Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known.
3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine)
Even more victims found in complex 3CX supply chain attack (CybersecurityConnect)
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs)
CISA KEV Breakdown | April 21, 2023 (Nucleus Security)
CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA)
Google ads push BumbleBee malware used by ransomware gangs (BleepingComputer)
Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (BleepingComputer)
Analyzing DNS Traffic for Anomalous Domains and Threat Detection (Infoblox Blog)
FBI leak investigators home in on members of private Discord server (Washington Post)
Europe’s Planes Keep Flying Despite Cyberattack (Wall Street Journal)