The CyberWire Daily Podcast 2.28.23
Ep 1769 | 2.28.23

Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.

Show Notes

The US Marshals Service sustains a data breach. Blind Eagle is a phish hawk. Dish continues to work toward recovery. OneNote attachments are used to distribute Qakbot. Ben Yelin has analysis on the Supreme Court’s hearing on a section 230 case. Mr Security Answer Person John Pescatore has thoughts on Chat GPT. And CISA Director Easterly urges vendors to make software secure-by-design.

Selected reading.

U.S. Marshals Service investigating ransomware attack, data theft (BleepingComputer)

US Marshals says prisoners’ personal information taken in data breach (TechCrunch)

Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities (BlackBerry)

Dish hit by multiday outage after reported cyberattack (TechCrunch)

DISH says ‘system issue’ affecting internal servers, phone systems (The Record from Recorded Future News) 

Take Note: Armorblox Stops OneNote Malware Campaign (Armorblox) 

Ukraine & Intelligence: One Year on – with Shane Harris (SpyCast)

U.S. cyber official praises Apple security and suggests Microsoft, Twitter need to step it up (CNBC)

U.S. cyber chief warns tech companies to curb unsafe practices (CBS News)

Tech manufacturers are leaving the door open for Chinese hacking, Easterly warns (The Record from Recorded Future News)

CISA Director Calls Out Industry Using Consumers as Cyber 'Crash Test Dummies' (Nextgov.com)

The Designed-in Dangers of Technology and What We Can Do About It (Cybersecurity and Infrastructure Security Agency)