An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.

Fangxiao works ad scams enroute to other compromises. Killnet claims to have defaced a US FBI site. CISA registers another Known Exploited Vulnerability. Difficulties with Twitter's SMS 2FA system. Zendesk vulnerability discovered. Joe Carrigan explains registration bombing for email addresses. Our guest is Miles Hutchinson from Jumio with insights on defense against sophisticated ransomware attackers. And Billbug romps through Asian government agencies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/219 Selected reading. Fangxiao: a Chinese threat actor (Cyjax) Fangxiao: A Phishing Threat Actor (Tripwire)  Russian hackers claim cyber attack on FBI website (Newsweek)  CISA Has Added One Known Exploited Vulnerability to Catalog (CISA) Twitter’s SMS Two-Factor Authentication Is Melting Down (WIRED) Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk (Varonis) Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries (Symantec) Chinese hackers target government agencies and defense orgs (BleepingComputer)  Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (The Hacker News)