CyberWire Daily: SonicWall Breach, Chrome Zero-Day, AI in Malware, and OSINT Insights

SonicWall Cloud Backup Breach

• ⚠️ SonicWall confirmed a breach of its My Sonic Wall cloud backup platform, resulting from brute force attacks against its API.
• 🔑 Attackers gained access to firewall configuration files, potentially exposing network maps, VPN credentials, API keys, and encrypted passwords.
• 🚨 While fewer than 5% of firewalls were affected, users are advised to reset all passwords, keys, and shared secrets across various services if their devices were flagged.

Critical Software Vulnerabilities

• 💻 Google has released emergency patches for a high-severity zero-day vulnerability in Chrome's V8 JavaScript engine, the sixth exploited zero-day this year.
• 🎯 The flaw, reported by Google's Threat Analysis Group, is suspected to be linked to state-backed spyware campaigns targeting high-risk individuals.
• 🐛 A new self-replicating worm, dubbed Shai-Hulud, has compromised over 180 npm packages, stealing developer credentials and exposing secrets, with analysis suggesting AI assistance in generating malicious code.

Geopolitical Cyber Threats and Law Enforcement

• 🇨🇳 Chinese state-aligned actors, identified as TA415, are targeting US agencies with phishing emails impersonating officials to gather trade policy insights.
• 🕵️ The UK's National Crime Agency will lead the Five Eyes Law Enforcement Group, focusing on disrupting cyber crime, money laundering, and online child sexual abuse.
• 🏨 The RevengeHotels campaign is leveraging AI-generated loader scripts to deliver VenomRAT to Windows systems, targeting the hospitality sector.

Ransomware, Surveillance, and Crypto Scams

• 💰 Venture capital firm Insight Partners disclosed details of a ransomware attack affecting over 12,000 individuals, highlighting the risks to firms holding sensitive financial data.
• 🚗 A lawsuit in Norfolk, Virginia, challenges the extensive surveillance capabilities of automated license plate readers (ALPRs), with one individual tracked hundreds of times.
• 🎙️ A new phishing campaign in the crypto world impersonates the Empire podcast to lure victims into downloading AMOS Stealer malware disguised as a desktop client.

The Human Element in Intelligence Work

• 🧠 Brock Lupton of Maltego emphasizes that intelligence work is fundamentally human, requiring insight and intuition beyond machine capabilities.
• 🗣️ He cautions against