The CyberWire Daily Podcast 3.8.23
Ep 1775 | 3.8.23

Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.

Show Notes

CISA adds three known exploited vulnerabilities to its Catalog. A data breach at Acer exposes intellectual property. Sharp Panda deploys SoulSearcher malware in cyberespionage campaigns. US Cyber Command’s head warns against underestimating Russia in cyberspace. Dave Bittner sits down with Simone Petrella of N2K Networks to discuss the recently-released Defense Cyber Workforce Framework. Betsy Carmelite from Booz Allen Hamilton speaks about CISA's year ahead. And are large language models what the lawyers call an attractive nuisance.

Selected reading.

CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA)

March 7 CISA KEV Breakdown | Zoho, Teclib, Apache (Nucleus Security)

Acer Confirms Breach After Hacker Offers to Sell Stolen Data (SecurityWeek)

Acer confirms breach after 160GB of data for sale on hacking forum (BleepingComputer)

“Sharp Panda”: Check Point Research puts a spotlight on Chinese origined espionage attacks against southeast asian government entities (Check Point Software)

Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities (Check Point Research)

What can security teams learn from a year of cyber warfare? (Computer Weekly)

Russian cyberattacks could intensify during spring offensives in Ukraine, US Cyber Command general says (Stars and Stripes)

US Bracing for Bolder, More Brazen Russian Cyberattacks (VOA)

Russia remains a ‘very capable’ cyber adversary, Nakasone says (C4ISRNet)

Employees Are Feeding Sensitive Business Data to ChatGPT (Dark Reading)