Security (Veracode) 

A look at the state of software security. (CyberWire)

Ukraine calls for ‘Cyber United Nations’ amid Russian attacks (POLITICO)