The CyberWire Daily Podcast 3.17.23
Ep 1782 | 3.17.23

Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.

Show Notes

BianLian gang’s pivot. HinataBot is a Go-based threat. The US Social Security Administration is impersonated in attempted vishing attacks. BlackSnake in the RaaS criminal market. More Silicon Valley Bank-themed phishing. Caleb Barlow from Cylete on security implications you need to consider now about Chat GPT. Our guest is Isaac Roth from LeakSignal with advice on securing the microservices application layer. And Russian operators exploit an Outlook vulnerability.

Selected reading.

BianLian Ransomware Gang Continues to Evolve ([redacted])

Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai)

Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox)

Netskope Threat Coverage: BlackSnake Ransomware (Netskope) 

Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY)

Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive)

CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct) 

Everything We Know About CVE-2023-23397 (Huntress)

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (Microsoft Security Response Center)