The CyberWire Daily Podcast 5.12.23
Ep 1822 | 5.12.23

Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.

Show Notes

Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible networks and coordination of strategic cyber risks. Our cyberwire producer Liz Irvin speaks with Crystle-Day Villanueva, Learning and Development Specialist for Lumu Technologies. And KillNet’s short-lived venture, with a dash of  regret.

Selected reading.

Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (Bleeping Computer)

Ransomware actors adopt leaked Babuk code to hit Linux systems (Decipher)

Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers (SentinelOne)

Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG (CISA)

CVE-2023-27350 Detail (NIST)

Proofpoint Emerging Threats Rules (Proofpoint)

2023 Imperva Bad Bot Report (Imperva)

New phishing-as-a-service tool “Greatness” already seen in the wild (Cisco Talos)

Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. (CyberWire)