The CyberWire Daily Podcast 10.2.23
Ep 1918 | 10.2.23

Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.

Show Notes

Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrust is a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors targeting macOS. And Cybersecurity Awareness Month begins this week.

Learn more about the Blu Ventures Conference here.

Selected reading.

Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI) 

FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher) 

A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs) 

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News)

APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology) 

APT34 Deploys Phishing Attack With New Malware (Trend Micro) 

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News) 

Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record) 

North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop)

Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread)

North Korean Lazarus targeted a Spanish aerospace company (Security Affairs)

Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (BleepingComputer)

Ukraine at D+585: Trench fighting in the south. (CyberWire)

Royal Family's official website targeted in cyber attack (Sky News)

Royal family website hit by cyber attack (The Independent)

The country ‘dodged a bullet’ after shutdown avoided, but the cyber threat still hovers (Washington Post)

US Federal shutdown averted (or postponed): effects on cybersecurity. (CyberWire)

Cybersecurity Awareness Month: perspectives from the cyber sector. (CyberWire)

Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series (NIST)