A critical zero-day in Oracle E-Business Suite is under active exploitation.  ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. There’s been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals.  A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On our Afternoon Cyber Tea segment with Microsoft’s Ann Johnson, Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. Don’t spend that ParkMobile settlement all in one place. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea Segment

Today we are highlighting Afternoon Cyber Tea with Ann Johnson. Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. You can listen to Ann and Volker's full conversation⁠ here⁠ and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability (Cyber Security News)

ICE Wants to Build Out a 24/7 Social Media Surveillance Team (WIRED)

Discord blames third-party support outfit for data breach (The Register)

Android and Windows gamers worldwide potentially affected by bug in Unity game engine (The Record)

XWorm malware resurfaces with ransomware module, over 35 plugins (Bleeping Computer)

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login (HackRead)

Scanning of Palo Alto Portals Surges 500% (Infosecurity Magazine)

$4.5 Million Offered in New Cloud Hacking Competition (SecurityWeek)

Accenture acquires Japanese AI and DX provider, Aidemy Inc. (N2K Pro Business Briefing)

ParkMobile pays... $1 each for 2021 data breach that hit 22 million (Bleeping Computer)

Vote for Dave!

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices