Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts?

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/82

Selected reading.
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (The Hacker News)
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (BleepingComputer) ​
New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month (SecurityWeek) 
“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… (Guardio)
Request for Comment on Secure Software Self-Attestation Common Form (CISA)
OMB, CISA set to release common form for software self-attestation (FCW)
Pro-Russian hacktivism isn’t real, top Ukrainian cyber official says (CyberScoop)
Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop)