Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Poland and Ukraine conclude cybersecurity agreement. Greek national natural gas supplier under criminal cyberattack. Update to the Joint Alert on Zimbra exploitation. Addition to CISA's Known Exploited Vulnerabilities Catalog. Johannes Ullrich from SANS on Control Plane vs. Data Plane vulnerabilities. Our guest is David Nosibor, Platform Solutions Lead for UL to discuss SafeCyber Phase II. And, finally, targeting and trolling, with an excursus on Speedos. Really.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/159

Selected reading.
New Iranian APT data extraction tool (Google)
LockBit gang hit by DDoS attack after Entrust leaks (Register) 
Former security chief claims Twitter buried ‘egregious deficiencies’ (Washington Post) 
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies (CNN) 
Twitter’s Ex-Security Head Files Whistleblower Complaint (Wall Street Journal)
Deception, Bots, and Foreign Agents: The Twitter Whistleblower’s Biggest Allegations (Time)
The Ministry of Digital Transformation, State Service of Special Communication and Information Protection and the Council of Ministers of the Republic of Poland signed Memorandum of understanding in the cybersecurity field. (State Service of Special Communication and Information Protection) 
Greek natural gas operator suffers ransomware-related data breach (BleepingComputer) 
Greek gas operator refuses to negotiate with ransomware group after attack (The Record by Recorded Future)
Announcement | (DESF)
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) 
US government really hopes you've patched your Zimbra server (Register)
CISA Adds One Known Exploited Vulnerabilities to Catalog (CISA) 
Speedo-wearing Russian tourists leak defence secrets on Twitter (The Telegraph)