The CyberWire Daily Podcast 4.24.23
Ep 1808 | 4.24.23

Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

Show Notes

3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known.

Selected reading.

3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine)

That 3CX supply chain attack keeps getting worse (Register)

Energy sector orgs in US, Europe hit by same supply chain attack as 3CX (Record) 

Even more victims found in complex 3CX supply chain attack (CybersecurityConnect) 

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs) 

URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut)

PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise (Horizon3.ai) 

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (The Hacker News) 

CISA KEV Breakdown | April 21, 2023 (Nucleus Security)

CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA)

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug (The Hacker News) 

CISA adds printer bug, Chrome zero-day and ChatGPT issue to exploited vulnerabilities catalog (Record)

Bumblebee Malware Distributed Via Trojanized Installer Downloads (Secureworks).

Google ads push BumbleBee malware used by ransomware gangs (BleepingComputer) 

Bumblebee malware infects victims via fake Zoom, Cisco and ChatGPT software installers (Record) 

Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (BleepingComputer) 

Analyzing DNS Traffic for Anomalous Domains and Threat Detection (Infoblox Blog) 

Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known (New York Times) 

FBI leak investigators home in on members of private Discord server (Washington Post)

From Discord to 4chan: The Improbable Journey of a US Intelligence Leak (bellingcat) 

Europe’s Planes Keep Flying Despite Cyberattack (Wall Street Journal)