Podcasts News Tech News CyberWire Daily How one access broker gets its initial access (its through novel phishing). Be alert for deepfakes, US authorities say. The Pentagons new cyber strategy. And a reminder: yesterday was Patch Tuesday.

How one access broker gets its initial access (its through novel phishing). Be alert for deepfakes, US authorities say. The Pentagons new cyber strategy. And a reminder: yesterday was Patch Tuesday.

Published: Sept. 13, 2023, 8:40 p.m.

An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday.\n\nFor links to all of today's stories check out our CyberWire daily news briefing:\nhttps://thecyberwire.com/newsletters/daily-briefing/12/175\n\nSelected reading.\nMalware distributor Storm-0324 facilitates ransomware access (Microsoft Security)\xa0\n3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec)\nAzure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security)\nContextualizing Deepfake Threats to Organizations (US Department of Defense)\xa0\nBipartisan push to ban deceptive AI-generated ads in US elections (Reuters)\nDOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense)\nNew Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense)\nNew DOD cyber strategy notes limits of digital deterrence (DefenseScoop)\nNew Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense)\nCISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)\xa0\nSeptember 2023 Security Updates (Microsoft Security Response Center)\xa0\nMicrosoft Releases September 2023 Updates (Cybersecurity and Infrastructure Security Agency CISA)\xa0\nZero Day Summer: Microsoft Warns of Fresh New Software Exploits (SecurityWeek)\nMicrosoft Patch Tuesday: Two zero-days addressed in September update (Computing)\xa0\nAdobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA)\nMicrosoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) (Help Net Security)\xa0\nAdobe fixed actively exploited zero-day in Acrobat and Reader (Security Affairs)\xa0\nAdobe warns of critical Acrobat and Reader zero-day exploited in attacks (BleepingComputer)\xa0\nApple Releases Security Updates for iOS and macOS (Cybersecurity and Infrastructure Security Agency CISA)\xa0\nSAP Security Patch Day for September 2023 (Onapsis)\xa0\nGoogle Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (The Hacker News)\xa0\nCritical Google Chrome Zero-Day Bug Exploited in the Wild (Dark Reading)\nZero-day affecting Chrome, Firefox and Thunderbird patched (Computer)\xa0\nLearn more about your ad choices. Visit megaphone.fm/adchoices