Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.

A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases.

Selected reading.

Friday the 13th on the Dark Web: $150 Million Russian Drug Market Solaris Hacked by Rival Market Kraken (Elliptic Connect) 

Russia-linked drug marketplace Solaris hacked by its rival (The Record from Recorded Future News) 

Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency (the Guardian)

Ukraine: Russians Aim to Destroy Information Infrastructure (Gov Info Security) 

Ukraine says Russia is coordinating missile strikes, cyberattacks and information operations (The Record by Recorded Future)

ICS Vulnerabilities and CVEs: Second Half of 2022 (SynSaber)

Abusing a GitHub Codespaces Feature For Malware Delivery (Trend Micro)

The Blank Image Attack (Avanan)

Phishing Attacks Pose as Updated 2023 HR Policy Announcements (Abnormal Security)

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns (Bitdefender)