The CyberWire Daily Podcast 6.1.23
Ep 1835 | 6.1.23

Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.

Show Notes

A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a “significant forensic discrepancy” in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions.

Selected reading.

Supply Chain Risk from Gigabyte App Center backdoor (Eclypsium)

Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox)

Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB)

Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop)

Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal)

Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga)

2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (Reddit)

An In-Depth Look at Cuba Ransomware (Avertium)

Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (The Record)

Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters)

Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (The New York Times