BROADCASTS.com

b"The FBI\\u2019s InfraGard user data shows up for sale. An update on Iranian cyber operations. NSA warns of Chinese cyber threats. Challenges in sharing data for threat detection and prevention. Legitimately signed drivers are used in targeted attacks. Patch Tuesday addressed a lot of actively exploited issues. Tim Starks from the Washington Post Cybersecurity 202 shares his reporting on ICS vulnerabilities. Our guest is Mike Fey from Island with an introduction to the enterprise browser space. And the US indicts five Russian nationals on sanctions-evasion charges.\\n\\nFor links to all of today's stories check out our CyberWire daily news briefing:\\nhttps://thecyberwire.com/newsletters/daily-briefing/11/238\\n\\nSelected reading.\\nFBI\\u2019s Vetted Info Sharing Network \\u2018InfraGard\\u2019 Hacked (KrebsOnSecurity)\\nWould\\u2019ve, Could\\u2019ve, Should\\u2019ve\\u2026Did: TA453 Refuses to be Bound by Expectations (Proofpoint)\\xa0\\nAPT5: Citrix ADC Threat Hunting Guidance (NSA)\\nU.S. agency warns that hackers are going after Citrix networking gear (Reuters)\\nNSA Outs Chinese Hackers Exploiting Citrix Zero-Day (SecurityWeek)\\xa0\\nEffect of data on Federal agencies' policies. (CyberWire)\\nI Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware (Mandiant)\\nDriving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers (SentinelOne)\\nSAP Security Patch Day December 2022 (Onapsis)\\nDecember 2022 Security Updates (Microsoft Security Response Center)\\nDecember Patch Tuesday Updates | 2022 - Syxsense Inc (Syxsense Inc)\\nMicrosoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws (BleepingComputer)\\nMicrosoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update (Dark Reading)\\xa0\\nMicrosoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698) (Help Net Security)\\nMicrosoft Releases December 2022 Security Updates (CISA)\\nApple security updates (Apple Support)\\nWe finally know why Apple pushed out that emergency 16.1.2 update (Macworld)\\xa0\\nWhy You Should Enable Apple\\u2019s New Security Feature in iOS 16.2 Right Now (Wirecutter)\\nApple Releases Security Updates for Multiple Products (CISA)\\nCitrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 (Citrix)\\nState-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518) (Help Net Security)\\xa0\\nCitrix Releases Security Updates for Citrix ADC, Citrix Gateway (CISA)\\nVMware Patches VM Escape Flaw Exploited at Geekpwn Event (SecurityWeek)\\xa0\\nExperts detailed a previously undetected VMware ESXi backdoor (Security Affairs)\\nVMware Releases Security Updates for Multiple products (CISA)\\nMozilla Releases Security Updates for Thunderbird and Firefox (CISA)\\nAdobe Patches 38 Flaws in Enterprise Software Products (SecurityWeek)\\nCISA Releases Three Industrial Control Systems Advisories (CISA)\\nFive Russian Nationals, Including Suspected FSB Officer, and Two U.S. Nationals Charged with Helping the Russian Military and Intelligence Agencies Evade Sanctions (US Department of Justice)\\nRussian Military and Intelligence Agencies Procurement Network Indicted in Brooklyn Federal Court (US Department of Justice)"