Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
01/12/23 • 24 min
1 Listener
Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market. And HR phishbait dangles raises, and some employees bite.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/8
Selected reading.
EyeSpy - Iranian Spyware Delivered in VPN Installers (Bitdefender Labs)
Phishing on the Static Expressway. (CyberWire)
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO (SentinelOne)
Not a cyberattack, but an IT failure. (CyberWire)
FAA NOTAM Statement (FAA)
Canadian Pilot-Alert System Reports Outage Hours After U.S. Grounding Order (Wall Street Journal)
US air travel resumes but thousands of flights delayed after planes grounded - live updates (The Telegraph)
US Flights Latest: Departures Resume After FAA Lifts Ground Stop (Bloomberg)
Royal Mail suffers ‘severe service disruption’ after cyber incident (Glasgow Times)
Royal Mail issues major disruption warning after 'cyber incident' (Computing)
Parcels and letters stuck in limbo as Royal Mail is hit by a suspected hack (The Telegraph)
Cyber Incident Hits UK Postal Service, Halts Overseas Mail (SecurityWeek)
Learn more about your ad choices. Visit megaphone.fm/adchoices
Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market. And HR phishbait dangles raises, and some employees bite.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/8
Selected reading.
EyeSpy - Iranian Spyware Delivered in VPN Installers (Bitdefender Labs)
Phishing on the Static Expressway. (CyberWire)
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO (SentinelOne)
Not a cyberattack, but an IT failure. (CyberWire)
FAA NOTAM Statement (FAA)
Canadian Pilot-Alert System Reports Outage Hours After U.S. Grounding Order (Wall Street Journal)
US air travel resumes but thousands of flights delayed after planes grounded - live updates (The Telegraph)
US Flights Latest: Departures Resume After FAA Lifts Ground Stop (Bloomberg)
Royal Mail suffers ‘severe service disruption’ after cyber incident (Glasgow Times)
Royal Mail issues major disruption warning after 'cyber incident' (Computing)
Parcels and letters stuck in limbo as Royal Mail is hit by a suspected hack (The Telegraph)
Cyber Incident Hits UK Postal Service, Halts Overseas Mail (SecurityWeek)
Learn more about your ad choices. Visit megaphone.fm/adchoices
Previous Episode
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post’s Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokémon NFTs.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/7
Selected reading.
The Daily 202 (Latest Cybersecurity 202)
Microsoft Releases January 2023 Security Updates (CISA) >
Adobe Releases Security Updates for Multiple Products (CISA)
Black Box KVM (CISA)
Delta Electronics InfraSuite Device Master (CISA)
Known Exploited Vulnerabilities Catalog (CISA)
Dark Pink (Group-IB)
New Dark Pink APT group targets govt and military with custom malware (BleepingComputer)
Kinsing cryptojacking. (CyberWire)
Ukraine at D+321: "Difficult in places." (CyberWire)
Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)
Ransomware attack against SickKids said to be unusual. (CyberWire)
Health3PT seeks a uniform approach to healthcare supply chain issues. (CyberWire)
Breaking the glass ceiling: My journey to close the leadership gap. (CyberWire, Creating Connections)
Pokémon NFTs used as malware vectors. (CyberWire)
Learn more about your ad choices. Visit megaphone.fm/adchoices
Next Episode
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/9
Selected reading.
Impact of Technology in 2023 and Beyond (IEEE)
Ukraine at D+323: Fighting in Soledar, and industrial mobilization. (CyberWire)
GitHub disables pro-Russian hacktivist DDoS pages (CyberScoop)
Russia criticises Reuters story on Russian hackers targeting U.S. nuclear scientists (Reuters)
Royal Mail cyber incident now identified as ransomware attack. (CyberWire)
Not a cyberattack, but an IT failure. (CyberWire)
The Guardian breach and news media as targets. (CyberWire)
Citrix vulnerability exploited by ransomware group. (CyberWire)
2022 Year In Review (CISA)
Russia’s largest hacking conference reflects isolated cyber ecosystem (Brookings)
Learn more about your ad choices. Visit megaphone.fm/adchoices
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cyberwire-daily-39916/trojanized-vpn-installers-circulate-in-iran-a-trip-down-the-static-exp-27422125"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to trojanized vpn installers circulate in iran. a trip down the static expressway. hacktivism-for-profit. it incidents disrupt notams and royal mail. hr phishbait. on goodpods" style="width: 225px" /> </a>
Copy