WebProNews

Category: SecurityProNews

SecurityProNews

  • Microsoft Is Working on Comprehensive SaaS Security

    Microsoft Is Working on Comprehensive SaaS Security

    Microsoft is working to improve SaaS security, shifting to “to a comprehensive SaaS security solution.”

    Software as a service is an increasingly important part of the remote and hybrid workplace, and is only growing in popularity. Unfortunately, properly securing SaaS applications can be a logistical nightmare. In fact, citing research from Better Cloud, Microsoft points to the 59% of security professionals that struggle to manage SaaS security.

    Microsoft believes the key lies in protecting data within cloud apps, rather than just focusing on cloud access security. The company has expanded the scope of its Defender for Cloud Apps to help provide that layer of security.

    Today, we are excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to some of the most critical apps organizations use today, including Microsoft 365, Salesforce,3 ServiceNow,4 Okta,5 GitHub, and more.

    Another important component of Defender for Cloud Apps is the ability to help personnel research configuration best practices for SaaS app security.

    To streamline this process, Defender for Cloud Apps launched SSPM in June 2022 to surface misconfigurations and provide recommendations to strengthen an app’s posture.

    In preview starting today, Defender for Cloud Apps now provides security posture management for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and more. Not only are we expanding the breadth of app coverage but also the depth of assessments and capabilities for each application.

    The tight integration within Microsoft 365 Defender will give organizations security across the full scope of their operations.

    That’s why Defender for Cloud Apps is natively integrated into Microsoft 365 Defender. The XDR technology correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities like automatic attack disruption. The integration of SaaS security into an XDR experience gives SOC teams full kill chain visibility and improves operational efficiency with better prioritization and shorter response times to ultimately protect the organization more effectively.

  • Google Sides With US in Holding Companies Responsible for Cybersecurity

    Google Sides With US in Holding Companies Responsible for Cybersecurity

    Google and the US government may be at odds about many things, but the two are in agreement on one big one: who should be responsible for cyberattacks.

    In a blog post by Kent Walker, President, Global Affairs & Chief Legal Officer, and Royal Hansen, VP of Engineering for Privacy, Safety, and Security, the executives make the case that companies should be responsible for improving cybersecurity:

    “Should companies be responsible for cyberattacks? The U.S. government thinks so – and frankly, we agree.”

    The two execs then quote Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security:

    “The incentives for developing and selling technology have eclipsed customer safety in importance. […] Americans…have unwittingly come to accept that it is normal for new software and devices to be indefensible by design. They accept products that are released to market with dozens, hundreds, or even thousands of defects. They accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves.”

    Walker and Hansen go on to lament that cyber threats are growing, taking advantage of “insecure software, indefensible architectures, and inadequate security investment.” The solution is a complete rethinking of how software is designed and deployed.

    “The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives write. “Safety should be fundamental: built-in, enabled out of the box, and not added on as an afterthought. In other words, we need secure products, not security products. That’s why Google has worked to build security in – often making it invisible – to our users. Many of our most significant security features, including innovations like SafeBrowsing, do their best work behind the scenes for our core consumer products.”

    The executives emphasize the importance of security being smooth and streamlined, not the cumbersome experience that often exists today, and that results in customers choosing insecurity over inconvenience. Walker and Hansen also recognize there is no silver bullet but that significant steps can and should be taken to greatly improve the status quo.

    “Of course, raising the security baseline won’t stop all bad actors, and software will likely always have flaws – but we can start by covering the basics, fixing the most egregious security risks, and coming up with new approaches that eliminate entire classes of threats,” they add. “Google has made investments in the past two decades, but contributing resources is just a piece of the puzzle. It’s work for all of us, but it’s the responsible thing to do: The safety and security of our increasingly digitized world depends on it.”

  • Ubuntu Pro Is Now Available to Everyone

    Ubuntu Pro Is Now Available to Everyone

    Canonical has announced the general availability of Ubuntu Pro, a security subscription service for the popular Linux distro.

    Ubuntu is the most widely-used Linux distro, providing excellent hardware support and ease of use. Canonical releases interim releases every six months, with LTS (long-term support) releases every two years. LTS releases offer five years of support and security patches.

    The new Ubuntu Pro subscription extends LTS support to a full ten years while also improving security. In particular, Ubuntu Pro adds security patch support for the 23,000 packages in the Ubuntu Universe repo, outside of the 2,300 packages in the Ubuntu Main repo.

    Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro, released in beta in October last year, helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS.

    The new plan also features optional phone/ticket support.

    “I manage my own compute cluster leveraging MAAS and other Canonical tools to support my research. The open source security patches delivered through Ubuntu Pro give my team peace of mind, and ensure my servers are secure. Canonical is continuously delivering timely CVE patches covering a broad portfolio of open source applications for the entire ten-year lifetime of an Ubuntu LTS. This brings much needed stability and compliance”, said David A Gutman, MD PhD, Associate Professor of Pathology, Emory University School of Medicine.

    The subscription is available for free to personal and small-scale commercial users for up to five machines. The standard subscription is available for $25 per workstation per year or $500 per server per year.

  • Top Security Tools To Help Businesses With Project Management

    Top Security Tools To Help Businesses With Project Management

    Any workforce can benefit from implementing technologies that improve and streamline project management.

    One of the best ways to gain more insight into productivity, and provide employees with more convenience is to invest in security tools for project management.

    If you want to learn about the top security tools to improve project management, keep reading. In this guide, we will discuss the best security tools that enhance the convenience of punching in and provide more insight into project management.

    One Single Platform For Security Management

    One of the best ways to streamline project management is to make security information more accessible for you and your team members.

    A cloud-based security system creates a single platform of truth for security data, from store camera systems to computer access logs at an on-site office. By establishing an integrated security system, you can eliminate data silos, allowing all security information to be hosted in one place, and improve oversight.

    Another benefit of a cloud-based security system is that it allows your team to view security information from anywhere, whether on-site or off-site.

    Smoother data retrieval lets your team view security data from different sources on a single interface without correlating timestamps. For instance, you would need to view surveillance video data alongside access control data to verify an employee’s identity.

    Using a single platform for security management also enables easier onboarding and offboarding of your hires. If you need to onboard an employee to your security system, you can do so in one place, unlike several disparate platforms.

    Respond Quickly To Events And Changes

    Cloud-based security tools have another significant benefit: they allow employees to receive alerts and notifications when working.

    Employees often perform tasks that leave them unavailable to deal with customers entering the building. The alerts provided by a cloud-based security system notify staff when a customer enters the building, allowing them to stop their task and deal with the customer.

    Additionally, integrating occupancy management software with a cloud-based door access system can help inform staffing decisions.

    Occupancy management software identifies occupancy levels based on access control events, identifies trends, and forecasts future occupancy levels. If you’re looking to make better staffing decisions, you can use data gathered from your occupancy management software to determine your busiest hours and which are your most active days.

    For busy days, you can ensure you have plenty of staff on-hand, ensuring your team isn’t overwhelmed by customers—which could lead to poor-quality service that harms your business’ reputation. You can add extra shifts to your working days to cover a lunch shift or the time of day when your establishment is busiest and avoid unplanned overtime hours.

    The software also allows you to plan your staff’s workday more effectively, ensuring they’re free to tend to customers during your busy hours while managing other tasks during your less activehours.

    Deeper Data Analysis For Improved Decision Making

    Applying time-tracking software to your cloud-based access control system allows for improved data analysis and decision-making regarding your payroll procedures.

    Buddy-punching and employees recording hours improperly affect your business, as you’re being charged for hours your employees haven’t worked. As part of your project management strategy, you can ensure your employees know that the tool will track their time based on when they enter and leave the premises.

    Time-tracking software provides you with more reliable data to analyze employee productivity and ensures proper payroll procedures. Time tracking software is beneficial for businesses that frequently use contractors.

    You can identify productivity trends through data analysis, using the information to improve project management and optimize productivity.

    Automated Security Workflows

    When it comes to security incident response, you need to maximize efficiency. Effective incident response will protect your business from a security breach or theft and ensure your employees know their responsibilities.

    You can create automated security workflows for your security team using AI. If your security system detects a potential security threat, your team will receive automated workflows to respond to the event. Manual workflow creation leaves a margin for error and is time-consuming.

    Instead, you can establish automated workflows for each potential security threat in line with your incident response procedures. These workflows will automatically be assigned to your on-site employees, who will receive a mobile notification alerting them of the incident and their responsibilities.

    Implementing automated security workflows reduces time-consuming and repetitive manual data entry tasks and ensures the task doesn’t inhibit your productivity. Instead, you can establish your workflows to ensure that your employees understand their responsibilities.

    Summary

    Security tools can be highly effective in improving project management for employees. Your employees can handle tasks and responsibilities while staying in touch with their customer management responsibilities, and you can plan your employees’ time in line with business’s busiest hours. Keep cloud-based security and integrations in mind when planning a security strategy that facilitates project management.

  • Australia May Ban Ransomware Payments

    Australia May Ban Ransomware Payments

    Australia is considering a measure to ban companies from making ransomware payments to cybercriminals.

    Ransomware is one of the fastest growing cybersecurity threats, and has taken a toll on public and private organizations alike. Most government and law enforcement agencies discourage victims from paying, but The Record is reporting that Australia is considering taking it a step further.

    Australia has been hit hard by several ransomware attacks and the country is clearly trying to discourage further attacks by making it impossible for victims to pay.

    Clare O’Neil, home affairs and cybersecurity minister, confirmed to ABC that the government was considering the proposal.

  • PSA: Update Windows Immediately to Fix Zero-Day vulnerabilities

    PSA: Update Windows Immediately to Fix Zero-Day vulnerabilities

    The latest Microsoft Patch Tuesday includes fixes for several zero-day vulnerabilities, and users should update immediately.

    Zero-day vulnerabilities are among the most dangerous. By definition, a zero-day is a vulnerability that has been recently discovered, with no patches or mitigation efforts in place. As a result, hackers can exploit the vulnerability at will.

    Microsoft’s latest set of patches includes fixes for several of those vulnerabilities, including six that are already being actively exploited in the wild. What’s more, according to Forbes, two of the vulnerabilities were known for at least two months before this patch became available.

    “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters, vice president of vulnerability and threat research at Action1, told the outlet. “It is good news that an official patch is available now,” Walters added, saying that “installing it promptly is highly advisable.”

    With fixes for 68 total vulnerabilities, 11 of them critical, users should immediately update.

    More information can be found on the Microsoft Security Update Guide.

  • CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    The latest report from CloudBees is bad news for the cloud industry, with many companies still not fully securing their supply chain.

    Supply chain attacks have become increasingly common, with hackers viewing them as a high-reward attack vector. Rather than trying to compromise individual targets, a single, successful attack against a vendor whose software or APIs are used by thousands of companies can yield far greater results.

    Unfortunately, many companies have yet to fully secure their supply chain, according to CloudBees. Of the C-suite executives surveyed, 93% believed they were well-prepared for an attack. A deeper dive, however, showed a different story.

    A whopping 45% of execs say they are only halfway through the process of securing their supply chain, with only 23% nearly done. Even worse, a disturbing 64% say they don’t know who they would turn to first in the wake of an attack.

    “We discovered that as software becomes the primary source of customer experience and value, supply chain security is getting the attention it deserves and at the proper levels in the organization,” writes Prakash Sethuraman, Chief Information Security Officer, CloudBees. “However, this study reveals gaps that indicate supply chain security is not well understood, nor are systems as robust or comprehensive as they should be.

    “Bottom line, the results reinforce the concept that software supply chain security needs to go beyond “shift left” to “shift security everywhere” — with automation. The software you are developing must be as secure as possible, but it doesn’t stop there. The delivery process itself must be protected, and you have to be able to detect and instantly mitigate problems in production to consider your software supply chain as secure.”

  • Kaspersky Lab Labeled ‘a Threat to National Security’

    Kaspersky Lab Labeled ‘a Threat to National Security’

    The Federal Communications Commission (FCC) has labeled Kaspersky Lab “a threat to national security,” a first for a Russian firm.

    Kaspersky Lab is a popular provider of antivirus software and other cybersecurity software. The company is often on the front lines of identifying and combating viruses, trojans, ransomware, and other malware. The company is also based in Moscow, and therefore subject to Russian law and governance.

    That last point has helped land the company on the FCC’s Covered List, a list of entities “that have been deemed a threat to national security.” Chinese firms China Telecom and China Mobile International USA Inc, were also added at the same time.

    “Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security, and we have been working closely with our national security partners to review and update this list,” said Chairwoman Jessica Rosenworcel. “Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”

    The news was met with support from the agency’s other commissioners, including Commissioner Brendan Carr.

    “The FCC’s decision to add these three entities to our Covered List is welcome news,” wrote Carr. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.

    “I applaud Chairwoman Rosenworcel for working closely with our partners in the Executive Branch on these updates. As we continue our work to secure America’s communications networks, I am confident that we will have more entities to add to our Covered List.”

  • Okta CEO Confirms Breach Attempt in January, No Major Concern Now

    Okta CEO Confirms Breach Attempt in January, No Major Concern Now

    On the heels of news Lapsus$ was claiming it breached Okta, the company’s CEO has confirmed an attempt in January.

    Okta is a leading identity and authentication services provider, meaning a successful breach against the company could have disastrous consequences for wide range of industries. Ransomware group Lapsus$ claimed to have successfully breached the company, even providing screenshots as proof. Fortunately, the screenshots Lapsus$ provided are likely from an attempt made in January, one that was contained and poses little risk in the present.

    Okta CEO Todd McKinnon made the announcement on Twitter.

    In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)

    We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January. (2 of 2)

    Todd McKinnon (@toddmckinnon), March 22, 2022

    The revelation is good news for Okta users, provided no additional details emerge from the company’s investigation.

  • Biden Warns of Russian Cyberattacks

    Biden Warns of Russian Cyberattacks

    President Joe Biden is warning American businesses of increased risk of cyberattacks as Russia looks to retaliate against sanctions.

    Russia has born the brunt of some of the most intense sanctions in international history, a response to its invasion of Ukraine. The country has seen company after company pull out and abandon its Russian business, and is even struggling to find enough storage space to keeps its IT operations running.

    In response to the international sanctions, experts believe Russia may increase cyberattacks on foreign targets, especially in the US. President Biden issued a statement warning American businesses of the possibility.

    This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.

    After touting the efforts his administration has taken to harden US cyber defenses, President Biden called on the private sector to do the same.

    If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.

  • Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers want information about Pegasus, the spyware developed by NSO Group, demanding answers from Apple and the FBI about the latter’s use of it.

    Pegasus is a spyware application NSO markets to law enforcement and government agencies. In mid-2021, however, news broke that NSO had sold Pegasus to authoritarian regimes that were using the software to spy on journalists, human rights activists, and diplomats. The news was particularly notable over the fact that the software was being used to target Apple’s iPhone, a platform otherwise known for having good security.

    The reaction was swift and severe, with AWS banning NSO, Apple suing the company, and Congress adding it to the Entity List, essentially blacklisting it. Among the revelations, however, was that the FBI was one of NSO’s customers.

    Lawmakers want answers regarding the FBI’s use of the software, according to CNBC, sending letters to both Apple and the FBI to ascertain the scope of the FBI’s involvement.

    “The Committee is examining the FBI’s acquisition, testing, and use of NSO’s spyware, and potential civil liberty implications of the use of Pegasus or Phantom against U.S. persons,” reads the letter to Apple.

    The FBI has long been critical of the security and encryption modern devices provide users, seeking to undermine that security at nearly every opportunity. Its efforts have included supporting efforts to legislate weaker encryption, wanting Apple and others to develop backdoors in their security, and investing in tools —like Pegasus —that can break encryption.

  • Who Hacks the Hackers? Nvidia Does

    Who Hacks the Hackers? Nvidia Does

    Nvidia has taken a novel approach to hackers that stole its data, hacking them back and encrypting the data so it can’t be accessed.

    According to Tom’s Hardware, hackers from the LAPSU$ group stole some 1TB of data from Nvidia. Rather than pay a ransom or deal with the hackers, Nvidia opted to hack the group instead. Once it gained access to the hackers’ servers, the company encrypted its stolen data, ensuring it can’t be access.

    Hacker group Vx-underground reported on Twitter that Nvidia had pulled off the operation.

    LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data. LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines

    Nvidia has sent a clear signal: Mess with it at your own peril.

  • Microsoft Reportedly In Talks to Buy Security Firm Mandiant

    Microsoft Reportedly In Talks to Buy Security Firm Mandiant

    Microsoft is continuing its efforts to strengthen its cybersecurity capabilities, working on a deal to purchase Mandiant.

    Like many Big Tech firms, Microsoft has joined US government efforts to improve the country’s cybersecurity and protect individuals and companies from attack. Nonetheless, the company has had its own troubles protecting its users and combating online threats.

    To help improve its abilities, the company is looking to buy Mandiant, one of the leading cybersecurity firms with a nearly two decade track record in the industry. Sources familiar with the negotiations spoke to The Seattle Times, although neither company has confirmed anything.

    Industry watchers are already praising the possibility as a good match.

    “This would be a smart move for Microsoft,” said Bloomberg Intelligence’s Anurag Rana. “In the future, the cloud with most security features would win.”

    If the deal does go through, it would mark the third time Mandiant has been acquired by another company. It was originally bought by FireEye in 2013, before it was sold to Symphony Technology Group in 2021.

  • ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN is offering a one-time, $100,000 reward to anyone who can hack its servers.

    ExpressVPN is one of the leading VPN services on the market, and is consistently recommended by many reviewers. Like a lot of companies in the tech industry, ExpressVPN offers bug bounties as a way of encouraging white hat hackers and security researchers to find bugs and report them, before they can be exploited by bad actors.

    The company is now offering a major incentive, in the form of $100,000, specifically for proof of “unauthorized access to a VPN server or remote code execution,” or vulnerabilities “that result in leaking the real IP addresses of clients or the ability to monitor user traffic.”

    Obviously, the company will require proof of the exploit, in order to pay the bounty.

    In order to qualify to claim this bounty, we will require proof of impact to our user’s privacy. This will require demonstration of unauthorized access, remote code execution, IP address leakage, or the ability to monitor unencrypted (non-VPN encrypted) user traffic.

    It’s a safe bet security researchers will be eager to take a shot at ExpressVPN’s services, with that much money at stake.

  • Linux Vulnerability Discovered Impacting All Major Distros

    Linux Vulnerability Discovered Impacting All Major Distros

    A major Linux vulnerability, impacting virtual all major distributions (distros), has been discovered, allowing a bad actor to obtain root privileges.

    On Linux, Unix, macOS, and other Unix-style operating systems, the root account has ultimate access to the system. As a result, when a user account is set up, it doesn’t have root access as a way of protecting the system from accidental damage.

    Unfortunately, according to security firm Qualys, there is a major flaw in the popular polkit’s pkexec utility that is included in every major Linux distro. Qualsys’ Bharat Jogi, Director, Vulnerability and Threat Research, describes the role polkit plays in Unix-style systems.

    Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).

    When the vulnerability is exploited, a regular user is able to gain root privileges, completely compromising the system. Unfortunately, Qualsys says the vulnerability has been in existence for 12+ years, since at least May 2009.

    Qualsys has already notified all vendors and recommends users install security patches for their distro immediately.

  • Companies Race to Fix Critical Zero-Day Vulnerability

    Companies Race to Fix Critical Zero-Day Vulnerability

    Companies around the world are racing to patch a critical zero-day vulnerability that is among the worst ever found.

    Cyber security experts and government officials began warning Friday of a critical bug in “Log4j,” a Java-based logging framework used in Apache. As news of the vulnerability became known, the list of impacted companies grew to include some of the biggest in the world.

    Palo Alto Networks reported that iCloud, Twitter, Amazon, Baidu and Minecraft were impacted, to name just a few. Even worse, the vulnerability is actively being exploited and attacked, putting many companies at risk.

    The director of the Cybersecurity & Infrastructure Security Agency (CISA) issued a statement outlining the seriousness of the vulnerability.

    “We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity. We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies — and signals to non-federal partners — to urgently patch or remediate this vulnerability. We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure to or exploitation of the vulnerability. 

    To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.” 

    Cybersecurity experts are echoing CISA’s assessment of the danger, calling the vulnerability a major issue for the tech and cybersecurity community.

    Dr. Richard Ford, CTO of cybersecurity research firm Praetorian, told WebProNews the Log4j is even worse than other, widely reported vulnerabilities.

    “Praetorian researchers weaponized the vulnerability within hours and have a fully working exploit that we can use in the field,” said Dr. Richard Ford. “As background, Praetorian is an Austin-based cybersecurity solutions company that helps solve complex cybersecurity problems across critical enterprise assets and product portfolios. Their combination of software and security expertise puts them at the forefront of vulnerabilities such as this. Earlier this year, Praetorian was at the forefront of another critical vulnerability, proxylogon. The company says, as critical as proxylogon was to resolve, it had a much smaller potential impact than Log4j.

    “The company’s engineers and researchers have been working since last night in a war room to scan its customers and are finding vulnerabilities in the field. Worse yet, we’re also inadvertently discovering the vulnerability in 3rd parties who are on adjacent or integrated systems. Naturally, we are following responsible disclosure policies so cannot call out these systems by name, but it is one of the largest exposures we have seen at Internet scale. All vulnerabilities are typically scored by how dangerous they are: this vulnerability has practically the highest score possible, and it seems likely that even some professionals are unaware of its potential impact. The situation is rapidly evolving, and we are learning a great deal about the scope and impact of this vulnerability as we quickly work with customers to help mitigate the risk in the short term while they work on a long term solution, which will require patching all instances of the vulnerable code – a process which could take months.”

    Due to Log4J’s widespread use, experts believe companies will continue to come under attack in the coming days as mitigation efforts are being taken.

    “ This vulnerability feels similar to ShellShock, first identified in 2014, and still observed by GreyNoise,” Andrew Morris, Founder and CEO of cybersecurity firm GreyNoise told WebProNews. “Due to ease of exploitation and prevalence of Log4J, GreyNoise researchers believe that this activity will continue to increase over the next few days.”

  • Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Communications has notified customers of a data breach, a breach it suffered at the hands of a hacker posing as a support agent.

    Social engineering remains of the most successful attack vectors for hackers to exploit. Regardless of how hardened an organization’s security, the human element is often the weakest. 

    It appears Cox has learned this the hard way, with a hacker successfully posing as a support agent to gain access to customer information, including highly sensitive information, according to BleepingComputer.

    “On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the notification, which was signed by Amber Hall, Chief Compliance and Privacy Officer, and obtained by BleepingComputer.

    “After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

    Cox doesn’t specifically say financial information was accessed, but the company is advising impacted customers to monitor their financial accounts, and is even offering them one year of free Experian IdentityWorks credit monitoring.

    The company has also not disclosed the number of users impacted, but said the breach “impacted a small number of customer accounts.” Cox is working with law enforcement to assist in their investigation.

  • US Diplomats Among Those Hacked by Pegasus Spyware

    US Diplomats Among Those Hacked by Pegasus Spyware

    Apple has alerted 11 US diplomats that they are among those hacked by the NSO Group’s Pegasus spyware.

    The Washington Post broke a story in July that NSO Group’s Pegasus software was being used to hack iPhones and spy on journalists, diplomats and human rights activist around the world. The reaction was swift and severe, with AWS banning the NSO Group, US lawmakers blacklisting the company and Apple suing it.

    According to The Washington Post, Apple has now informed 11 US diplomats that their phones were among those hacked. The NSO Group says it sells its software to government and law enforcement agencies for the purpose of fighting terrorism, but the revelations put the company’s actions in an entirely different light.

    NSG Group says it has suspended the accounts of clients who used Pegasus to access US diplomats’ phones, although the company declined to name which clients were responsible.

  • AT&T Enterprise Customers Hit by Data-Stealing Malware

    AT&T Enterprise Customers Hit by Data-Stealing Malware

    AT&T customers are being hit with a malware attack that uses a network edge device to steal data.

    According to Ars Technica, researchers at Qihoo 360 discovered a new botnet that is targeting the EdgeMarc Enterprise Session Border Controller. The device is commonly used by small to medium-sized enterprises on AT&T’s network.

    “However, during this brief observation, we confirmed that the attacked devices were EdgeMarc Enterprise Session Border Controller, belonging to the telecom company AT&T, and that all 5.7k active victims that we saw during the short time window were all geographically located in the US,” wrote Qihoo 360’s Alex Turing and Hui Wang.

    The vulnerability traces back to 2017 when a researcher discovered a way to attack the devices using an on-device account that used “root” and “default” as the username and password. Despite being discovered years ago, Ars says it’s unclear if AT&T ever notified customers of the vulnerability.

    A patch was released 19 months later, in December 2018. Because the patch required manual installation, however, it’s a safe bet many companies never installed the fix.

    Qihoo 360’s researchers have already found more than 100,000 devices using the same TLS certificate as infected devices. This may indicate the vulnerability is far more widespread than just the confirmed victims.

    “We are not sure how many devices corresponding to these IPs could be infected, but we can speculate that as they belong to the same class of devices the possible impact is real,” the researchers added.

  • Apple Sues NSO Group Over Pegasus Spyware

    Apple Sues NSO Group Over Pegasus Spyware

    Apple has sued NSO Group, as well as its parent company, in an attempt to hold it responsible for the Pegasus spyware incident.

    NSO Group made headlines when The Washington Post exposed the fact its Pegasus software was being used by regimes to target journalists and human rights activists. The company claims it only sells its software for legitimate law enforcement and anti-terrorism uses, but the Post’s exposé showed there was far more to it.

    In response, AWS banned the company from its services and the US Commerce Department’s Bureau of Industry and Security (BIS) added the company to its Entity List, banning it.

    Apple is now adding to NSO Group’s woes, suing the company for endangering iPhone users.

    “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.” 

    Apple is also donating $10 million, along with any damages from the lawsuit, to further cybersecurity research, a move applauded by privacy proponents.

    “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Ron Deibert, director of the Citizen Lab at the University of Toronto. “I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”

  • Microsoft Warns of SIP-Bypassing ‘Shrootless’ macOS Vulnerability

    Microsoft Warns of SIP-Bypassing ‘Shrootless’ macOS Vulnerability

    Microsoft is warning of a vulnerability impacting macOS that could bypass System Integrity Protection (SIP).

    SIP prevents unauthorized code from executing on macOS, and is one of the layers Apple employs to keep the OS secure. In particular, SIP is designed to keep an account with root access from doing something that could compromise the system.

    According to Microsoft, the vulnerability, dubbed Shrootless, “could allow an attacker to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device.”

    Microsoft has shared its findings with Apple, so hopefully there will be a fix shortly.