Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
The Cl0p gang claims responsibility for the MOVEit file transfer vulnerability. Verizon’s DBIR is out. Palo Alto Networks takes a snapshot of last year’s threat trends. A new criminal campaign targets Android users wishing to install modified apps. A smishing campaign is expanding into the Middle East. Cisco observes compromised vendor and contractor accounts as an access point for network penetration. Cyclops ransomware acts as a dual threat. Anonymous Sudan demands $1 million to stop attacks on Microsoft platforms. Ben Yelin explains a groundbreaking decision on border searches. Our guest is Matt Caulfield of Oort with insights on identity security. And a deepfaked martial law announcement airs on Russian provincial radio stations.
Selected reading.
Clop ransomware claims responsibility for MOVEit extortion attacks (BleepingComputer)
CVE-2023-34362 Detail (National Institute of Standards and Technology)
Microsoft links Clop ransomware gang to MOVEit data-theft attacks (BleepingComputer)
BA, BBC and Boots hit by cyber security breach with contact and bank details exposed (Sky News)
2023 Data Breach Investigations Report (Verizon)
2023 Unit 42 Network Threat Trends Research Report (Unit 42)
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology (Bitdefender)
Adversaries increasingly using vendor and contractor accounts to infiltrate networks (Cisco Talos)
Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat (Uptycs)
U.S. Measures in Response to the Crisis in Sudan (US Department of State)
Microsoft's Outlook.com is down again on mobile, web (BleepingComputer)
Kremlin: fake Putin address broadcast on Russian radio stations after 'hack' (Reuters)
Deep fake video of Putin declaring martial law is broadcast in parts of Russia (Semafor)
Peskov called "Putin's emergency appeal" shown on some TV networks as a hack (TASS)
Proceedings of the 2023 U.S.-Ukraine Cyber Dialogue (US Department of State)