The CyberWire Daily Podcast 5.2.23
Ep 1814 | 5.2.23

From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)

Show Notes

LOBSHOT is a cryptowallet stealer abusing Google Ads. Coronation phishbait. A known CCTV vulnerability is currently being exploited. T-Mobile discloses another, smaller data breach. New Magecart exploits. Preliminary lessons from cyber operations during Russia's war. Rob Boyce from Accenture shares insights from RSA Conference. Our special guest is NSA Director of Cybersecurity Rob Joyce. And Europol announces a major dark web market takedown.

Selected reading.

New LOBSHOT malware gives hackers hidden VNC access to Windows devices (BleepingComputer)

New 'Lobshot' hVNC Malware Used by Russian Cybercriminals (SecurityWeek)

Elastic Security Labs discovers the LOBSHOT malware (Elastic Blog)

Researchers see surge in scam websites linked to coronation (Computer Weekly) 

TBK DVR Authentication Bypass Attack (FortiGuard) 

T-Mobile discloses second data breach since the start of 2023 (BleepingComputer) 

T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (Ars Technica) 

T-Mobile Announces Another Data Breach (CNET)

Magecart threat actor rolls out convincing modal forms (Malwarebytes)

Cyber lessons from Ukraine: Prepare for prolonged conflict, not a knockout blow (Breaking Defense)

288 dark web vendors arrested in major marketplace seizure (Europol)