Please login or sign up to post and edit reviews.
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
Podcast |
CyberWire Daily
Publisher |
The CyberWire
Media Type |
audio
Podknife tags |
Cybersecurity
Tech News
Technology
Categories Via RSS |
Daily News
News
Tech News
Technology
Publication Date |
Jul 18, 2023
Episode Duration |
00:30:28
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) Free Tools for Cloud Environments (CISA) NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget)  Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record) JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer) JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing)  JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch) JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica) [Security Update] Incident Details - JumpCloud (JumpCloud) July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud) FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom) RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) Free Tools for Cloud Environments (CISA) NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget)  Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record) JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer) JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing)  JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch) JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica) [Security Update] Incident Details - JumpCloud (JumpCloud) July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud) FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom) RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/135

Selected reading.

Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)

The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA)

Free Tools for Cloud Environments (CISA)

NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA)

ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service)

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security)

Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget) 

Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record)

JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer)

JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing) 

JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch)

JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica)

[Security Update] Incident Details - JumpCloud (JumpCloud)

July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud)

enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor">FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom)

RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record) 

Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review