Home

Dark Reading

01 February 2023

• Why CISOs Should Care About Brand Impersonation Scam Sites
  Enterprises often don't know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers' trust, money, and personally identifiable information.
• Nearly All Firms Have Ties With Breached Third Parties
  The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.
• CISA to Open Supply Chain Risk Management Office
  A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.
• Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report
  Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics.
• Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC
  Move will strengthen position as a leader in the identity governance and analytics market.
• Vista Equity Partners Completes Acquisition of KnowBe4
  .
• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
  Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.
• Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
  Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
• Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats
  Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.
• Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover
  Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Threatpost

• Student Loan Breach Exposes 2.5M Records
  2.5 million people were affected, in a breach that could spell more trouble down the line.
• Watering Hole Attacks Push ScanBox Keylogger
  Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
• Ransomware Attacks are on the Rise
  Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
• Twitter Whistleblower Complaint: The TL;DR Version
  Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
• Firewall Bug Under Active Attack Triggers CISA Warning
  CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
• Fake Reservation Links Prey on Weary Travelers
  Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
• iPhone Users Urged to Update to Patch 2 Zero-Days
  Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
• Google Patches Chrome’s Fifth Zero-Day of the Year
  An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

The Hacker News

01 February 2023

• Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
  01 February 2023
  Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A
• Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
  01 February 2023
  A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that's scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript
• New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
  01 February 2023
  A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google 
• Auditing Kubernetes with Open Source SIEM and XDR
  01 February 2023
  Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in
• Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
  01 February 2023
  The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its

Naked Security

• Password-stealing “vulnerability” reported in KeePass – bug or feature?
  Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
• GitHub code-signing certificates stolen (but will be revoked this week)
  There was a breach, so the bad news isn't great, but the good news isn't too bad...
• Serious Security: The Samba logon bug caused by outdated crypto
  Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
• Hive ransomware servers shut down at last, says FBI
  Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...
• Dutch suspect locked up for alleged personal data megathefts
  Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
• S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
  Lastest episode - listen now! (Or read the transcript.)
• GoTo admits: Customer cloud backups stolen together with decryption key
  We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.
• Apple patches are out – old iPhones get an old zero-day fix at last!
  Don't delay, especially if you're still running an iOS 12 device... please do it today!
• Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
  It's a really cool and super-simple trick. The question is, "Will it help?"
• T-Mobile admits to 37,000,000 customer records stolen by “bad actor”
  Once more, it's time for Shakespeare's words: Once more unto the breach...