The CyberWire Daily Podcast 7.18.23
Ep 1865 | 7.18.23

Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).

Show Notes

The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid.

Selected reading.

Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)

The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA)

Free Tools for Cloud Environments (CISA)

NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA)

ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service)

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security)

Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget) 

Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record)

JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer)

JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing) 

JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch)

JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica)

[Security Update] Incident Details - JumpCloud (JumpCloud)

July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud)

FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom)

RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)