The CyberWire Daily Podcast 8.10.23
Ep 1882 | 8.10.23

A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.

Show Notes

A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity.

On this segment of Threat Vector, Kristopher Russo, Senior Threat Researcher for Unit 42, joins host David Moulton to discuss part one of two Muddled Libra.


Threat Vector links.

Threat Group Assessment: Muddled Libra

Guest: Kristopher Russo: From practitioner to researcher Kristopher Russo has spent years entrenched in various specializations of cybersecurity. As a researcher focused on ransomware and cybercrime he brings a from the trenches perspective to cyber threat intelligence.

Selected reading.

Xurum: New Magento Campaign Discovered (Akamai)

Gootloader: Why your Legal Document Search May End in Misery (Trustwave)

Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks)

New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingCompute

Panasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED) 

MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security) 

Belarus hackers target foreign diplomats with help of local ISPs, researchers say (TechCrunch) 

Pro-Russian hackers claim attacks on French, Dutch websites (Record) 

Zhora: Russia's cyber 'war crimes' will outlast invasion (Register)

The Power of Resilience (Cybersecurity and Infrastructure Security Agency CISA)

Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software (The White House)

AIxCC (AIxCC)

The Biden administration wants to put AI to the test for cybersecurity (Washington Post)