WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • VPN Providers Abandon India Amid Privacy Crackdown

    VPN Providers Abandon India Amid Privacy Crackdown

    As expected, India’s new privacy regulations are leading to a mass exodus of VPN providers.

    India introduced legislation to force VPN providers to capture and collect customer data, defeating the very purpose of why many use VPN services. Many companies threatened to leave the country if the legislation passed, and they are now following through, according to Wired.

    “As digital privacy and security advocates, we are concerned about the possible effect this regulation may have on not only our users but people’s data in general,” says a NordVPN spokesperson. “From what it seems, the amount of stored private information will be drastically increased throughout hundreds or maybe thousands of different companies.” She adds that similar regulations have been “typically introduced by authoritarian governments in order to gain more control over their citizens.”

    Despite India having the highest VPN adoption rate last year, or perhaps because of it, the government began moving to force VPN providers to collect customer data. The government has tried to reassure the industry and its citizens that it would only take advantage of that data collection on a case-by-case basis. Many are not convinced, however, given India’s history of surveilling activists, critics, and political rivals.

    “VPNs by nature can be a privacy advancing tool and can be capable of protecting information security in multiple ways, being used by individuals and companies to secure confidential information,” says Tejasi Panjiar, Internet Freedom Foundation associate policy counsel. “They also help secure digital rights under the constitution, especially for journalists and whistleblowers, because the nature of information that’s transferred over VPNs is primarily encrypted, which allows them not only to secure confidential information but also to safeguard their own identity, protecting them from surveillance and censorship.”

    NordVPN, ExpressVPN, and Surfshark have all taken steps to remove their servers from India while still providing ways for Indian customers to connect to their VPN services.

  • The Potential Threats of Cyber War

    The Potential Threats of Cyber War

    Before Russia began their assault, Ukraine suffered from a new malware designed to erase data. More than 150 cyberattacks were launched against Ukraine in the first few weeks of 2022 with hackers disabling about 70 government systems and the FBI asking companies in the U.S. to let them know of “any increased (cyber)activity against Ukraine or U.S. critical infrastructure.” In fact, the world was hit by more than 6 billion potential cyberattacks happening in a single 24-hour period in March. 

    Russia was hit by 61% of the cyberattacks while Ukraine experienced 23% of the attacks, the most out of all the countries targeted. For Russia particularly the war with Ukraine is possibly providing the country a way to test their next generation of cyber weapons. Ukraine’s limited resources to aid in a counter-attack make the country a good testing ground. 

    Increasing Threats of Cyber Attacks

    The number of cyberattacks have significantly grown over the years. In 2015, Russian hackers disrupted 230,000 Ukrainian’s electricity source while in 2016 a similar attack was carried out on the Ukrainian government agencies and financial establishments. These incidents have led the U.S. and the E.U. to provide support to increase Ukraine’s cyber defenses. However, cyberattacks are predicted to not stay within its borders, so another option for support is tpo have pro-Ukraine hackers attack websites in Russia instead of important infrastructure to create chaos internally.  

    Within the U.S., 32% of tech executives are emphasizing the seriousness of creating a national cybersecurity protocol for protection. With cyber and physical assets gradually getting more connected, risks are increasing in terms of network and physical infrastructure security. The pandemic has only made us more vulnerable to cyberthreats as more of our information enters the cloud and a handful of services continue to be provided digitally. 

    The Scale of Cyber War

    If we experience a cyberattack today, it probably won’t be as devastating as a cyber war as they are mainly used to test new cyberweapons. Nonetheless, cyberattacks can still cause electrical grids to shut down, power infrastructures to explode, and technology to be destroyed.. The effect could even be magnified if an attack successfully disrupts multiple targets at one time. 

    A cyber war instead has the potential to impact everyone on the level of a natural disaster. An act such as destroying the power grid could cause great damage due to burst pipes, loss of essential water, food, and electrical sources,  disruption to everyone’s lives, and ultimately more than 200 deaths. In the U.S., more than 90% of citizens are afraid of a cyber war breaking out even though many people believe the U.S. is the most protected against cyber war attacks. 

    Expert Witness Perspective

    “Besides obviously providing a mechanism for attacking military targets, cyberwar offers nations the ability to surreptitiously interfere with the lives of civilians living in opponents’ domains. Cyberwar lets warring nations inflict power failures or Internet outages, disable payment processing networks, and/or cause mass transportation and traffic control failures, all of which may not only offer attackers plausible deniability, but, may simultaneously cause the populations of adversarial nations to grow increasingly frustrated with their own leaders and less supportive of continuing the relevant conflict.” said Joseph Steinberg, cybersecurity expert witness.

    In Summary

    Cyberattacks can still pose a serious threat as 90% of attacks are distributed denial of service (DDoS) attacks, which cause people to lose access to resources such as finances, running water, internet, and fresh food. Americans have actually begun to take measures to protect themselves from a potential cyber war. This involves actions like backing up their electronics and important documents as well as updating all computer and mobile software. 

    It’s never too late to build a strong cyber defense. 

    Next Gen Cyber Warfare
  • Small Businesses Need A Cybersecurity Plan, Too. Here’s Where To Start

    Small Businesses Need A Cybersecurity Plan, Too. Here’s Where To Start

    43% of all data breaches involve small and medium businesses. Small businesses need a robust cybersecurity plan, as cyber attackers often target them, assuming their cybersecurity strategy will be weak.

    So, how can small businesses reinforce their cybersecurity strategy?

    Keep reading for the ultimate guide to small business security. This guide will help you build a security strategy that will help you meet GDPR compliance and avoid a data breach.

    Train Your Employees On Data Protection Policies

    Human error is one of the leading causes of data breaches. Experiencing a data breach can put your company’s reputation in the balance and cause significant financial losses. It’s in your best interest to provide employees with adequate training on data protection policies, eliminating the risk of human error leading to a data breach.

    Your employees need to know about your data protection policies, and you should teach them about GDPR and the expectations they must meet to ensure compliance.

    When you train your employees on data protection policies, you should also cover the following cybersecurity topics:

    • Password creation – you should instruct your employees on the importance of setting unique passwords for each company account. Your data protection training should also cover how to create strong passwords and why weak passwords create vulnerabilities in your cybersecurity strategy.
    • Software updates – you should train your employees to regularly update any software on their devices. If they are operating with older software versions, this could put your data at risk. Older software versions often have vulnerabilities not present in newer versions of the software, and a cybercriminal may take advantage of this vulnerability to access your data.
    • How to spot phishing scams – malware attacks and phishing scams are the main factors that lead to human error, causing a cybersecurity breach. You should train your employees to spot phishing scams and malware attacks. You should also cover the importance of not sharing any sensitive information with an unverified source.

    Install A Firewall

    Firewalls are an invaluable element in any cybersecurity strategy. Without a firewall, traffic can enter your network freely without any checks or safety measures. A firewall acts as a barrier around your network, monitoring the incoming and outgoing traffic to ensure that only trusted sources are allowed to access your network. Since small businesses are often more vulnerable to cyberattacks, investing in a firewall is necessary, as it provides your network with an additional layer of protection.

    Encrypt Your Company Data

    In addition to securing your network with a firewall, you must also consider the benefit of encrypting your company data. Encryption is where your company data is scrambled and made unreadable to those who do not have the cipher to decode the information. So, even if a cyber attacker managed to get past your firewall and access company data successfully, the information they accessed would be unreadable and thus useless – protecting your business from breaking GDPR compliance.

    Ensure Employees Use A VPN When Working Remotely

    Many small businesses are implementing remote working models to give their employees a better work-life balance while improving productivity. However, with remote work comes the fear of data exposure from compromised employee networks and devices.

    To ensure remote working does not interfere with your data security, you should implement a policy that requires employees to use a VPN when accessing company information from home. A VPN makes it more difficult for cyber attackers to find your employees’ IP addresses, allowing them more anonymity online. It also creates an encrypted tunnel through which your data travels when you send and receive information. Implementing a VPN can reduce data vulnerability when employees work remotely.

    Implement A Zero-Trust Cyber And Physical Security Strategy

    Zero-trust is a cybersecurity policy designed to not only protect government organizations but also businesses from the threat of an internal security breach. Should an employee device or network become compromised, a cyber attacker may be able to gain access to a wide range of company data. However, with a zero-trust policy in place, your employee will only gain access and permissions for the data they need to carry out daily tasks. So, even if their device or account is breached, the hacker will only gain access to a limited amount of information.

    Zero-trust isn’t just for your cybersecurity policy, either. If a visitor, interviewee, or contractor enters your office building, does this mean they should be able to access your server rooms and rooms housing sensitive data? 

    You need to enforce your cybersecurity policies regarding physical security and ensure that your server rooms are protected from internal and external threats to data security. You can install cloud-based card access control systems on areas housing servers and devices that host sensitive company information, protecting your data from physical and digital threats.

    If you converge your cybersecurity with physical security and also implement cloud security, you are giving your business the best protection from any potential threats.

    Summary

    Small businesses aren’t immune to cybersecurity threats. Cyber Attackers often target them assuming that their cybersecurity strategy will be weak. By implementing these cybersecurity strategy tips, you can ensure your data is protected and avoid the consequences of breaking GDPR compliance regulations.

  • DHS Announces $1 Billion State and Local Cybersecurity Grant Program

    DHS Announces $1 Billion State and Local Cybersecurity Grant Program

    The Department of Homeland security is launching the first-of-its-kind cybersecurity grant program for state, local, and territorial (SLT) governments.

    The State and Local Cybersecurity Grant Program is being funded by President Biden’s Bipartisan Infrastructure Law, providing $1 billion for SLT governments. The grants will help SLT governments to better prepare for and defend against ever-growing cybersecurity threats.

    “Cyberattacks have emerged as one of the most significant threats to our homeland,” said Secretary of Homeland Security Alejandro N. Mayorkas. “In response, we continue to strengthen our nation’s cybersecurity, including by resourcing state and local communities to build and enhance their cyber defenses. The cybersecurity grant process we are starting today is a vital step forward in this critical effort. Our approach is one of partnership, in the service of an all-of-society investment in the security of our homeland.”

    “As we build a better America, we’re ensuring that our infrastructure is more modern and digitally connected. But along the way, we must also take proactive steps to increase our resilience to the increasing threat of cyberattacks,” said White House Infrastructure Coordinator Mitch Landrieu. “Thanks to the President’s Bipartisan Infrastructure Law, we’re making a once-in-a-generation investment of $1 billion in infrastructure cybersecurity, giving our state and local governments the resources they need to guard against debilitating cyber threats. Today’s announcement marks an important step in our commitment to strengthen resilience, protect and improve our nation’s infrastructure, and safeguard our economy.”

  • Morgan Stanley to Pay $35M Fine for Exposing 15M Customer Records

    Morgan Stanley to Pay $35M Fine for Exposing 15M Customer Records

    The Securities and Exchange Commission (SEC) has reached a deal with Morgan Stanley over the latter’s failure to protect customer data.

    According to the SEC, Morgan Stanley Smith Barney LLC (MSSB) failed to properly dispose of hard drives containing customer data over a five-year period. Instead, the firm relied on an outside company that was ill-qualified to destroy and decommission thousands of hard drives for the firm, putting the data of 15 million customers at risk.

    To make matters worse, some of the hard drives found their way onto an internet auction site still containing customers’ personal information. MSSB was able to recover some of the drives, but the vast majority were never recovered.

    MSSB also failed to use various security measures that were available. For example, many of the drives had encryption capability built in, but the firm had not activated it, leaving the data unprotected.

    As a result of its failings, the SEC has charged MSSB a $35 million penalty, which the firm has agreed to pay.

    “MSSB’s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so,” said Gurbir S. Grewal, Director of the SEC’s Enforcement Division. “If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors. Today’s action sends a clear message to financial institutions that they must take seriously their obligation to safeguard such data.”

  • Cloudflare Launches Adaptive DDoS Protection

    Cloudflare Launches Adaptive DDoS Protection

    Cloudflare has launched its latest weapon in the war to protect the internet from bad actors: Adaptive DDoS Protection.

    Cloudflare is one of the leading content delivery networks (CDN), and is at the forefront of cybersecurity. The company has been at the forefront of DDoS protection, helping to thwart some of the biggest attacks in history.

    As part of its ongoing efforts to improve security, Cloudflare has introduced Adaptive DDoS Protection. The new feature coexists with the company’s existing DDoS protection tools but takes it to the next level by learning a customer’s traffic patterns and using that info to add an extra layer of protection.

    “The Adaptive DDoS Protection system creates a traffic profile by looking at a customer’s maximal rates of traffic every day, for the past seven days,” writes Omer Yoachimik, Product Manager / Cloudflare’s DDoS Protection Service. “The profiles are recalculated every day using the past seven-day history. We then store the maximal traffic rates seen for every predefined dimension value. Every profile uses one dimension and these dimensions include the source country of the request, the country where the Cloudflare data center that received the IP packet is located, user agent, IP protocol, destination ports and more.”

    The new feature works out of the box, automatically creating the profiles it needs to function. Customers can then tweak the sensitivity rules, as well as what actions are taken in response.

    “Adaptive DDoS Protection complements the existing DDoS protection systems which leverages dynamic fingerprinting to detect and mitigate DDoS attacks,” Yoachimik adds. “The two work in tandem to protect our customers from DDoS attacks. When Cloudflare customers onboard a new Internet property to Cloudflare, the dynamic fingerprinting protects them automatically and out of the box — without requiring any user action. Once the Adaptive DDoS Protection learns their legitimate traffic patterns and creates a profile, users can turn it on to provide an extra layer of protection.”

    Cloudflare’s goal is nothing short of ending the threat DDoS attacks pose, and its latest feature is a major step in that direction.

  • Scammers Are Abusing the Microsoft Edge News Feed

    Scammers Are Abusing the Microsoft Edge News Feed

    Scammers are abusing Microsoft Edge’s news feed, running malicious ads in an effort to direct users to tech support scams.

    Edge is Microsoft’s Chromium-based web browser that replaced Internet Explorer. Like many browsers, Edge provides a news feed for users. The feed also contains various advertisements, which scammers have figured out how to abuse.

    Malwarebytes researchers outlined how the scam works:

    When a user clicks on one of the malicious ads, a request to the Taboola ad network is made via an API (api.taboola.com) to honor the click on the ad banner. The server will respond with the next URL to load.

    This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers. What’s worth noticing is the cloud infrastructure that is being leveraged here, making it very difficult to block.

    Malwarebytes said this particular scam is one of the biggest it has seen, and has been active for at least a couple of months. Users should use an ad and malware blocker, and may be better off using another browser until Microsoft addresses the issue.

  • Uber Says No ‘Sensitive User Data’ Accessed in Breach

    Uber Says No ‘Sensitive User Data’ Accessed in Breach

    In the wake of reports its systems were breached, Uber is reassuring users no “sensitive user data” was accessed.

    Uber acknowledged Thursday it was investigating reports of a data breach after a hacker posted a message on the company’s Slack channel saying they had hacked the company. Screenshots of the breach were shared on Twitter:

    The company now says no “sensitive user data” was accessed and that its systems are coming back online:

    While our investigation and response efforts are ongoing, here is a further update on yesterday’s incident:

    – We have no evidence that the incident involved access to sensitive user data (like trip history).

    – All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational.

    – As we shared yesterday, we have notified law enforcement.

    – Internal software tools that we took down as a precaution yesterday are coming back online this morning.

  • PSA: Update Windows Immediately

    PSA: Update Windows Immediately

    Microsoft has released updates to fix a zero-day vulnerability impacting all versions of Windows, from Windows 7 to Windows 11.

    According to Microsoft, the bug allows a bad actor to escalate privileges related to the Windows Common Log File System Driver. This could give the hacker full system privileges — the highest level available — giving them full access and control of the computer.

    Fortunately, the vulnerability is not a fully remote attack and still requires social engineering or some other method to gain initial access, which can then be used to elevate privileges.

    “This bug in the Common Log File System (CLFS) allows an authenticated attacker to execute code with elevated privileges. Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” writes Zero Day Initiative’s Dustin Childs. “Once they do, additional code executes with elevated privileges to take over a system. Usually, we get little information on how widespread an exploit may be used. However, Microsoft credits four different agencies reporting this bug, so it’s likely beyond just targeted attacks.”

    Given this attack is already being used in the wild, all users should update their Windows installation immediately.

  • Patreon Just Let Its Entire Security Team Go [Updated]

    Patreon Just Let Its Entire Security Team Go [Updated]

    Update: Story has been updated with a response from Patreon.

    Patreon may have just put a massive target on its back with the news that it has reportedly laid off its entire security team.

    Patreon is the funding platform that many content creators use to support themselves. The platform gives creators a way to build a community around the content they offer and gives fans the ability to become “patrons” of their favorite creators. Unfortunately, especially for a company that handles so much financial information, Patreon appears to have laid off its security team.

    Emily Metcalfe, Patreon Senior Security Engineer, broke the news in a LinkedIn post:

    So for better or worse, I and the rest of the Patreon Security Team are no longer with the company. As a result I’m looking for a new Security or Privacy Engineering role and would appreciate any connections, advice, or job opportunities from folks in my network.

    Ellen Satterwhite, Patreon’s Interim Head of Communications & US Policy Lead, reached out to WPN to provide some clarity on the company’s decision and reassure users that it will remain a safe and secure platform:

    As a global platform, we will always prioritize the security of our creators’ and customers’ data. As part of a strategic shift of a portion of our security program, we have parted ways with five employees. We also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.

    Only time will tell if Patreon’s reliance on “external organizations” will be enough to maintain the security its users rely on. Even with its external partnerships, however, it’s hard to imagine a company of Patreon’s significance letting its own internal security team go.

  • TikTok Says It Was Not Hacked After Billions of Users’ Data Leaked

    TikTok Says It Was Not Hacked After Billions of Users’ Data Leaked

    TikTok is doing damage control, denying it was hacked after hackers claimed to have stolen source code and data on billions of users.

    TikTok is one of the most popular social media platforms, making it a prime target for hackers. According to BleepingComputer, hacker group AgainstTheWest (ATW) announced on a hacking forum that they had breached TikTok, as well as WeChat, displaying screenshots of what they claimed is a database containing 2.05 billion user records, source code, server info, and more.

    Despite the hackers’ claims, TikTok says their servers were not breached, and the stolen code is unrelated to their backend source code, giving the following statement to BleepingComputer:

    “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.”

    Contrary to what their name may imply, ATW is not anti-West, but rather targets anti-Western countries. Only time will tell if their claims of breaching TikTok are true or not. In the meantime, TikTok maintains that its users are safe.

  • Google Tackles Supply Chain Attacks With New Bug Bounty

    Google Tackles Supply Chain Attacks With New Bug Bounty

    Google is tackling supply chain cybersecurity attacks with a new bug bounty program.

    Supply chain attacks involve hackers compromising the source code or service used by a range of industries and companies rather than targeting each individual organization. As a result, a single successful supply chain attack can compromise hundreds or even thousands of organizations using the service or product.

    WIih supply chain attacks growing in popularity, Google is looking to address the problem with a bug bounty program. Bug bounties refer to the payouts paid to professional hackers and security experts, also known as “white hats,” who find bugs and report them to companies so they can fix them before bad actors exploit them.

    Google posted the new bug bounty program in a blog post:

    Today, we are launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects. As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.

    Google made it clear that the goal of the new program was to help secure open source software supply chains.

    The addition of this new program addresses the ever more prevalent reality of rising supply chain compromises. Last year saw a 650% year-over-year increase in attacks targeting the open source supply chain, including headliner incidents like Codecov and the Log4j vulnerability that showed the destructive potential of a single open source vulnerability. Google’s OSS VRP is part of our $10B commitment to improving cybersecurity, including securing the supply chain against these types of attacks for both Google’s users and open source consumers worldwide.

    Google says payouts will range from $100 to $31,337, depending on the severity and importance of the bug, as well as whether it is particularly interesting or unusual.

  • LastPass Source Code Stolen in Data Breach

    LastPass Source Code Stolen in Data Breach

    Popular password manager LastPass has revealed that portions of its source code were stolen by hackers in a recent data breach.

    LastPass revealed the news in a blog post, emphasizing that no customer data was stolen and no password vaults were compromised. Instead, the hackers seem to have largely focused on gaining access to the company’s source code.

    We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.

    The company emphasizes that customers do not need to take any additional action at this time.

    At this time, we don’t recommend any action on behalf of our users or administrators. As always, we recommend that you follow our best practices around setup and configuration of LastPass which can be found here.

  • Hyundai Secures Its Vehicles Systems With Sample Encryption Keys

    Hyundai Secures Its Vehicles Systems With Sample Encryption Keys

    In what may be one of the worst examples of cybersecurity, Hyundai is being called out for using example encryption keys for its security.

    Encryption keys are critical components of modern cryptography. The key used to decrypt sensitive information is supposed to be carefully and closely guarded.

    According to The Register, Hyundai’s programmers seemed to have missed the memo and instead used cryptographic keys found in publicly available programming tutorials.

    A developer, going by the handle “greenluigi1,” discovered he could overwrite Hyundai’s infotainment system with his own software thanks to Hyundai using publicly available crypto keys. Once he discovered them, it was a relatively simple matter trick the system into accepting his software as a valid update.

    The entire situation is a case study in bad programming, not to mention the danger drivers can be exposed to as a result. If a vehicle’s computer system is compromised, there’s no limit to the dangerous scenarios that can result if key parts of the vehicle’s software are replaced with malicious elements.

    As manufacturers create vehicles that are increasingly connected to the rest of the world, they’re going to have to do a much better job securing those vehicles — or Hyundai will need to, at the very least.

  • FTC Targets ‘Corporate Surveillance’ and ‘Data Security’

    FTC Targets ‘Corporate Surveillance’ and ‘Data Security’

    The Federal Trade Commission (FTC) is targeting “corporate surveillance,” wherein companies profit from the data they collect on consumers.

    Corporate surveillance has become a growing problem, with companies collecting vast quantities of consumer data — often without the individual knowing — and then sharing or selling the data to data brokers and other entities. Obviously, the more data is collected, the more vulnerable individuals become to online threats, identify theft, and more, as the FTC makes clear.

    Commercial surveillance is the business of collecting, analyzing, and profiting from information about people. Technologies essential to everyday life also enable near constant surveillance of people’s private lives. The volume of data collected exposes people to identity thieves and hackers. Mass surveillance has heightened the risks and stakes of errors, deception, manipulation, and other abuses.

    In response, the FTC is investigating whether new rules are needed and soliciting public feedback on the matter.

    The Federal Trade Commission is asking the public to weigh in on whether new rules are needed to protect people’s privacy and information in the commercial surveillance economy.

    Consumer and privacy rights groups have long called for the US to crack down on data brokers and other shady data collection practices. Even corporate executives have called for the US to take action and roll out comprehensive privacy laws.

    The FTC’s public inquiry may be the first step toward US consumers finally being protected from predatory corporate surveillance.

  • PSA: Update Your Apple Devices Immediately

    PSA: Update Your Apple Devices Immediately

    Apple has released patches to fix a major zero-day exploit impacting iOS, iPadOS, and macOS, an exploit that may already be in use.

    The updates to Apple’s operating systems (OS) address issues with the kernel and the WebKit rendering engine that powers Safari. In the case of the kernel, Apple says “an application may be able to execute arbitrary code with kernel privileges.” This would apply to all three platforms.

    In regard to the WebKit issue, Apple says “processing maliciously crafted web content may lead to arbitrary code execution.” Again, this impacts all three platforms.

    In both cases, Apple says it is aware of reports that these bugs have been exploited in the wild, making it even more important to update as soon as possible.

    Once the update is complete, the patched version of your OS should iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1.

    Here’s the full release notes for iOS and iPadOS, as well as for macOS.

  • Cisco Breached by Ransomware Gang, 2.75GB Reportedly Stolen

    Cisco Breached by Ransomware Gang, 2.75GB Reportedly Stolen

    Cisco was hacked by a ransomware gang in May, with the criminals reportedly stealing 2.75GB of data and trying to extort the company.

    According to BleepingComputer, Cisco confirmed the Yanluowang gang compromised the company’s network but said the bad actors only made off with non-sensitive data. The data was from an employee’s Box folder.

    “Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer.

    The company said the breach did not impact its business.

    “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations,” the spokesperson continued.

    “On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community.”

    The company also found no evidence of encrypted files that could be used in a traditional ransomware scheme, although it appears that was likely a prime goal.

    “While we did not observe ransomware deployment in this attack, the TTPs used were consistent with ‘pre-ransomware activity,’ activity commonly observed leading up to the deployment of ransomware in victim environments,” the company wrote in a blog post.

  • PSA: macOS Users Should Update Zoom Immediately

    PSA: macOS Users Should Update Zoom Immediately

    Zoom has released an update to its macOS client that fixes a severe vulnerability, one that could give a user root access.

    Apple’s macOS is based on BSD Unix, inheriting a root user that has ultimate permissions. According to Zoom, a bug in the app could allow a non-root user to gain root access, representing a major threat to the computer’s security.

    The company has released an update that addresses the issue and all users are advised to update immediately.

    The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

    Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

  • CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    The latest report from CloudBees is bad news for the cloud industry, with many companies still not fully securing their supply chain.

    Supply chain attacks have become increasingly common, with hackers viewing them as a high-reward attack vector. Rather than trying to compromise individual targets, a single, successful attack against a vendor whose software or APIs are used by thousands of companies can yield far greater results.

    Unfortunately, many companies have yet to fully secure their supply chain, according to CloudBees. Of the C-suite executives surveyed, 93% believed they were well-prepared for an attack. A deeper dive, however, showed a different story.

    A whopping 45% of execs say they are only halfway through the process of securing their supply chain, with only 23% nearly done. Even worse, a disturbing 64% say they don’t know who they would turn to first in the wake of an attack.

    “We discovered that as software becomes the primary source of customer experience and value, supply chain security is getting the attention it deserves and at the proper levels in the organization,” writes Prakash Sethuraman, Chief Information Security Officer, CloudBees. “However, this study reveals gaps that indicate supply chain security is not well understood, nor are systems as robust or comprehensive as they should be.

    “Bottom line, the results reinforce the concept that software supply chain security needs to go beyond “shift left” to “shift security everywhere” — with automation. The software you are developing must be as secure as possible, but it doesn’t stop there. The delivery process itself must be protected, and you have to be able to detect and instantly mitigate problems in production to consider your software supply chain as secure.”

  • Microsoft Unveils New Threat Intelligence Security Tools

    Microsoft Unveils New Threat Intelligence Security Tools

    Microsoft has unveiled new security tools, expanding the Microsoft Defender line of products with dedicated threat intelligence tools.

    Microsoft has been working to improve security as cyber threats continue to rise. The company already has a suite of security tools, but one of the most important elements in cybersecurity is the ability to analyze an organization from the perspective of a potential attacker.

    To that end, the company has unveiled Microsoft Defender Threat Intelligence.

    Security operations teams can uncover attacker infrastructure and accelerate investigation and remediation with more context, insights, and analysis than ever before. While threat intelligence is already built into the real-time detections of our platform and security products like the Microsoft Defender family and Microsoft Sentinel, this new offering provides direct access to real-time data from Microsoft’s unmatched security signals. Organizations can proactively hunt for threats more broadly in their environments, empower custom threat intelligence processes and investigations, and improve the performance of third-party security products.

    The company has also unveiled Microsoft Defender External Attack Surface Management.

    The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet—essentially the same view an attacker has when selecting a target. Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.

    While threat intelligence was already incorporated into the company’s other products, having dedicated tools will go a long way toward helping organizations better secure their infrastructure.

  • DDoS Perpetrators Are Clever, But DDoS Mitigation Services Are No Straggler

    DDoS Perpetrators Are Clever, But DDoS Mitigation Services Are No Straggler

    In June 2022, the world has reportedly witnessed the most powerful HTTPS Distributed Denial-of-Service (DDoS) attack so far. A botnet called Mantis launched a brief but record-setting DDoS attack, which peaked at 26 million requests per second.

    This recent DDoS incident shows how cybercriminals continue to improve their methods and make their attacks more sophisticated to overcome existing defenses or overwhelm targets with unprecedented volumes of requests. DDoS solution providers, hence, must always be ready to step up in response.

    The Mantis attack

    Mantis is said to be behind the series of attacks that affected almost a thousand customers of the content delivery network firm Cloudflare. It targeted companies in different industries including gaming, finance, telecommunications, and shopping. The attack affected organizations based across the globe including the United States, Canada, the United Kingdom, Germany, France, Ukraine, Poland, and Russia.

    Cloudflare describes Mantis as the next evolution of the 2018 Meris botnet attack, which infected MicroTik routers and compromised various popular websites. It operates a relatively small fleet of bots, at around 5,000. However, Cloudflare notes that this fleet is capable of generating a massive force. Cloudflare says it has been “responsible for the largest HTTPS DDoS attacks we have ever observed.”

    The attack yielded over 212 million HTTPS requests from over 1,500 networks. It was driven by a botnet that tech journalists characterize as “tiny,” but each node generated approximately 5,200 RPS. It also managed to hijack various virtual machine platforms and took over HTTP proxies to launch attacks.

    Effective DDoS mitigation

    The overwhelming surge of malicious web traffic lasted for only around 30 seconds. It’s still long enough to create an impact, considering that website users usually leave a site if it fails to load within three to five seconds. However, it is not bad that DDoS mitigation solutions are able to fend off new forms of attacks and prevent long durations of downtimes.

    Modern DDoS mitigation services can keep up with the evolving nature of attacks. They now have larger network and processing capacities, shorter latency, and faster time to mitigation. Of course, not all providers are the same, but the top-tier ones are generally enough to prevent serious DDoS consequences.

    Choosing a DDoS mitigation service based on their network and processing capacities can be tricky. Higher is always better but the capacities and costs are directly proportional, so organizations need to weigh their options carefully. DDoS, after all, is not the only cyber threat they have to worry about. They have to allocate resources efficiently and prepare for the unpredictable kinds of attacks they will encounter.

    It is also important to examine the “time to mitigation” for DDoS attacks. Top solutions can respond to attacks within seconds, and this is what organizations should be looking for. The average duration of DDoS attacks in 2021 was 6.1 minutes. This may sound brief or manageable, but a lot can happen within 6.1 minutes. For online businesses, these “few” minutes can already mean several missed sales or opportunities and reputational damage.

    Short-duration attacks are also rarely intended to be harmless. Even the 30-second Mantis attack cited earlier could have been just a part of a bigger cyber-attack. As VentureBeat explains, “organizations should watch out for these types of attacks as they can be a distraction tactic and part of a wider multi-vector attack.”

    Some DDoS mitigation solutions may be configured to ignore brief attacks and treat them as insignificant. This is inexpedient and potentially harmful. DDoS attacks can be in tandem with a malware installation, which can take place while an organization is still busy reestablishing its firewall and other security controls after a network disruption.

    Important features

    It is important for DDoS mitigation solutions to have network layer and application layer mitigation. They should also provide secondary asset protection. Additionally, the ability to protect individual IPs is necessary.

    Network layer mitigation is about addressing the volume of an attack, the massive surge of malicious traffic going to a server. Methods to do this include null routing (direction of traffic to a nonexistent IP address), sinkholing (the diversion of traffic away from its target), scrubbing (routing of ingress traffic through a security service), and IP masking (prevention of direct-to-IP DDoS attacks by hiding the origin server’s IP).

    Application layer mitigation entails the profiling of incoming traffic to sort out DDoS bots from legitimate requests. This can be done through multiple inspection methods to detect legitimate traffic including the checking of the IP and Autonomous System Number, examination of behavioral patterns, and cross-inspection of HTTP(S) header content. Application layer mitigation can also be undertaken by posing multiple challenges such as CAPTCHAs to make it difficult for automated requests to move ahead.

    As mentioned, DDoS attacks may come with other cyberattacks. These other attacks can target various IT assets including DNS servers, web servers, email servers, FTP servers, as well as ERP and CRM platforms. It is important for a DDoS mitigation solution to likewise provide protection for these assets through features such as DNS name server protection and app protection.

    Moreover, it is crucial to examine the ability of a DDoS defense system to provide individual IP protection. DDoS solutions are traditionally limited to shielding IP ranges, not specific IPs representing specific cloud environments and assets. In modern use cases, the ability to protect individual IPs is essential to enabling immediate DDoS security for specific IPs or IT assets.

    Continuous protection improvement

    This post is not saying that DDoS mitigation services at present are already in their optimum form. As long as threats continue to evolve and threat actors ceaselessly find new ways to get around defenses, mitigation solutions should likewise improve. It is reassuring to know that security firms persistently enhance and advance the technologies or solutions they offer against DDoS.

    Still, the intended users of these solutions should be mindful of the options they pick. Different providers offer varying DDoS protection performance. Not everyone stays abreast with the latest threat methods. Not all security providers are mindful of the attack combinations that use DDoS as a smoke bomb or deception to conceal more sinister cyberattack schemes.