The CyberWire Daily Podcast 3.30.23
Ep 1791 | 3.30.23

A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.

Show Notes

The 3CXDesktopApp is under exploitation in a supply chain campaign. An open letter asks for a pause in advanced AI development. All your grammar and usage are belong us. Combosquatting might fool even the wary. Defender had flagged Zoom and other safe sites as dangerous. Recognizing the importance of OSINT. Matt O'Neill from US Secret Service discussing his agency’s cybersecurity mission. Our guest is Ping Li from Signifyd with a look at online fraud. And the FSB arrests a US journalist.

Selected reading.

3CX DesktopApp Security Alert (3CX)

Supply Chain Attack Against 3CXDesktopApp (CISA)

Pause Giant AI Experiments: An Open Letter (Future of Life Institute)

In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT (WIRED

AI chatbots making it harder to spot phishing emails, say experts (the Guardian)

The Most Common Combosquatting Keyword Is “Support” (Akamai)

False positives in Microsoft Defender. (CyberWire)

Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe (Proofpoint) 

ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine (WeLiveSecurity) 

Russia Ramping Up Cyberattacks Against Ukraine (VOA) 

A new age of spying gives Kyiv the upper hand (The Telegraph) 

Russia arrests Wall Street Journal reporter on spying charge (AP NEWS)

Russia detains a Wall Street Journal reporter, accusing him of espionage. (New York Times)