Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. Park’N Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations. We kick off our new educational CertByte segment with hosts Chris Hare and George Monsalvatge. Precrime detectives root out election related misinformation before it happens.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On today’s show, our guests are N2K's Chris Hare and George Monsalvatge introducing our new bi-weekly CertByte segments that kick off today on the CyberWire Daily podcast.
CertByte Segment
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth.
In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by George Monsalvatge to break down a question targeting the Project Management Professional (PMP)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Project Management Professional (PMP®) Practice Test.
The PMP® is the global gold standard certification typically targeted for those who have about three to five years of project management experience. To learn more about this and other related topics under this objective, please refer to the following resource: Project Management Institute - Code of Ethics and Professional Conduct.
Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.
Selected Reading
Malware Delivered via Malicious Pidgin Plugin, Signal Fork (SecurityWeek)
BlackByte Hackers Exploiting VMware ESXi Auth Bypass Flaw to Deploy Ransomware (Cyber Security News)
US Offering $2.5 Million Reward for Belarusian Malware Distributor (SecurityWeek)
Services at Swiss manufacturer Schlatter disrupted in likely ransomware attack (SiliconANGLE)
US Marshals say data posted by ransomware gang not from 'new or undisclosed incident' (The Record)
Park’N Fly notifies 1 million customers of data breach (Bleeping Computer)
Taking the Crossroads: The Versa Director Zero-Day Exploitation (Lumen)
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations (CISA)
Hundreds of 'PreCrime' Election-Related Fraud Sites Spotted (Metacurity)
Learn more about your ad choices. Visit megaphone.fm/adchoices
[Music] You're listening to the Cyberwire Network, powered by N2K. [Sound of "N2K"] This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify. The global commerce platform that supercharges you're selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify.com/tech, all lowercase. That's Shopify.com/tech. [Music] Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by Databrokers. So I decided to try "Delete Me." I have to say, "Delete Me" is a game-changer. Within days of signing up, they started removing my personal information from hundreds of Databrokers. I finally have peace of mind knowing my data privacy is protected. "Delete Me"'s team does all the work for you with detailed reports, so you know exactly what's been done. Take control of your data and keep your private life private by signing up for "Delete Me." Now at a special discount for our listeners, today, get 20% off your "Delete Me" plan when you go to joindeleteme.com/n2k and use promo code "n2k" at checkout. The only way to get 20% off is to go to joindeleteme.com/n2k and enter code "n2k" at checkout. That's joindeleteme.com/n2k, code "n2k." ♪♪ Thread Actors use a malicious pigeon plug-in to deliver malware. The black-bite ransomware group is exploiting a recently patched VMware ESXI vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyber attack. The U.S. Marshals Service responds to claims of data theft by the Hunter's International Ransomware Gang. "Harkenfly" reports a data breach affecting 1 million customers. "Black Lotus Labs" documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations. We kick off our new educational "Sert-Bite" segment with hosts Chris Hair and George Manselvachi. And pre-crime detectives root out election-related misinformation before it happens. ♪♪ It's Wednesday, August 28, 2024. I'm Dave Bittner, and this is your Cyberwire Intel Briefing. ♪♪ Thanks for joining us here today. It is great to have you with us, as always. Thread Actors have been delivering malware to instant messaging users via a malicious pigeon plug-in and an unofficial fork of the Signal app. The Pigeon messaging app developers discovered that a plug-in named "ScreenShare OTR" had made it onto their official third-party plug-ins list. The plug-in, which claimed to offer screen-sharing over the OTR protocol, actually contained key logging code and shared screenshots with its operators. ESET's analysis revealed that the plug-in could download and execute malicious scripts, including the "Dark Gate" malware, which steals credentials and logs keystrokes. A similar back door was found in Cradle, an unofficial signal fork, which also included malicious code and used the same certificate as the Pigeon plug-in. Both the Pigeon plug-in and the Cradle app had Linux versions with similar capabilities. ESET has provided indicators of compromise to help detect these threats. Security researchers at Cisco Talos have identified that the Blackbite Ransomware Group is exploiting a recently patched vulnerability in VMware ESXi hypervisors to deploy ransomware and gain full administrative access to victim networks. The vulnerability allows attackers to bypass authentication on ESXi systems joined to an active directory domain. By exploiting this flaw, Blackbite can create a malicious EX admins group granting themselves administrative privileges. Cisco Talos researchers observed the group using this vulnerability to deploy ransomware, which spreads across networks using stolen credentials and vulnerable drivers. Microsoft has also noted similar exploits by other ransomware groups. Organizations are urged to patch their VMware ESXi systems promptly and implement strong access controls and monitoring to mitigate the impact of these attacks. The U.S. Department of State announced a $2.5 million reward for information leading to the arrest of Vladimir Caledaria, a Belarusian and Ukrainian national, involved in mass malware distribution. Katayira, also known by several aliases, was indicted in June 2023 alongside Maxim Silnical and Andre Tarasov for wire fraud and computer fraud conspiracy. Katayira allegedly participated in distributing the Angler exploit kit from 2013 through 2022 using Malvertizing and Scareware ads to spread malware, including ransomware. Victims were deceived into downloading malicious software or providing personal information, which was then sold on Russian cybercrime forums. The scheme also involved selling access to compromised devices. Silnical was recently extradited to the U.S. to face related charges. Schlatter Industries AG, a Swiss industrial manufacturer, experienced a significant disruption in its IT services due to a cyberattack involving malware on Friday. The company, a global leader in welding and weaving machines, reported that the attackers were attempting to blackmail them, likely demanding a ransom in exchange for encryption keys or to prevent the release of stolen data. While the specific malware wasn't disclosed, the nature of the attack suggests it's probably ransomware. Schlatter has involved internal specialists, external experts and authorities to mitigate the damage and investigate the potential theft of data. The U.S. Marshall Service has investigated claims by the Hunter's International Ransomware Gang, which recently posted 386 gigabytes of sensitive data online, including files on gangs, FBI documents and case information. U.S. Marshall Service spokesperson Brady McCarran stated that the data does not stem from a new breach, but is identical to information stolen during a ransomware attack on the agency in 2022. The Marshall Service confirmed that the 2022 incident was significant, though the group behind it was never identified. Hunter's International, known for high-profile attacks, is now soliciting monetary offers for the stolen data until August 30th. The U.S. Marshall Service did not comment on whether they had received any ransom demands and the investigation into the previous hack remains ongoing. The gang's recent actions have raised alarms due to their history of threatening victims to extort money. Park and Fly, a major off-airport parking service provider in Canada, has reported a data breach affecting 1 million customers after hackers accessed its network using stolen VPN credentials in mid-July. The breach, which occurred between July 11th and July 13th, exposed personal information such as full names, email addresses and physical addresses, arrow plan numbers and CAA numbers. However, no financial or payment card information was compromised. The company discovered the breach on August 1st and has since restored impacted systems while implementing additional security measures. Park and Fly's CEO, Carlo Morello, expressed regret over the incident and emphasized their commitment to safeguarding customer data. Customers have been advised to watch for phishing attempts and consider resetting passwords, especially those linked to Air Canada's frequent flyer program. Black Lotus Labs at Lumen Technologies discovered the active exploitation of a zero-day vulnerability in Versa Director servers, used by Internet and managed service providers to manage SD-WAN configurations. The vulnerability affecting all Versa Director versions before 22.1.4 allows attackers to deploy a custom web shell named VersaMEM, which intercepts credentials and runs additional Java code in memory. The exploitation, linked to Chinese state-sponsored groups Volt Typhoon and Bronze Silhouette, began as early as June 2024 and targeted several U.S. and non-U.S. entities. Black Lotus Labs advises all Versa Director users to upgrade to version 22.1.4 or later and follow Versa Network's security advisories. Due to the severity and potential impact on strategic assets, Lumen Technologies has shared this intelligence with U.S. government agencies. And speaking of U.S. government agencies, the FBI, SISA, and the Department of Defense Cyber Crime Center have issued a joint cybersecurity advisory warning that Iran-based cyber actors continue to exploit U.S. and foreign organizations as of August 2024. These targets include sectors such as education, finance, health care, defense, and local governments in the U.S., as well as entities in Israel, Azerbaijan, and the UAE. The FBI assesses that these actors aim to gain network access and collaborate with ransomware affiliates to deploy ransomware, while also conducting cyber espionage for the Iranian government. The advisory provides detailed tactics, techniques, and procedures and indicators of compromise, urging organizations to implement recommended mitigations to defend against these ongoing threats. The guidance is based on FBI investigations and technical analysis of these malicious activities. Coming up after the break, a first look at our new educational CertBite segment. Stay with us. And now a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. No Before, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's Security Coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more at nobefore.com/securitycoach. That's nobefore.com/securitycoach, and we thank No Before for sponsoring our show. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet Identity Continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, Identity Continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers. Just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages, with Identity Continuity from Strata, downtime is a thing of the past. Learn more at strata.io. Keep your business moving even when the unexpected happens. That's strata.io. [MUSIC] We are pleased to be kicking off a new bi-weekly educational segment called CertBite. It's hosted by N2K's Chris Hare along with George Monsalwachi. I sat down with Chris and George to find out more about CertBite. Well, Chris and George, welcome. It's great to have you here on the show, and I'm excited to talk about this new segment that we're going to be sharing, and it is called CertBite. Can I start with you, Chris, before we dig into what CertBite is, can you give us a little bit about yourself and your own background? Yes, thanks so much, Dave, for having us. I'm a project management specialist and content developer here at N2K. I've been here about a year and a half. I have about 20 plus years of experience as a writer and certified project manager. I've worked for several great companies, including N2K, such as Patagonia, Adobe, Harbor Freight Tools, and Guitar Center. I hold about nine professional certifications and counting, and I'm currently in charge of all project management related training and exam content, and I'm also the creator and host of this new podcast segment on your network, Dave, that we're here to discuss called CertBite. George, how about you? What brings you to the table here? I am a former Microsoft certified trainer. I've been training on Microsoft or working with Microsoft for 30 years, man, 30 years. Can you believe that? I have a whole bunch of Microsoft certifications, and I've been working probably for the past 17 years, writing content for practice tests and for people who want to achieve their Microsoft certification. Well, let's dig into CertBite itself. Chris, what is the premise of the show? So, Dave, every two weeks, I share a practice question from N2K's suite of top certification exam content and a study tip. Basically, to help our listeners fast track their career growth in IT, cybersecurity, and project management fields. And in each episode, I feature a guest host and one question from a leading certification exam. And for the first four episodes, my teammate George here will be my wingman. George, what sort of things can we expect from the episodes you're going to be part of? Well, we take a look at the actual exam, so we take one of the questions and we analyze it and basically find out what, why is it right? Why is it wrong? So, and also kind of when we do that, take a look and see how to use the process of elimination when finding the answers. Chris, I understand there is also going to be some study tips here. Yes, so we also share what I like to call a 10 second study bit, which offers a quick studying or prep strategy for the particular exam we're discussing. So, George, obviously you have a good bit of expertise with the Microsoft based questions. Are we going to be leading into that for your segments? Yes, I will be handling most of the Microsoft based segments, but we would like to, and we'll certainly delve into other disciplines, whether they be project management, CompTIA, Cisco, or others. So, Chris, beyond the questions themselves, I mean, there's some additional materials that you all are supplying as well. Yeah, so we have show notes that have some really good info in there too. Anytime we've used a term that we think may be helpful for our listener to delve into or learn more about, we link out to our glossary, and that also features work notes for some of our terms. And who do you suppose the target audience is here? I mean, does it go beyond the folks who are just getting started in their career? It is for anybody who is looking to start their career, pivot at any level of their career, anybody who has an interest in IT, cybersecurity, and project management fields. Are you planning on turning the tables on Chris to see how she does there as well? Well, she is a smart cookie, so I know that she'll do well. Likewise, George. So, what's the cadence here, Chris? How often can we expect to enjoy this segment here on the Cyberwire Daily? So it will be biweekly, and it will air on Wednesdays. Alright, well, without further ado, how about we share the first CertBite segment with our listeners? Here it is. Hi everyone, it's Chris. I'm a content developer and project management specialist here at N2K Networks. I'm also your host for this week's edition of CertBite, where I share a practice question from our suite of industry leading content and a study tip to help you achieve the professional certifications you need to fast track your career growth. Today's question targets the PMP, the Project Management Institute's Project Management Professional Certification, the Global Gold Standard Cert, typically targeted for those who have about three to five years of project management experience. This is not an actual test question, but an example of one that covers an objective for the seventh edition exam, which came out in August of 2021. And today I've invited my teammate, George, to join me. How are you today, George? I'm great, Chris. Thanks for having me. Absolutely. So, George is a highly technical Microsoft expert, and I thought it'd be fun to see how much he knows about project management. So, I know you've earned your PMP, George. Is that right? I did. And that was a long time ago, 12 years ago. Can you believe that? That's all right. I took mine quite a bit ago, so no problem. So, George, before we get into the question, I'm going to share a 10 second study bit for this exam for our listeners. You've taken the PMP already, but I'd like to know if this resonates with you. So, my 10 second study bit for the PMP is do a formula dump once you sit down at your testing site and get out your scratch paper, because not all credential tests let you do this. And I'm not sure if Microsoft exams let you do this as well. But I was able to do this for the PMP they do. Oh, that's good. It's a huge advantage, isn't it? Oh, yeah. And so, do you have a study tip for the PMP you'd like to share as well? Well, I would just like to add on to what you were saying. You certainly need to dump all those formulas that in your brain onto a piece of paper before you take the test. Chris, when I took that exam, it was three to four hours. It took forever and a day. So, my study tip would be when you go through practice test questions, make sure you go through practice test questions for at least a four hour period so that you are prepared to actually sit the exam to spend the four hours in that testing site. That would be my tip. Great tip. And it was four hours back in the day when we took it. It is now just shy of four hours, but that is still a good tip. So thank you for sharing that. All right, Georgia, you ready for your question? I guess so. You'll do fine. So, here's your question. Your project team is due to submit a deliverable today and you discover a defect in it. You're aware that your customer does not have enough technical knowledge to notice this defect. The deliverable technically meets the contract requirements, but would fail the fitness to use condition, which means basically it does not meet its intended purpose. So, what should you do in this situation? And here are your choices. Okay. Should you, A, inform the customer that the delivery will be late? B, document the matter in the lessons learned for future use. C, deliver the deliverable, get the formal acceptance and keep quiet. Or D, discuss the matter with your customer. So, George, while you're thinking this over, let me give you, I'm going to give you a second to think about it while I give you a bit of context around this. Okay. So, the question is testing your knowledge of PMI's code of ethics and professional conduct, which is a separate document from the PIMBOC. And it basically covers the moral parameters for conduct of a project manager in their profession. So, basically, honesty, responsibility, respect and fairness. So, all that said, what would be your answer? Well, looking at these choices, Chris, the only one that works would be discuss the matter with your customer. Let me explain why. So, the first one you said was inform the customer that the delivery is going to be late. You may have to do that, which brings up the other question or more questions. So, that goes back to discuss the matter with your customer. Document the matter in lessons learned for future use. You're going to have to do that anyway. And keep quiet. Probably not a good idea. You're going to end up sued. So, I'm going to go with discuss the matter with your customer. Excellent reasoning and excellent choice that is the correct answer D. You should discuss the matter with your customer. So, according to PMI's code of ethics and professional conduct, the project manager should protect the best interests of the stakeholders and be honest with them about the true status of the project. So, discussing the matter with your customer is the best approach. Good job, George. Thank you. Thank you so much for being my project management guinea pig. Really appreciate your time today. Thanks for having me. And thank you for joining me for this week's CertBite. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certBite@n2k.com. That's C-E-R-T-B-Y-T-E at n number 2k.com. If you'd like to learn more about N2K's practice tests, visit our website at n2k.com/certify. For sources and citations for this question, please check out our show notes. Happy certifying. Our CertBite segments will run every other week right here on the Cyberwire Daily Podcast. [MUSIC] [MUSIC] And now a word from our sponsor, Cortex. Security teams face a barrage of more. More security tools create more complexity. More devices need protection. More specialized focus areas create more silos. The security landscape is changing fast. How can security operations transform to meet current threats? Cortex, by Palo Alto Networks, consolidates SecOps tools into an integrated platform and helps organizations stop threats at scale with AI, automation, and analytics. Learn more at PaloOutoNetworks.com/cortex. [MUSIC] And finally, in a twist straight out of Minority Report, the cybersecurity firm Before AI is playing the role of pre-crime detectives, just like the precogs from the movie, but with a digital twist. They're not predicting murders, but they are spotting cyber crimes before they happen, specifically election-related scams and misinformation campaigns. These cyber criminals are registering domains with candidate names like Trump, Biden, Harris, and Kamala to create believable phishing sites aimed at stealing personal and financial information or spreading propaganda. Some sites are laughably amateurish, while others are sophisticated enough to fool unsuspecting voters. Before AI has even found some pre-crime sites linked to shady cryptocurrency schemes and others spreading malware. While these bad actors seem more interested in making a quick buck than swinging an election, their tactics are a reminder that the digital Wild West is alive and well as we head toward the polls. [MUSIC] And that's The Cyberwire. For links to all of today's stories, check out our daily briefing at TheCyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Fittner. Thanks for listening. We'll see you back here tomorrow. ♪♪♪ ♪♪♪ ♪♪♪
