The CyberWire Daily Podcast 10.17.23
Ep 1928 | 10.17.23

Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.

Show Notes

A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measuring human risk. And, as always, criminals see misery as opportunity.

Selected reading.

Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information (The Cloudflare Blog)

Disclosing the BLOODALCHEMY backdoor (Elastic Security Labs) 

BLOODALCHEMY provides backdoor to ASEAN secrets (Register) 

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos Blog)

Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica)

Cisco warns of actively exploited zero-day in IOS XE software (Computing) 

Widespread Cisco IOS XE Implants in the Wild (VulnCheck)

Steam enforces SMS verification to curb malware-ridden updates (BleepingComputer)

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) 

CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide (Cybersecurity and Infrastructure Security Agency) 

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (The Hacker News) 

CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations (Cluster25) 

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (The Hacker News) 

Cyberattack targets Belgian public service websites for second time in a week (Brussels Times) 

Spam trends of the week: Spammers piggyback on the Israel-Gaza war to plunder donations (Hot for Security)