Home

Dark Reading

08 December 2022

• Hacker Fails for the Win
  Security researchers share their biggest initial screwups in some of their key vulnerability discoveries.
• Rackspace Incident Highlights How Disruptive Attacks on Cloud Providers Can Be
  A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.
• Fraudsters Siphon $360M From Retailers Using 50M Fake Shoppers
  Cyberattackers focused on ad fraud and clickjacking stole millions during Black Friday by hijacking shopper accounts and tying up transactions.
• Android Serves Up a Slew of Security Updates, 4 Critical
  Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
• Key Security Announcements From AWS re:Invent 2022
  At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.
• 4 Arrested for Filing Fake Tax Returns With Stolen Data
  Cybercrooks allegedly stole personal data, used it to file IRS tax documents, and routed refunds to bank accounts under their control.
• Will New CISA Guidelines Help Bolster Cyber Defenses?
  Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.
• Piiano Equips Developers to Stop Sensitive Data Breaches
  Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.
• 3 xIoT Attacks Companies Aren't Prepared For
  A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.
• San Francisco Rolls Back Its Plan for Killer Robots
  After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.

Threatpost

• Student Loan Breach Exposes 2.5M Records
  2.5 million people were affected, in a breach that could spell more trouble down the line.
• Watering Hole Attacks Push ScanBox Keylogger
  Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
• Ransomware Attacks are on the Rise
  Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
• Twitter Whistleblower Complaint: The TL;DR Version
  Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
• Firewall Bug Under Active Attack Triggers CISA Warning
  CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
• Fake Reservation Links Prey on Weary Travelers
  Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
• iPhone Users Urged to Update to Patch 2 Zero-Days
  Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
• Google Patches Chrome’s Fifth Zero-Day of the Year
  An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

The Hacker News

08 December 2022

• Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
  08 December 2022
  An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is
• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack
  08 December 2022
  An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.
• Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022
  07 December 2022
  The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an analysis of leak site data by Palo Alto Networks
• How XDR Helps Protect Critical Infrastructure
  07 December 2022
  Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital
• Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
  07 December 2022
  The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include

Naked Security

• SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
  Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
• Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
  Ninth more unto the breach, dear friends, ninth more.
• Ping of death! FreeBSD fixes crashtastic bug in network tool
  It's a venerable program, and this version had a venerable bug in it.
• Apple pushes out iOS security update that’s more tight-lipped than ever
  We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
• LastPass admits to customer data breach caused by previous breach
  Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
• The CHRISTMA EXEC network worm – 35 years and counting!
  "Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...
• S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]
  Latest episode - listen now (or read if you prefer)...
• Serious Security: MD5 considered harmful – to the tune of $600,000
  It's not just the hashing, by the way. It's the salting and the stretching, too!
• TikTok “Invisible Challenge” porn malware puts us all at risk
  An injury to one is an injury to all. Especially if the other people are part of your social network.
• Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)
  There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!