The CyberWire Daily Podcast 7.7.23
Ep 1858 | 7.7.23

Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.

Show Notes

US and Canadian agencies warn of Truebot. A look at "Operation Brainleaches." Jumpcloud resets API keys. An update on the MOVEit vulnerability exploitation. Andrea Little Limbago from Interos shares insights on rising geopolitical instability. Our guest is Mike Hamilton from Critical Insight discussing what you need to know about NIST 2.0. OSCE trains Ukrainian students in cybersecurity.

Selected reading.

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA)

Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) 

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks (ReversingLabs)

Mandatory JumpCloud API Key Rotation (JumpCloud)

JumpCloud resets admin API keys amid ‘ongoing incident’ (BleepingComputer)

JumpCloud Says All API Keys Invalidated to Protect Customers (SecurityWeek)

More organizations confirm MOVEit-related breaches as hackers claim to publish stolen data (TechCrunch)

Important information about MOVEit Transfer cyber security incident | Shell Global (Shell Global)

Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data (SecurityWeek)

OSCE helps future generation of Ukraine’s law enforcers and emergency personnel build skills for safe work in cyberspace (OSCE)