The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/135
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)
The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA)
Free Tools for Cloud Environments (CISA)
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA)
ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service)
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security)
Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget)
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record)
JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer)
JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing)
JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch)
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica)
[Security Update] Incident Details - JumpCloud (JumpCloud)
July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud)
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom)
RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By N2K Networks
4.8
10001,000 ratings
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/135
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)
The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA)
Free Tools for Cloud Environments (CISA)
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA)
ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service)
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security)
Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget)
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record)
JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer)
JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing)
JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch)
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica)
[Security Update] Incident Details - JumpCloud (JumpCloud)
July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud)
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom)
RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)
Learn more about your ad choices. Visit megaphone.fm/adchoices
186 Listeners
2,000 Listeners
374 Listeners
376 Listeners
653 Listeners
320 Listeners
416 Listeners
8,012 Listeners
177 Listeners
315 Listeners
189 Listeners
74 Listeners
136 Listeners
46 Listeners
171 Listeners