Full width home advertisement

Post Page Advertisement [Top]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Mike Kelley, vp, CISO, The E.W. Scripps Company.

To get involved you can watch live and participate in the discussion on YouTube Live
https://www.youtube.com/watch?v=84QGpkML6hM or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover, time permitting:

TeamViewer still being abused to breach networks in new ransomware attacks
According to security firm Huntress, the popular remote access tool TeamViewer is still being used by ransomware actors to break into the endpoints of organizations to deploy encryptors. Bleeping Computer points out that the techniques have not changed much since a 2016 attack in which the Surprise ransomware was successfully deployed after threat actors used a credential stuffing attack. TeamViewer, in a statement, reminded customers and the media that, most instances of unauthorized access involve a weakening of TeamViewer’s default security settings through the use of easily guessable passwords which is only possible by using an outdated version of their product. The company stresses the need for complex passwords, two-factor authentication, allow-lists, and regular software updates.
(Bleeping Computer and Huntress)

Ransomed schools reveal a hidden cost of ransomware: mold
One of the lesser discussed but still serious outcomes of a ransomware attack was revealed last month when the Pawtucketville Memorial Elementary School of Lowell, MA, released its indoor air quality assessment, prepared by the Massachusetts Department of Public Health. Mold growth in the elementary school caused a delay in its opening due to “conditions that appear to have to have been brought on this past summer by a combination of lack of heating, ventilation, and air conditioning (HVAC) system controls, due to a cyberattack of the City of Lowell’s computer systems.” This is just one of a number of schools that have suffered structural and environmental damage due to ransomware. Others, including in a school district in Ohio were forced to cancel classes due to a TrickBot infection that required the re-imaging of 1,000 computers and laptops.
(Lowell, MA and ZDNet)

Australia sanctions REvil hacker behind Medibank data breach
Australia announced Tuesday, that it will leverage its new cyber sanctions against a Russian national allegedly responsible for the 2022 hack of Australian health insurance provider, Medibank. Aleksandr Gennadievich Ermakov, who is believed to be a member of the REvil ransomware group, leaked personal health information of nearly 10 million Medibank customers. Australian authorities worked with international partners to tie Ermakov to the hack. While Ermakov’s arrest is unlikely, Australia’s new sanctions (introduced in 2021) allow Australia to impose travel bans and asset freezes. Those who attempt to provide assets to Ermakov could also face imprisonment and heavy fines. Australian authorities are confident that simply naming Ermakov will cause significant harm to his cyber operations. The United States and United Kingdom also announced sanctions against Ermakov.
(Bleeping Computer and The Guardian)

X adds support for passkeys on iOS
X, formerly Twitter, announced Tuesday that it will support the use of passkeys, which offer users a more secure login method than traditional passwords. Passkeys have already been adopted by Apple iOS and by Google as well as a number of high-profile apps including PayPal, TikTok, and WhatsApp. Passkey technology uses biometric authentication like Face ID or Touch ID, a PIN, or a physical security authentication key to validate login attempts, therefore combining the benefits of two-factor authentication (2FA) into a single step. X’s move comes on the heels of high-profile Twitter account hacks including that of the U.S. Securities and Exchange Commission.
(TechCrunch)

Brits warn of the AI impact on ransomware
The UK’s National Cyber Security Centre published an assessment maintaining it was “almost certain” new AI tools would cause an increase in ransomware attacks, with an uneven benefit to threat actors. The NCSC said it used academic material, open source tools, industry insight and classified intelligence for this finding. Right now the agency said AI tools assist with reconnaissance and social engineering, but likely will extend to malware development and vulnerability detection. The assessment believes only highly resourced threat actors will see the benefit of AI tools, and likely not see this impact ransomware attack volume until 2025.
(The Record)

Watch for increasing sophistication from threat actors, says Experian
Experian’s 11th annual Data Breach Industry Forecast includes six predictions that they suggest will cause even more excitement in the cybersecurity industry this year. In short, these are the expansion of third-party vendor breaches will extend to fourth, fifth and even sixth party breaches, manipulating tiny bits of data such as transportation coordinates to cause chaos, attacks on supply chains for rare earth materials, and insider activities such as learning stock market insights early to earn cash in through legitimate markets. A link to the report is available in the show notes to this episode.
(ITSecurityGuru.org and Experian’s 11th annual Data Breach Industry Forecast)

Cybersecurity startup funding down 50%
New figures from Crunchbase show that cybersecurity startups saw a big dip in funding, pulling in $8.2 billion in 2023, the lowest total since 2018. That’s down 50% on the year and down 65% from 2021. YL Ventures senior partner Ofer Schreiber characterized this as a come down from bloated valuations in 2021. Analysts also noted that interest in the market remains high and could see significantly more investment this year, as firms look for security solutions around AI.
(Crunchbase)

Thailand court attempts to suppress data leak
The operator of the site 9near [dot] org announced on an illicit forum that it held a data set on over 55 million people in Thailand. This data included names, ID card numbers, phone numbers, and birthdates. If all of these prove unique individuals, that would mean data on about 83% of the country’s population. The criminal court of Thailand ordered a block placed on the site. Resecurity analysts passed on a report that the country’s Rural Doctors Society suspected the leak originated from the Public Health Ministry’s Immunization Centre.
(Resecurity)

CISA boss targeted in “harrowing” swatting attack
CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report was made of a shooting at her home. Swatting involves a serious crime being falsely reported, causing heavily armed law enforcement officers to rush to the scene. These hoaxes are not only intimidating for victims but, in some cases, have turned deadly. Easterly described the incident as “harrowing” and added that harassment of public officials, including swatting incidents and personal threats, has become a troubling trend in recent years. CISA declined to answer questions about who was behind the crime or why Easterly was targeted.
(The Register and Dark Reading) submitted by /u/CISO_Series_Producer
[link] [comments]


http://dlvr.it/T1wY5X

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib