Microsoft Defender exploited, assassin’s encryption frustration, NK elite hackers
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
In today’s cybersecurity news…
Hackers exploiting Microsoft Defender SmartScreen bug
Researchers at Fortinet FortiGuard Labs have observed a new campaign that exploits an Internet Shortcut Files Security Feature Bypass vulnerability that we have reported on a number of times. This vulnerability enables the threat actors to spread the information stealer malware versions ACR Stealer, Lumma, and Meduza. Microsoft released patches for this flaw in the Patch Tuesday releases in February of this year. Attacks have been noted in Spain, Thailand, and the U.S.
IT leaders note increase in severity of cyber-attacks, ransomware and BEC stand out
Two reports released this week expose the current state of the cybersecurity:
First a new report from Appsbroker CTS states that nine out of 10 of IT leaders polled said that “the risk and severity of cyber-attacks has increased over the past year,” while 61% believe the attack surface is now ‘impossible to control.’ The top five concerns the IT leaders expressed were “malware or ransomware that halts their ability to operate, a lack of visibility around unknown security risks, threat actors stealing identities to access privileged systems and data, misconfigurations leaving systems open to attack, and having to patch and rewrite vulnerable applications. They also expressed concern over GenAI as a cyberattack tool, current cybersecurity investment having little impact, and governance and controls lacking.
Next, a report from Cisco Talos shows that ransomware and business email compromise attacks “accounted for 60% of all incidents in the second quarter of 2024,” with the technology sector the most targeted. The researchers said that “attackers may view technology firms as a gateway into other industries and organizations, given their role in servicing a range of other industries, including critical infrastructure.”
The report also showed “the most common initial access method was the use of compromised credentials on valid accounts, making up 60% of attacks.”
(InfoSecurity Magazine for Appsbroker and InfoSecurity Magazine for Cisco Talos)
Recommended by LinkedIn
Trump shooting investigation revives the end-to-end encryption issue
The FBI is expressing some frustration with the difficulties it is experiencing in getting access to encrypted messaging applications is pursuit of motives and techniques relating to the July 13 assassination attempt. Officials have identified three messaging accounts connected to the gunman, but are waiting on “legal process returns” to get into the accounts. However the bureau has had had early success breaking into the gunman’s phone using technology from Cellebrite, a company that specializes in helping law enforcement gain access to data.
Huge thanks to our sponsor, Vanta
Chrome to scan password-protected files for malicious content
New security warnings will be added to the Chrome web browser to enhance user diligence when downloading potentially suspicious and malicious files. The new warning messages will “convey more nuance about the nature of the danger,” to help users make more informed decisions. This will take the form of a two-tier download warning taxonomy dealing with suspicious files and dangerous files. Each category will have its own icons, color, and text.
Shining a light on elite North Korean spy-hackers
A report published yesterday, Thursday, by Mandiant outlines a sophisticated hacking group from North Korea that show exceptional skill in stealing blueprints and sensitive information about weapon systems, nuclear power plants, satellites and much more. Named Andariel, has launched several large, impactful cyber operations over the years. Mandiant said experts and government agencies have been alarmed by APT45’s ability to steal sensitive plans, adding, “When Kim Jong Un demands better missiles, these are the guys who steal the blueprints for him… they’re willing and agile enough to target any entity to achieve their objectives.” A link to the report is available in the show notes.
(The Record and Mandiant)
Spyware company based in Minnesota hacked
TechCrunch is reporting on the hack of a discreet company based in Minnesota that manufactures spyware for clients around the world. A cache of files allegedly stolen from the company, Spytech, was delivered to TechCrunch who was able to verify the data’s validity in part. The company’s chief products are known generally as stalkerware ostensibly to allow people to keep an eye on their kids, and/or their wandering spouses. TechCrunch states the company’s products have been installed in “more than more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide.”
Over 3,000 GitHub accounts used by malware distribution service
According to BleepingComputer, “threat actors known as Stargazer Goblin have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware.” The malware delivery service is called Stargazers Ghost Network and it “uses GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain infostealer malware. Researchers from Check Point discovered the operation, saying it’s the first time that such an organized and large-scale scheme has been documented running on GitHub, a platform that is trusted by its users, who are therefore more likely to fall for malicious links with its repositories.