The CyberWire Daily Podcast 3.22.23
Ep 1785 | 3.22.23

Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.

Show Notes

Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine.  An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out.

Selected reading.

ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack (ZenGo)

Stopping a $36 Million Vendor Fraud Attack (Abnormal Intelligence) 

Bad magic: new APT found in the area of Russo-Ukrainian conflict (Securelist)

Unknown actors target orgs in Russia-occupied Ukraine (Register)

New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (The Hacker News)

Partisan suspects turn on the cyber-magic in Ukraine (Cybernews)

Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' (CyberScoop) 

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management | CISA (Cybersecurity and Infrastructure Security Agency CISA) 

ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practi (National Security Agency/Central Security Service)

Identity and Access Management: Recommended Best Practices for Administrators (NSA and CISA) 

CISA Releases Updated Cybersecurity Performance Goals (Cybersecurity and Infrastructure Security Agency CISA) 

CISA Releases Eight Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA)

End of BreachForums could take a bite out of cybercrime (Washington Post)

BreachForums says it is closing after suspected law enforcement access to backend (Record)