The CyberWire Daily Podcast 7.12.23
Ep 1861 | 7.12.23

Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.

Show Notes

A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsoft’s recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective.

Selected reading.

Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues)

Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center)

Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post) 

U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal)

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (Cisco Talos Blog)

Storm-0978 attacks reveal financial and espionage motives (Microsoft Security) 

Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer) 

Diplomats Beware: Cloaked Ursa Phishing With a Twist (Unit 42)

Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW (Reuters)

Threat spotlight: Extortion attacks (Barracuda)

The SpyCloud Malware Readiness And Defense Report (SpyCloud)

July 2023 Security Updates (Security Update Guide - Microsoft Security Response Center)

Microsoft Releases July 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) 

Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws (BleepingComputer) 

Fortinet Releases Security Update for FortiOS and FortiProxy (Cybersecurity and Infrastructure Security Agency CISA)

Adobe Releases Security Updates for ColdFusion and InDesign (Cybersecurity and Infrastructure Security Agency CISA) 

Apple's Rapid Security Response Patches Causing Website Access Issues (SecurityWeek) 

SAP Security Patch Day – July 2023 (SAP)

Return of the ICMAD Critical Vulnerabilities in 2023 (Onapsis)