How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday.
For links to all of today's stories check out our CyberWire daily news briefing:
Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security)
Contextualizing Deepfake Threats to Organizations (US Department of Defense)
DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense)
New DOD cyber strategy notes limits of digital deterrence (DefenseScoop)
CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)
September 2023 Security Updates (Microsoft Security Response Center)
Microsoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA)
Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA)
Adobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs)
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer)
Apple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA)
Critical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading)