Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.

CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast. Disrupting Mr. Putin's speech, online, and what the hybrid war suggests about the future of cyber auxiliaries.

Selected reading.

CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA)

Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia (Symantec)

IBM Security X-Force Threat Intelligence Index 2023 (IBM)

S1deload Stealer – Exploring the Economics of Social Network Account Hijacking (Bitdefender Labs) 

Cyber Attacks on Data Center Organizations (Resecurity)

Hackers Scored Data Center Logins for Some of the World's Biggest Companies (Bloomberg)

LockBit gang takes credit for attack on water utility in Portugal (The Record from Recorded Future News) 

Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever (WIRED) 

Ukrainian hackers claim disruption of Russian TV websites during Putin speech (The Record from Recorded Future News) 

Ukraine's volunteer cyber army could be model for other nations: experts (Newsweek) 

Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive’ (The Record from Recorded Future News)