The CyberWire Daily Podcast 4.7.23
Ep 1797 | 4.7.23

Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.

Show Notes

Preventing abuse of the Cobalt Strike pentesting tool. US investigates a leak of sensitive documents related to the war in Ukraine. Hacktivist activity continues. Google's advice for boards. Electronic lockpicks for electronic locks. Nexx security devices may have security flaws. Tesla employees reportedly shared images and videos from Teslas in the wild. Matt O'Neill from US Secret Service discussing investment crypto scams. Our guest is James Campbell of Cado Security on the challenges of a cloud transition. And CISA releases seven ICS advisories.

Selected reading.

Stopping cybercriminals from abusing security tools (Microsoft On the Issues) 

Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands (CyberScoop)

Ukraine War Plans Leak Prompts Pentagon Investigation (New York Times)

DDoS attacks rise as pro-Russia groups attack Finland, Israel (TechRepublic)

Perspectives on Security for the Board (Google Cloud)

Thieves Use CAN Injection Hack to Steal Cars (SecurityWeek)

How thieves steal cars using vehicle CAN bus (Register) 

Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it (Graham Cluley).

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know (Naked Security)

Special Report: Tesla workers shared sensitive images recorded by customer cars (Reuters)

CISA Releases Seven Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)