The CyberWire Daily Podcast 4.12.23
Ep 1800 | 4.12.23

Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.

Show Notes

Patch Tuesday update. Another commercial surveillance company is outed. Voice security and the challenge of fraud. CISA updates its Zero Trust Maturity Model. Effects of the US intelligence leaks. Our guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, outlines CISA's role in the cybersecurity community. André Keartland of Netsurit  makes the case for DevSecOps. Russian cyber auxiliaries believed responsible for disrupting the Canadian PM's website.

Selected reading.

Patch Tuesday overview. (CyberWire)

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia (Microsoft Threat Intelligence) 

Threat Report on the Surveillance-for-Hire Industry (Meta)

Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers (The Citizen Lab)

Voice Intelligence and Security Report (Pindrop)

CISA Releases updated Zero Trust Maturity Model (Cybersecurity and Infrastructure Security Agency)

CISA Releases Zero Trust Maturity Model Version 2 (Cybersecurity and Infrastructure Security Agency CISA)

A leak of files could be America’s worst intelligence breach in a decade (The Economist)

Interagency Effort Assessing Impact of Leaked Documents, Strategizing Way Forward (U.S. Department of Defense)

What we know about the Pentagon document leak (Axios)

The ongoing scandal over leaked US intel documents, explained (Vox)

Pentagon leak threatens Biden's foreign policy doctrine ahead of overseas trip (Axios)

Schumer calls for all-senator briefing on leaked Ukraine documents (The Hill)

The key countries and revelations from the Pentagon document leak (Washington Post) 

Exclusive: Leaked U.S. intel document claims Serbia agreed to arm Ukraine (Reuters) 

Up to 50 UK special forces present in Ukraine this year, US leak suggests (the Guardian)

Egypt denies leak about supplying Russia with 40,000 rockets (Al Jazeera)

DDoS attacks block PM Trudeau’s web site (IT World Canada)