Friday, February 3, 2023

Cybersecurity news weekly roundup January 30, 2023

0
roundup january 30

SAN MATEO, CA, January 30, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

FBI infiltrates Hive ransomware gang for six months, shuts down websites

A statement from the US Department of Justice (DOJ) has revealed that the FBI had infiltrated the Hive ransomware gang some six months ago with officers within the collective informing victims of impending attacks and providing decryption keys. To close the operation, the FBI took down Hive’s websites and communication networks with assistance from Germany and the Netherlands. While all agencies involved are pleased with the results of the operation, no news of any arrests has been disclosed and experts agree that Hive’s members are sure to rebuild and reconnect, possibly under a different name. Read more.

CISA: federal agencies hacked via legitimate remote monitoring and management (RMM) software

CISA, the NSA, and MS-ISAC have created a joint advisory warning that hackers are turning to legitimate remote monitoring and management (RMM) software to infiltrate networks, including those belonging to the federal government. The preferred vector appears to be help desk-themed phishing emails that either contain a link or a phone number to call to cancel a fraudulent high-priced subscription. Once on the hook, the targeted victim clicks a link that opens their default web browser and automatically downloads malware that connects to a second-stage domain from which portable versions of AnyDesk and ScreenConnect are downloaded. This lets the attackers, believed to be mostly financially motivated, gain access to the network as a local user, bypassing security. Read more.

WordPress redirect campaign hacks 4,500 sites

In a campaign believed to be running since 2017, 4,500 WordPress sites have been hacked to push users to scam pages that feature malicious ads, info-stealing malware and fraudulent browser alerts. Researchers at Sucuri note that the hacks require an “injection of obfuscated JavaScript hosted on a malicious domain named ‘track[.]violetlovelines[.]com.'” The campaign is part of a broader trend in which threat actors are creating malicious websites that mimic legitimate ones and advertise them using Google Ads. To keep the hacks at bay, WordPress users are urged to update all installed themes and plugins, remove those that no longer receive support and change their passwords. Read more.

Emotet malware continues to circulate with new features

Emotet, the seemingly impossible to kill malicious software that emerged as a banking trojan in 2014 and has evolved into a malware distributor, continues to plague the cyber landscape in spite of a 2021 takedown of its infrastructure. Emotet is modular, making it an ideal platform for a range of attacks. Its two newest modifications include an SMB spreader “designed to facilitate lateral movement using a list of hard-coded usernames and passwords” and a Chrome web browser-based credit card stealer. Emotet is circulated via phishing emails and is attributed to cybercrime gang Gold Crestwood AKA Mummy Spider. Read more.

GoTo/LastPass hack worse than initially disclosed, encryption key exfiltrated

GoTo, affiliate of LastPass, has revealed that an August 2022 hack that affected both platforms did more damage than the company initially disclosed. While GoTo stated that no user data was accessed when first commenting on the attack, a statement from LastPass in December revealed that more intrusion took place and that customer data was exposed. In new emails sent to affected customers, GoTo is now alerting customers that backup data had been accessed in addition to “an encryption key for a portion of the encrypted data.” GoTo is mandating password resets for affected accounts, but the shifting description of the severity of last year’s breach has called GoTo and LastPass’s credibility into question with regard to user privacy. Read more.

FBI: North Korea responsible for $100 million Horizon Bridge theft

The FBI has reported that it has confirmed that North Korean hackers are behind the June 2022 theft of $100 million in crypto from Harmony Horizon Bridge. Lazerus and APT38 have been implicated in the hack, which used social engineering tactics to convince crypto platform employees to download malicious apps. North Korea has been responsible for a number of high profile crypto hacks in recent years, as the rogue nation uses state-sponsored hacking groups to steal from financial institutions in response to sanctions. Read more.

XLL add-in blocker coming to Microsoft365 to end Excel malware delivery

Microsoft is in the progress of adding XLL add-in protection to Microsoft365 to stymy the rise of malware being spread via Excel. XLL files are used to customize and extend the abilities of Excel by adding more functions to the base platform. However, hackers have discovered them to be ripe for phishing campaigns, as they can be used to deliver malicious code and are easily disguised as innocuous documents sent from trusted sources. The new protections, expected to begin rolling out in March, signal the company’s desire to make Microsoft365 a less appealing vector for attackers. Read more.

CISA: critical ManageEngine RCE flaw exploited

Security flaw CVE-2022-47966, a remote code execution exploit affecting Zoho ManageEngine products, has been added to CISA’s catalog of bugs seen actively exploited by hackers. While the bug was patched in a series of updates that began in October of 2022, researchers at Horizon3 have observed that 10% of vulnerable systems remain unpatched. ​Rapid7 security researchers have observed that, after a successful exploitation, “attackers are disabling real-time malware protection to backdoor compromised devices by deploying remote access tools.” Federal agencies have until February 13th to patch their systems. Private organizations are urged to do the same. Read more.

Samsung Galaxy store exploit allows for remote app installation

Samsung’s Galaxy store, formerly Smsung Apps and Galaxy, Apps has been found to harbor two vulnerabilities that allow attackers to “stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.” One flaw, CVE-2023-21433, allows a previously installed rogue app to install a different application from the Galaxy store. The second flaw, CVE-2023-21434, can be exploited to enable a threat actor to bypass filters and push victims to domains under their control where they may be subject to malicious links. Users are urged to update all Samsung devices to themes current OS. Read more.

FanDuel: user data exposed in MailChimp breach

Sports betting platform FanDuel has warned users that their data was exposed in the recent breach affecting MailChimp. While critical data was not stolen, FanDuel has stated that names and addresses had been exposed and that users should remain vigilant against phishing attacks that may be created using that information. Customers are also urged to change their passwords frequently and set up multifactor authentication on their accounts. Read more.

More cybersecurity news

The implications of AI for cybersecurity

0
ai for cybersecurity

NetworkTigers debates the possible implications of AI for cybersecurity.

With security experts worldwide predicting what 2023 may have in store about the cyber landscape, all agree that artificial intelligence (AI) and machine learning will play a critical role in how threat actors stage attacks and how organizations and administrators defend against them.

What exactly is AI and machine learning?

AI is the capability of a computer to solve problems and make decisions using a simulation of the human thought process referred to as “machine learning.”

Machine learning, as defined by IBM, “focuses on the use of data and algorithms to imitate the way that humans learn, gradually improving its accuracy.”

Why is AI controversial?

Historically, the term “AI” brought to mind science fiction stories around rogue computers that become sentient or machines that revolt against their human creators. While a scenario of that nature feels a little less like a fantasy every day, our current engagements with AI are far less cinematic.

We are already accustomed to a degree of machine learning through social media in the form of algorithmically displayed content. Streaming platforms such as Netflix also employ machine learning to suggest what entertainment we may enjoy based on our previously viewed shows and movies. These algorithms are designed to adjust dynamically to our habits without human intervention. They observe our actions, take note of how we respond to what it shows us and provide us with similar content to keep us engaging with the platform.

There are ethical arguments to be made about the nature of this type of business model when it comes to social engineering, paid advertisement, the spread of misinformation and the fact that violent content tends to circulate most fluidly. Not to mention that social media platforms can use the power of their algorithms to influence what we see in intentionally inorganic ways that serve the company more so than the individuals who use their apps.

AI is also poised to disrupt employment across all sectors. ChatGPT is an AI chatbot that can scrape the internet for information to provide answers to questions, compose content on request and even write functional coding language. From freelance writers and developers to search engine giant Google, ChatGPT is seen as an existential threat to those who make a living using their human brains to generate original content.

AI art generators like MidJourney behave similarly, using the web’s wealth of data to create startlingly high-quality images based on little more than a prompt from a user. They can accommodate requests based on style (oil painting, 70’s photograph, etc.) and even create images that accurately copy an established artist’s style.

Because AI content generators pull their data from copyrighted works, even sometimes “accidentally” including a rights holder’s watermark in their visual output, a debate is boiling as to whether or not such assimilation is a legal violation. In the meantime, however, this has not dissuaded major publishers from illustrating their articles with AI-generated content that effectively cuts the artist out of the deal. This is much to the dismay of creators who have honed their craft only to see paying clients opt for cheaper computer-generated material that may, in fact, still include aspects of their previously published work.

From medical imaging to cargo hauling, AI’s potential to displace almost the entirety of the world’s workforce is leaving many to wonder what their role will be in the upcoming years, especially with ChatGPT recently having passed the US Medical Licensing Exam and the Bar Exam.

How threat actors can harness AI

While AI content creation and an employment debate has entered public discourse, the utilization of AI among criminal enterprises or threat actors has been largely left out of the discussion. Netflix using an algorithm to suggest movies seems largely innocuous. Still, this same technology used to predict and counter an individual’s behavior in the context of a hack or social engineering scam could result in cyberattacks that are borderline impossible to dodge.

Weaponized Chatbots

Bots like ChatGPT can already create content in the voice of people whose mannerisms are entrenched in popular culture. Want a sugar cookie recipe written up in the voice of Barack Obama addressing the United Nations? Within five seconds, you’ll have it.

Aside from the fact that hackers are already using ChatGPT to write malware more efficiently, chatbots can be used to more effectively communicate with victims in their native language, avoiding the poor grammar that is often a telltale sign of a scam. Advancements in natural inflection and responses are also being developed to create convincing fake personas on dating sites and other platforms where people may be persuaded to make purchases or send money to someone that is, in fact, just a carefully curated automation.

This same AI technology could be fed a diet of a specific person’s mannerisms and used to create spear phishing attacks subtle enough to trick even the savviest internet user into believing that they are texting with their boss or family member.

Deepfakes

Deepfake technology is a form of machine learning that can create convincing video content of a person after scanning images of their face to build a three-dimensional interpretation of how they look with various expressions. This interpretation can then be tracked to a live actor’s face as they emote and speak, resulting in what looks like the deepfaked person performing said actions. 

This technology is being applied extensively to filmmaking. Disney has been investing heavily in their proprietary deepfake algorithms, using them to de-age actors and even bring an 80s-era Mark Hamil to the screen as Luke Skywalker in “The Mandalorian.”

Amazingly, a YouTuber took issue with Disney’s original Skywalker deepfake and created a version that was so superior that they were hired to work on future episodes. While this story is interesting because it shows how a talented, determined artist can eclipse the efforts of a multi-billion dollar global entertainment empire from their desktop computer, it also highlights the danger within reach of hackers.

Criminals will surely use deepfake technology to do everything from create fraudulent videos of workplace superiors requesting login data to political leaders making inflammatory statements or engaging in controversial behavior. We are entering an era in which it will become more and more difficult to discern fact from fiction. It’s this very level of universal uncertainty that bad actors, some state-sponsored, will be able to capitalize on via social engineering schemes that employ deepfakes. 

Currently, a deepfake’s ability to create a realistic facsimile depends on the quality and quantity of photographs it is trained on, making celebrities ideal candidates due to the amount of material available. Even those who have never heard the term before are likely familiar with the comedic social media accounts that feature digitally impersonated versions of actors like Tom Cruise and Keanu Reeves performing mundane daily tasks. 

As technology advances, however, it will certainly be able to do more with less. This means that it may eventually only take a handful of photographs for a threat actor to assemble a deepfake realistic enough to do serious damage.

Deepfaked audio is also within reach. To once again cite Disney, the voice of Darth Vader in their recent “Obi-Wan Kenobi” was generated entirely by AI company Respeecher. James Earl Jones provided none of his iconic voice work for the character, whose lines were generated by a computer having been trained on the actor’s decades of recordings. Soon, we may not even be able to trust a voice call fully.

Staging and executing dynamic attacks

In a battle as old as computers themselves, criminals and developers have been playing leapfrog, each side discovering something about the other and then responding accordingly. A new exploit results in developers releasing a software update to fix the bug. Conversely, every new software version sees hackers poking and prodding for unnoticed weaknesses. 

AI is predicted to end this turn-based scenario, as security firms and criminals alike employ dynamic programs that can predict the moves of their adversary, react in real-time to thrown punches and swoop in for the kill the moment a weakness is revealed. The days of patch downloads and emails encouraging users to download the latest OS version will seem old fashioned as AIs duel in cyberspace, trading thousands of blows a second and even self-patching before an administrator knows their network is under siege.

While that scenario may not unfold now, malware that can evolve to bypass detection and remain hidden within systems is a major concern for security developers. Standard, static defensive measures simply won’t be up for the task. They will have to be supplemented, or completely replaced, with an infrastructure that has the brains needed to hunt down evasive threats actively. 

How can we defend against malicious AI usage?

It’s plain to see that we are on the verge of an arms race around AI’s use in cyberspace. Thankfully, run-of-the-mill criminals simply don’t have access to the best minds in Silicon Valley when it comes to creating proprietary technology. This means that attacks in the near future will likely only leverage familiar, widely available tools similar to ChatGPT. 

However, just as we’ve witnessed a YouTuber take on Disney and beat them at their own game, tech advances are continually leveling the playing field. Additionally, state-sponsored hacking enterprises in countries like Russia and China can focus their resources on developing competitive tools or, as is often the case, simply steal them from others via run-of-the-mill espionage and data exfiltration.

Ultimately, organizations would do well to begin to integrate AI into business operations wherever possible while still maintaining essential cybersecurity best practices like regular staff training on current threats, mandatory multifactor authentication and adopting a zero trust model. As more antivirus and cloud-based security providers integrate AI into their offerings, we can expect the shift to happen organically, as long as administrators keep their defenses regularly updated.

An uncertain future …

AI’s role in cybersecurity may seem fraught, Monica Oravcova, COO and co-founder of cybersecurity firm Naoris Protocol feels that AI’s integration could very well be a net positive for the cyber landscape as long as those on the right side of it act quickly to set the stage. 

Regulation, as noted by Oravcova, moves at a glacial pace compared to technological advancement and market adoption. Therefore, it is essential that organizations set themselves up to battle evolving threats while also maintaining an ethical implementation of their own usage of AI as it relates to their users and customer data and privacy. 

Whether or not such a degree of faith ought to be placed in corporate entities that are foundationally designed to prioritize growth over societal wellbeing and have thus far proven less than stellar at keeping customer and user data out of the hands of criminals is another matter of debate entirely. What is certain, however, is that AI’s utilization and integration into our daily lives is no longer looming in the future, but here now and in for the long haul.

Network automation: what it is and how to do it

0
network automation

NetworkTigers discusses network automation best practices.

Managing the integration of applications is becoming difficult as companies continue to expand their operations into several virtual and physical locations to support a global workforce. Businesses are also trying to navigate complicated multi-cloud landscapes, as well as struggling with the need for increased performance and speed to transfer more information. 

This increasing network complexity affects enterprises while hindering growth. Fortunately, automation helps standardize your network structure as it allows you to automate difficult tasks in networking. Automation also helps you build a more reliable business network.

What is network automation?

Network automation is the process of using software to manage network services and resources. This process eliminates the manual and outdated processes involved in managing networks like logging into firewalls, switches, and routers to update configurations manually.

Network automation can help you test, operate, configure and deploy components in your network. You can use a software-defined network (SDN) to achieve network automation. An SDN makes controlling and automating the networks easy as it introduces network virtualization capabilities. 

How does network automation work?

Network automation helps in managing services and resources by allowing IT staff to scale, integrate and configure applications automatically. The IT staff can automate networks with programmable logic on devices’ command line interfaces (CLIs) to enable the nodes to perform automated actions such as bandwidth control and network filtering.

The IT administrator creates programmable scripts and logic using graphical UI, devices’ CLI, automation tools, or external systems to automate and control your network.  After that, the administrator executes the scripts using the API or CLI and manages all the devices within your network via a centralized control panel. 

Top 4 network automation tools

Automation tools can assist you in automating numerous everyday networking tasks like dynamic provisioning and inventory management, as well as predicting and analyzing bandwidth usage. You can also remotely control access ports and change configurations across your organization. Here are network automation tools to help you meet your enterprise’s requirements.

SolarWinds Network Configuration Manager

Network Configuration Manager is user-friendly and easy to install. The tool features robust automated processes to manage medium and large networks. Its automation system enhances network reliability by allowing businesses to schedule automated backups, create standard configurations and disperse it to devices on the network.

This bulk capability allows users to perform quick adjustments, saving energy and time while minimizing human error. Network Configuration Manager logs device configuration and user activity to maintain compliance with regulations for switches and routers from Juniper, Cisco, Dell, and more.

This tool also issues email alerts when it detects changes in your network. You can also check for unauthorized changes, reverse those changes efficiently and troubleshoot problems. 

WhatsUp Gold

WhatsUp Gold is a powerful tool for monitoring devices, applications, and networks from the Network Configuration Management add-on module with additional enhancement from one central dashboard. The tool queries the status of devices on your network via the Simple Network Management Protocol (SNMP).

WhatsUp Gold then tests all the operations while the Network Configuration Management add-on feature scans the configuration of devices. This process allows for the automation of network device monitoring as it logs active devices on the network into an inventory.

The system dashboard then creates standardized configurations for each category of model and device. It also identifies and flags any deviation from a certain set-up through email alerts.

ManageEngine Network Configuration Manager

This tool uses the script-based approach to centralized control and configuration backup. Designed to manage configurations for firewalls, routers, and switches, ManageEngine Network Configuration Manager backs up device settings as pictures, making it easy to implement automated or manual rollbacks after unexpected changes. 

The tool is ideal for large enterprises that want to manage compliance auditing, user activity tracking, and real-time network configuration. It also allows for remote configuration management using its iOS application.

ManageEngine Network Configuration Manager uses Configlets, templates that allow users to schedule and automate commands to enable SNMP or change passwords. The system sends out email alerts each time Configlets are executed.

GFI’s Exinda Network Orchestrator

GFI’s Exinda Network Orchestrator provides real-time network monitoring and gives you control over your network’s security, performance, and resources. This helps you improve the quality of your networking applications and services.

The tool has a user-friendly dashboard to help you identify performance issues and network use. You can also use GFI’s Exinda Network Orchestrator to orchestrate bandwidth scalability and usage to enhance application performance. 

How NetworkTigers can help

Network management is a crucial component of IT infrastructure that helps organizations avoid security issues, ensure high performance, and reduce disruptions. We can help your business lower maintenance and operational costs by automating crucial network processes. Ready to automate your network so that you improve your system’s efficiency? Contact us today to learn about your options for cost savings. 

Cybersecurity news weekly roundup January 23, 2023

0
roundup january 23

SAN MATEO, CA, January 23, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Remote code execution exploit discovered in Microsoft Azure

A remote code execution vulnerability could allow a threat actor to deploy malicious ZIP files to a target’s Azure application, allowing them to take control of it. Successful execution of the hack, which has been dubbed EmojiDeploy, could also allow hackers to steal data or move laterally within the Azure environment. Upon being notified of the exploit, Microsoft has since patched the vulnerability with an update. Read more.

T-Mobile hacked again, 37 million accounts breached

Just as T-Mobile rounds out the last phase of a settlement from a 2021 data breach, it has reported that a threat actor has had access to data associated with 37 million of the mobile carrier’s customers since November of 2022 after taking advantage of one of its “application programming interfaces.” The information available to the hackers includes “names, billing addresses, email addresses, phone numbers and birth dates of its customers, their T-Mobile account numbers, and information on which plan features they have with the carrier and the number of lines on their accounts.” T-Mobile is downplaying the breach, saying that no passwords, Social Security numbers or payment data were accessible and that any data leaked was already publicly available. Read more.

Mailchimp hacked via social engineering attack

Mailchimp has reported that customer data has been exposed in a social engineering attack that targeted employees and contractors. The attack described seems almost identical to a hack against the company in August of last year, after which Mailchimp put “an additional set of enhanced security measures.” While those measures were not described, it would appear as though they were ineffective in preventing a threat actor from employing the same techniques as before to breach the company’s security and access customer support and account administrator tools. Read more.

New Hook malware sets its sights on Android users

DukeEngine, the hacker developer responsible for creating the ERMAC and BlackRock banking trojans has released another malware called Hook. Hook has new features that let attackers access device files and “create a remote interactive session” to use the device’s screen. The malware, which also has RAT capabilities and device tracking, can be rented for $7,000 a month and is sure to cause headaches among Android users as it gains traction in the wild. Read more.

Nissan: customer data exposed by third-party supplier

Nissan North America has disclosed that data associated with almost 18,000 customers was leaked by a supplier and may have been accessed by an unauthorized third party. Nissan reports that the data was given to a supplier to conduct a software test and that some of the data used was mistakenly exposed. The information in the breach includes customer birth dates, names and numbers associated with vehicle financing. While the data exposed is not critical, Nissan warns that it could be used to stage phishing attacks. Read more.

Two security exploits have been discovered in Netcomm and TP-Link routers that can be used to achieve remote code execution. Netcomm router models NF20MESH, NF20 and NL1902 running software versions earlier than R6B035 are vulnerable to flaws CVE-2022-4873 and CVE-2022-4874, which can be chained together to allow an attacker to run remote code. TP-Link routers WR710N-V1-151022 and Archer-C5-V2-160201 are vulnerable to flaws CVE-2022-4499 and CVE-2022-4498, which can lead to remote code execution and information disclosure. Read more.

Russian hackers observed testing ChatGPT’s restrictions with malicious intent

Check Point Research has observed Russian hackers trying to bypass or circumvent AI bot ChatGPT’s restrictions to use the tech for malicious activity. From using stolen credit cards to pay for limitless access to bypassing the geo-restrictions of the tool, the dark web is abuzz with threat actors poking and prodding for ways to weaponize the technology against their victim. Check Point has already observed hackers using ChatGPT to create infostealers, encryption tools and other instances of malicious code. Read more.

GitHub Codespaces can be abused to deliver malware

GitHub Cloudspaces, “a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code,” has been found to contain an exploit that lets a threat actor create a malicious file server. Cybersecurity firm Trend Micro, in a proof-of-concept demonstration, showed how an attacker could be able to create a codespace, download malware from a domain that they or another threat actor controls to the environment and then set the visibility of the forwarded port to public, thereby making the application act as a web server hosting malicious content. The exploit has yet to be observed in the wild. Read more.

Network of fake, cracked software used to spread Raccoon and Vidar stealers

A network of more than 250 domains that purportedly offer cracked versions of popular software is being used to infect users with Raccoon and Vidar information stealers, according to findings from French cybersecurity firm SEKOIA. The domains, which ultimately lead victims to download malicious files from GitHub, appear to be operated by a threat actor that rents them out to purveyors of malware. An alternate means of attack sees victims linked to the domains via phishing emails that masquerade as having been sent from banking institutions. Read more.

Norton LifeLock breached, exposing customer password managers

Norton LifeLock has released a data breach notice alerting customers to a breach in which user password managers were exposed. According to the company, the breach was likely the result of a credential-stuffing campaign as opposed to a compromise of their systems. Gen Digital, Norton LifeLock’s parent company, has sent the notice to around 6,450 users affected by the breach. According to Gen Digital, account breaches occurred as long ago as December 1st, 2022. Read more.

More cybersecurity news

10 cybersecurity tips for non-techies

0
cybersecurity tips

NetworkTigers cybersecurity tips for non-techies.

Maintaining good personal cybersecurity doesn’t require a degree in computer science, nor does it take a lot of time or money. While being a security expert means navigating the shifting sands of threat actors, phishing efforts, ransomware gangs, and data vulnerabilities, many breaches result from human error in the form of neglected updates, gullibility or misconfigured settings. Thankfully, maintaining good personal cybersecurity is more about common sense and diligence than hard data and analytics.

1. Update your software

Maintaining updated software is a foundational component of solid cybersecurity from smartphones and tablets to the computers you use for work or play. As threats are discovered, developers release patches and updates that close the door on would-be hackers.

Remembering to check for updates periodically is cumbersome and leaves room for items to slip through the cracks. Turn on automatic updates wherever possible so that you are best protected. Ensure that every connected device you use runs the most current operating system and firmware. Neglecting any one component in your network is akin to installing a cutting edge security system in your home only to leave the back door open.

2. Update your hardware

Don’t forget your hardware. If you’re using an old router or other devices, make sure that the manufacturer with updates and patches is still supporting them. In the fast-paced world of technology, legacy equipment quickly fades into the rearview. 

Unsupported devices, or those too old to run current operating systems, should be replaced. You can save money on modern gear by purchasing used or refurbished hardware from a reputable provider.

3. Maintain good password habits

While keeping things simple makes your online life convenient in the short term, poor password hygiene is a major headache for cybersecurity experts and a big advantage for hackers. To make sure that your passwords are up to the task of protecting your data privacy, keep these tips in mind:

  • Use a password generator to create randomized passwords that are impossible to guess.
  • Avoid using names, dates or other personal information in your password.
  • Instead of a password, come up with a “passphrase” that is a short, easy-to-remember sentence in which you swap letters and numbers for symbols and punctuation.
  • Try not to repeat characters in your password.
  • Never use the same password twice.

4. Use anti-virus protection

Anti-virus protection can detect and isolate malicious software that enters your network or computer. It works in the background and should be configured to regularly scan your system for malware, trojans and viruses. There are many options when it comes to anti-virus software. Choose a program that will adequately protect you but won’t overwhelm you with complexity that is best reserved for major networks.

5. Use a firewall

A firewall filters web traffic, blocking hackers, malicious software and viruses from your device or network. Hardware firewalls are commonplace in control rooms, but software firewalls are also regularly employed. Both Windows and Mac operating systems include built-in firewall options that can be configured to suit your needs. Your internet router should also feature a built-in firewall to restrict access to your systems and devices.

6. Beware of public wifi

Using publicly available Wi-Fi, whether in a hotel or coffee shop, can be dangerous. Use a VPN if you must access the internet from a public location. You can also hotspot your phone or other wireless devices so that you are accessing the internet via your cellular service provider, as opposed to through a heavily trafficked router. 

7. Enable multi-factor authentication 

An account locked behind a single username and password could be easy to crack, even if your password hygiene is on-point. While not perfect, multi-factor authentication remains an effective way to put an obstacle between your data and hackers. From providing a second password via another device to using biometric facial or fingerprint data, adding a layer of security will prevent you from becoming low-hanging fruit.

8. Know how to spot scams

The days of obvious scam emails aren’t over, but sophisticated phishing attempts are a modern cybersecurity scourge. Today’s savvy threat actors can craft fraudulent messages almost indistinguishable from legitimate messages.

Anyone who has spent a year using email knows that impersonating financial companies like PayPal and eBay is common practice. If a hacker can take control of a colleague or friend’s account, however, they may send messages to that person’s contacts that recipients are already primed to trust. 

Scammers are becoming more brazen, and some efforts even involve social engineering tactics that see victims interacting with an actual person who directs them to download malware or turn over login credentials.

Know how to identify scam attempts and never open emails or texts that include attachments or links without verifying their validity first. If a coworker or family member sends you a message with an unusual request, confirm that they are the sender through a different avenue.

9. Backup your data

If you suffer a cyberattack, restoring your system or device to the condition it was in before being hacked saves time and stress. 

Keep your data backed up on your local hard drive, an externally connected one, and in another off-site location such as the cloud. Regularly update your data backups so that you don’t lose a more significant amount of time than necessary if you have to perform a restore.

10. Never leave a device unattended

A stolen phone, tablet or laptop is a treasure trove of data, passwords, credit card numbers and other information that can be used against you and to stage further scams or attacks. 

If you have to leave a device for an extended period, make sure it is password protected and locked up safely where no one else can access it. USB drives and other external storage devices should be encrypted to prevent thieves from accessing your data.

Both Windows and Mac operating systems feature native encryption tools, BitLocker and FileVault, which you can use to secure an external drive without having to do much more than click a few boxes.

NetworkTigers’ 2023 cybersecurity predictions

0
2023 cybersecurity predictions

NetworkTiger’s list of 2023 cybersecurity predictions. It’s only going to get worse.

It’s a new year, and cybersecurity researchers and think tanks worldwide are predicting what we may be up against in 2023. While many cybersecurity challenges are expected based on trends witnessed year after year, this year’s forecasts are interesting due to the passage of federal cybersecurity laws and advancements in artificial intelligence. 

Ransomware and malware: the eternal threat

Ransomware and malware will continue to plague organizations large and small, inflicting financial and operational damage. However, experts are theorizing that the haphazard methodology of past attacks may give way to more sophisticated, highly targeted campaigns that hone in on multinational organizations, municipalities and infrastructure.

Continued government emphasis on protecting critical infrastructure

A further bolstering of cybersecurity protections for critical infrastructure is predicted to be a key focus in 2023 and beyond. 2022’s passing of the Cyber Incident Reporting for Critical Infrastructure Act and the Better Cybercrime Metrics Act signal the federal government’s intentions to take cybercrime seriously regarding national security and threat tracking. As these bills roll out and see real-world implementation, we can naturally expect amendments and further laws to follow.

Multi-factor attacks are predicted to evolve

Multi-factor authentication touted as something of a silver bullet against hacks has seen its effectiveness wane as threat actors have devised ways to circumvent it or socially engineer users into weakening its purpose. As more users and organizations have adopted MFA, hackers have kept pace and modified their methods to accommodate for it. Depending on how much MFA attacks evolve in the coming months, the end of 2023 may even see MFA derided as an antiquated means of protection.

Deepfakes hit primetime

Deepfake technology, as a quick perusal of YouTube or TikTok can confirm, is becoming easier to achieve even by those possessing limited technological know-how. With so many people already susceptible to being phished by a convincing email or text message, the advancement of deepfake technology will make separating fact from fiction nearly impossible in some scenarios. Fraudulent videos of coworkers, superiors or family members asking for sensitive data will make scam text messages seem quaint.

Deepfakes of politicians making incendiary statements will also have tremendous implications concerning government stability and social unrest. State actors releasing purported video of a leader calling followers to arms, especially in underdeveloped countries where significant portions of the population may not be familiar with cutting-edge technology, could have disastrous destabilizing consequences. In a world where comically absurd misinformation can already garner devout belief, the implications of realistic deepfakes are frightening. 

Battling artificial intelligences

With controversial content generators like DALL-E, MidJourney and ChatGPT showing the exponential advancement of the technology and the potential for worldwide disruption in almost every field of expertise, 2022 was the year that artificial intelligence went mainstream and opened up an entirely new universe of potential threats.

On a basic level, threat actors will utilize AI to communicate with victims in their own language. One of the most obvious “tells” when it comes to scams is poor grammar. Intelligent translators will make this hiccup a thing of the past as scammers leverage it to create nuance in their communications and erase instances of typos or incorrect verbiage.

Some experts predict that 2023 will be the first year we witness dueling automated systems battling in cyberspace at speeds human programmers cannot achieve. With hacking collectives and state-sponsored organizations using AI to create and launch attacks against systems protected with AI-directed security, we may be on the cusp of an IT arms race with victories going to the “smartest” technology.

Sounding less like science fiction daily, researchers wonder if an ill-advised user may not accidentally create a destructive AI that unleashes widespread disruption and destruction. It’s a scenario that only James Cameron may have seen coming.

Employers are predicted to get snoopier

Much of the planet’s workforce breathed a collective sigh of relief with the adoption of remote work, as it signaled an end to hovering bosses checking in to ensure that employees were living up to their standard of “busy.”

That respite may be short-lived, however, as employers are adopting so-called “productivity surveillance” tools to gain insight into who is and is not at their desk toiling, no matter where said desk may be located. This Orwellian scenario, essentially mandating that employees install spyware on their devices to ensure compliance, is already being used by a whopping 78% of employers and shows no sign of slowing down as companies struggle with managing workers that they cannot physically monitor. 

Mandated security features

As the wheels of government slowly grind in the direction of cybersecurity prioritization, it’s reasonable to assume that regulatory bodies will set their sights on the private sector and mandate that their offerings meet minimum security requirements to be legally sold. Products that store and process user data will likely need to meet government guidelines, holding manufacturers accountable for security holes in their offerings. 

The Metaverse will give criminals a new playground

While Mark Zuckerberg’s investment in the Metaverse has yet to attract many users, let alone change the internet landscape, an alternate virtual landscape will undoubtedly break through soon. As people migrate into it and incorporate it into their lives, criminals will surely follow and devise new ways to scam users, steal data, sell illicit goods and otherwise wreak havoc. 

At this point, it seems unlikely that Meta will lead the charge into this new frontier. Security experts have their fingers crossed that whoever does take a more preemptive and holistic approach to user data and privacy than Facebook has. 

Privacy concerns are predicted to escalate

Social networks, surveillance cameras and our plethora of connected devices have coalesced to create a world in which privacy is challenging, if not impossible, to achieve. 

Individuals who believe themselves to be “off the grid” could potentially still be tracked, located and observed through facial recognition algorithms capable of scanning publicly accessible social media accounts for photos and videos that they unintentionally appear in.
The public will likely demand better protection for their personal data even though 70% of all countries have privacy protection legislation in place already. The American Data Privacy and Protection Act has been introduced in the US. However, it is hard to imagine how laws and legislation will put the genie back in the bottle when there is a constant tug-of-war between protecting privacy and seeming to care very little for it.

Cybersecurity news weekly roundup January 16, 2023

0
roundup january 16

SAN MATEO, CA, January 16, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Majority of Cacti servers under attack as most users fail to patch bug

A major security vulnerability within Cacti servers has been spotted in the wild, leading the developer to issue a patch that the majority of Cacti users have yet to install. According to attack surface management platform Censys, only 26 out of 6.427 servers are running the most recently updated version of Cacti. The public disclosure of the vulnerability (CVE-2022-46169) has led to increased attempts by hackers to leverage the exploit, which allows a threat actor to “xecute arbitrary code on an affected version of the open-source, web-based monitoring solution.” Read more.

Cyberattack on Royal Mail linked to LockBit

A cyber incident that resulted in the UK’s largest delivery service, Royal Mail, halting international shipments has been determined to be linked to the LockBit ransomware gang. A ransom note sent by the threat actors says that “LockBit Black” ransomware was used in the attack. LockBit Black is the group’s latest encryptor, which uses code and features assimilated from the now defunct BlackMatter gang. LockBit, however, has denied that they are responsible for the attack claiming that someone using a leaked version of their ransomware is responsible. Read more.

Cisco warns of public exploit in EoL routers

Multiple end-of-life Cisco routers are susceptible to a critical authentication bypass exploit, the company warns. The flaw, CVE-2023-20025, has been found in the management interfaces of Cisco Small Business RV016, RV042, RV042G and RV082 routers. Despite Cisco’s Product Security Incident Response Team’s awareness of the bug, the company does not plan to release a patch to fix the vulnerability. Users can disable their router’s web-based web interface and block access to ports 443 and 60443 to black attacks and are encouraged to migrate to newer routers that are still supported. Read more.

Twitter: data leak was not due to bug

Twitter, responding to a leak that has seen data associated with more than 200 million accounts placed for sale on the dark web, has stated that the information could not be traced to the company and was not the result of a hacker exploiting a vulnerability within the platform. Asserting their belief that the data was accumulated from publicly available sources, Twitter has also assured users that password information is not included in the trove. Some security experts remain skeptical of the company’s statement, however, citing the authenticity of the information as evidence that it was gained due to a compromised third party. Read more.

Ransomware gangs installing backdoors for later use

Security researchers are warning that some ransomware gangs have been observed installing backdoors while exploitation remains unpatched in order to use them at a later date. The Lorenz gang has been witnessed doing just that, as researchers noted that they planted a backdoor on an exploitable system before it was patched and allowed it to remain dormant until they used it to launch ransomware in spite of it having been updated. Security experts are warning that, while patching in a timely fashion is critical, it’s important to check for intrusions consistently to remove any potential for future attacks. Read more.

Microsoft’s first patch of 2023 addresses 98 security flaws

Microsoft’s first Patch Tuesday of the new year has been pushed, addressing 98 security flaws. One bug has been witnessed being exploited in the wild. 11 of the flaws are rated as Critical and the other 87 have been listed as Important. The exploited bug, CVE-2023-21674, is a “privilege escalation flaw in Windows Advanced Local Procedure Call that could be exploited by an attacker to gain SYSTEM permissions.” The flaw has also made it to CISA’s Known Exploited Vulnerabilities, signaling the importance of it with regard to federal agencies. The patches also arrive as Windows 7, Windows 8.1, and Windows RT reach the end of their support by Microsoft. Read more.

Cyberattack keeps Iowa’s largest school closed for two days

An apparent cyberattack targeting the Des Moines school district, Iowa’s largest, has resulted in classes being canceled for the second day in a row as IT administrators attempt to restore network functionality. While the nature of the “cybersecurity incident” has yet to be disclosed, the school’s interim superintendent says they are operating as if it was a ransomware attack. Classes are expected to resume later in the week. Schools and universities have become favored targets as they store large amounts of data, provide necessary services and are often underfunded when it comes to IT infrastructure. Read more.

Microsoft: Kinsing malware attacks on the rise

Microsoft’s Defender for Cloud team has reported an increase in Kinsing malware breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured PostgreSQL containers. These types of attacks, while not new, indicate to researchers that threat actors are on the hunt for exploitable vulnerabilities, specifically with regard to crypto mining. Microsoft warns that PHPUnit, Liferay, Oracle WebLogic and WordPress are the apps that this current surge seems to be targeting with the most regularity. Read more.

API vulnerabilities found in 16 major automobile brands

Millions of vehicles are at risk of cyberattack due to bugs found in their APIs by a researcher at Yuga Labs. The vulnerabilities range from severe to inconvenient and allow attackers to do anything from access user information to remotely execute code that could disable vehicles in a number of ways. This type of exploit not only poses a threat to the average driver, but could be leveraged to control features on law enforcement or emergency response vehicles. Affected brand include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota and more. All bugs found have been fixed by manufacturers after having been disclosed. However, the disclosure of the findings reveals that modern vehicles could be a dangerous new hacking frontier. Read more.

More cybersecurity news

How to avoid counterfeit network equipment

0
counterfeit network equipment

NetworkTigers on how to avoid purchasing counterfeit network equipment and what to do if you buy some by mistake.

Counterfeit network gear, both hardware and software, leeches approximately $100 billion annually across IT industries. While it’s understandable to shop around for the best deal, counterfeit networking equipment has flooded the market with substandard and sometimes dangerous goods. 

Counterfeiting is a crime

Approximately 19% of goods seized in FY2021 by US Customs and Border Protection were classified as consumer electronics, including computers and accessories. The import of counterfeit electronics is illegal and may result in civil fines or criminal charges. 

A counterfeit scheme can victimize anyone. In one recent 2022 Department of Justice indictment, a Florida resident was charged with running a years-long scam selling counterfeit Cisco gear that, if authentic, would have totaled over $1 billion in retail value. The scam involved over 19 sellers (collectively, “Pro Network Entities”) across Amazon, eBay, and other storefronts that imported counterfeit Cisco network gear made in China and Hong Kong. The routers and gear routinely malfunctioned and left clients, including schools, hospitals, government agencies and the US military, open to data breaches and wireless access meltdowns. 

The risks of counterfeit electronic equipment

Counterfeit networking equipment often contains crucial safety shortcuts that can open your business to data breaches. Its manufacture may support criminal activity and unsafe labor practices. Finally, counterfeit networking equipment may be physically dangerous. Consumer Reports shares that 99% of counterfeit Apple iPhone chargers fail one or both electric strength tests and touch current tests. Both tests are in place to measure fire risk and electrical shock. Failing either puts the consumer’s physical safety in jeopardy. 

Counterfeit network equipment, especially routers and switches, is hazardous for a business. They may appear to do the same job, but have bypassed internal authentication software designed to keep a network secure. They may involve intentional backdoors or play host to modified software or firmware. Counterfeit network equipment by design is less secure than verified gear. If it does not introduce viruses and malware into your system from the start, its security defenses are easier for hackers to breach. Finally, counterfeit gear regularly malfunctions, forcing your business to bear the cost of replacement gear sooner than it should. 

How to spot and avoid counterfeit networking gear

Worried you may have accidentally bought counterfeit networking gear? Here’s how to check, and how to avoid doing so again: 

  1. Look for the hologram: Holographic security features are difficult to replicate. The background should change when tilted. Look up reputable providers’ holographs, and ensure that the seal on your device matches the design, placement, and expected quality. 
  2. Compare the price: If the price is too good to be true, it’s often a red flag for a fake product. While everybody wants a deal, counterfeit goods are often offered far below expected market value to sidestep pesky questions about their performance. Saving money on the initial sticker will only lead to headaches. 
  3. Source from authorized channels: Buying from reputable dealers or directly from the manufacturer is one of the best ways to ensure that your network connectivity gear is authentic. 
  4. Buy with a warranty: Authorized resale and third-party channels may offer a warranty as additional peace of mind that the gear they sell is legitimate. Buying from a party that offers a warranty is a way to ensure that the product you have is the real deal and made to last. Maintaining service contracts can help ensure that you remain in communication with sellers and their sources. 
  5. Audit: Sprawl and IT expansion makes auditing a necessary step to avoid introducing counterfeit replacement parts. Even if you are certain that everything you’ve invested in is above-board, there is no guarantee a predecessor did not attempt to cut costs with counterfeit gear. Conducting a regular audit can help ensure that threats are not being introduced without your awareness. 

What to do if you’ve bought some counterfeit network equipment by mistake

A three-step reporting process is recommended if you recognize counterfeit gear anywhere along your network connection.

  1. Reach out to your internal legal team. Because knowingly purchasing counterfeit goods can carry civil and criminal penalties, speaking to your company’s in-house attorney is an important step. 
  2. Contact law enforcement. US Customs agents may be able to stop the counterfeit import source. 
  3. Tell the manufacturer who sold it to you. They may offer you a discount on future gear, but it is worthwhile to assess whether or not you feel you can trust continued investments.

The last thing you want for your business is to be embroiled in a customs fraud or counterfeiting scheme. Contacting all three professionals can help block a counterfeit supply chain’s access. Informing your legal department can help mitigate or reduce your internal liability. Protect your bottom line by regularly auditing and reporting concerns about your company’s networking equipment.

5 ways to reduce network upgrade costs

0
network upgrade

NetworkTigers advises on how to reduce network upgrade costs.

Network infrastructure can be costly to manage and upgrade, making it difficult for businesses to determine how to minimize the cost of network upgrades. Companies looking to enhance their network setup should evaluate their current infrastructure to determine the changes they can implement to eliminate costly expenses. 

Fortunately, new technologies, automation, and managed service providers allow businesses to reduce costs. Automating network management and control and knowing the total cost of ownership and personal device usage can help you significantly cut costs. 

5 ways to reduce network upgrade costs

While your enterprise’s network may check the boxes for high performance, capacity, and availability, you should consider ways to minimize network expenses. Here are strategies you can put in place to bring down the cost of network upgrades.

1. Understand the cost of ownership and integrate new solutions

It’s crucial to understand your software and hardware plus their Total Ownership Cost (TOC) so that you analyze the following key factors when it comes to costs:

  • Network maintenance expenses – Network maintenance, including support, hardware maintenance, monitoring, and network downtime are huge costs for most companies. Evaluate these expenses to know where they’re coming from and how to minimize them. For instance, you can install servers with management and remote upgrade options or new monitoring software.
  • Network management cost vs hardware cost – As network hardware becomes outdated, it costs more to manage and maintain. Keep an eye on the increasing cost of ownership and replace hardware when maintaining it becomes too expensive than replacing it. 
  • Direct expenses – Assess hardware to see if newer solutions can reduce costs. For instance, using cloud security or cloud servers in remote locations or switching to SD-WAN instead of WAN can offer considerable savings.
  • Network complexity expenses – If your network is more complex, it may require more staff and maintenance time. You can add redundancy to minimize local strain on hardware and prevent downtime or analyze where and how to simplify your network.

2. Monitor and automate your network

Network monitoring and management are the most time-intensive tasks for IT administrators. Enterprises can reduce operational costs by automating essential network processes such as deploying, testing, managing, and configuring network-based devices. 

Automation also enhances network reliability, minimizes human errors, and enables networks to handle workload better. Businesses should adopt automation processes and tools that can be customized easily to promote efficiency and suit future needs. 

Organizations should go for tools that enable health measurements for servers, live monitoring, and flagging real-time triggers and automatic redirects. Most companies do not manage full-time network monitoring due to exorbitant costs. Integrating software or switching to an MSP can minimize monitoring expenses while alerting IT personnel of network usage and overload for further optimization.

3. Create a cost-saving network vendor plan

If you work with several vendors, they can make you incur a lot of expenses. While working with one vendor is not advisable as it may not offer a perfect full-package solution, partnering with many vendors is not a good idea. Here are two costs you should review:

  • Subscription costs – It’s essential to assess the real costs of subscription fees for your network with management and maintenance differences accounted for because subscription fees add up when you’ve several subscriptions. If you’re not utilizing everything in a package, switch to another package that costs less. 
  • Vendor costs – Evaluate vendor contracts to see the services you’re paying for. For example, you’re likely to pay the same amount to several vendors if you hire different vendors to maintain cables and servers. To reduce unnecessary expenses and the cost of management, switch to one ICT provider who can move you to a single contract and contract everything for you.

Any vendor plans you adopt should be based on ease of replacement, application support, and integrations. Your vendor strategy should also avoid vendor lock-in and manage redundancies. 

4. Build your network based on your application needs

Most companies design a network around their needs and expand on it slowly as their needs change. Unfortunately, this approach can result in server bloat with a complex architecture. Performing a network-needs analysis can help you know what you need.

Applications are the most crucial aspect of your network. The network allows your workforce to work on applications and meets those crucial needs first then secondary needs like device usage or print later. If network upgrades are meant to contribute to business goals, they should be geared toward enabling applications.

5. Work with a managed network services provider

Most organizations invest in maintaining and managing their servers, hardware, and network team. This can be a huge mistake since your ability to maintain a network is lower than that of a provider specializing in networks. Again, any specialist you hire may have to test and identify new problems through trial and error and you may have to spend money on training to upgrade to new technologies.

Outsourcing to a managed services provider means reducing those costs. Businesses working with network vendors can get recommendations on enhancing their setup to eliminate unnecessary costs and minimize maintenance tasks. The right network infrastructure allows organizations to focus on their main business objectives, which boosts profits and promotes organizational productivity.

Managed network service providers help reduce costly downtimes by identifying problems as they arise and offering on-site assistance. If you’re interested in working with an MNSP that can continually monitor your servers and network infrastructure to identify where upgrades can be made so that you reduce network costs, speak to an expert today

Conclusion

Before implementing any network solution, running a needs and cost analysis is crucial. However, most enterprises can benefit from restructuring vendor contracts, minimizing manual work for network maintenance, simplifying networks, and reviewing cost sources.

Cybersecurity news weekly roundup January 9, 2023

0
roundup january 9

SAN MATEO, CA, January 9, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

More than 60,000 unpatched Microsoft Exchange servers remain vulnerable to ProxyNotShell

Security researchers at Shadowserver Foundation have found that nearly 70,000 Microsoft Exchange servers have not been patched, leaving them vulnerable to the CVE-2022-41082 remote code execution (RCE) vulnerability despite the update remedying it having been issued in November. One of two ProxyNotShell attacks, this exploit allows an unauthorized user to gain remote code execution. Only a fully patched server is protected. Users are strongly urged to follow Microsoft’s instructions about the update procedure to ensure that their Exchange servers are adequately defended against what continues to be a lucrative, popular way to wreak havoc. Read more.

Hackers getting victims to download BitRAT using stolen banking info

Security firm Qualsys has observed a new malware campaign that tricks victims into downloading BitRAT malware by using their stolen banking data. The hackers are believed to have “hijacked the IT infrastructure of a Colombian cooperative bank” and then created phishing emails that include an Excel attachment loaded with a macro that executes BitRAT on their system. BitRAT is an easily purchased malware that can be configured in several ways, from crypto mining to credential stealing, depending on how the threat actor wants to use it. Read more.

Major US toy manufacturer suffers Hive ransomware attack

Jakks Pacific, a major US toy maker, has disclosed that it was hit with a ransomware attack from the Hive and BlackCat groups. The company has stated that the attack will not affect business operations, however, the “attackers were able to exfiltrate employees’ personal data, including names, addresses, emails, taxpayer identification numbers, and banking details.” Jakks Pacific did not pay the $5 million ransom demanded of it, resulting in the data being posted online by Hive on December 19th. Read more.

Experts: LastPass misleading users about severity of data breach

A number of security experts are calling out LastPass for misleading users about the nature and potential consequences of the password manager’s most recent data breach. Researchers are claiming that LastPass’s characterization of August and December’s hacks as two separate incidents, as opposed to one ongoing campaign, is designed to make the company appear less culpable for their security lapses. They’re also holding LastPass to task for claiming that the data stolen is impossible for hackers to crack when what they have access to can be used to mount phishing attacks against users or be cracked with enough time and determination. Users of LastPass are encouraged to change their passwords, and some security pros are going so far as to recommend dropping the platform altogether. Read more.

WordPress sites targeted by new Linux malware

Researchers at Doctor Web have reported a new Linux malware that exploits flaws in WordPress plugins and themes. The malware can redirect victims to websites of a threat actor’s choice by injecting JavaScript code from a remote server. Malware and users of the CMS are targeting around two dozen WordPress plugins and themes are strongly encouraged to update all components, including those from third-party developers, up to date. Read more.

TikTok’s parent company used app’s data in effort to identify journalists

Employees at ByteDance, TikTok’s parent company, accessed the platform’s data in a failed effort to identify the source of media leaks by determining what ByteDance workers may have been in the same location as journalists and when. ByteDance has condemned the effort, reporting that four employees involved in the snooping have been fired. The covert espionage comes as a setback for ByteDance, as the company has long been suspected of compiling data to be used by the Chinese government despite great efforts to convince US lawmakers that they take data privacy seriously and do not pose a security threat. Read more.

Quantum Cybersecurity Preparedness Act signed into law by President Biden

The Quantum Cybersecurity Preparedness Act, “designed to secure the federal government systems and data against the threat of quantum-enabled data breaches, ahead of ‘Q Day’ – the point at which quantum computers can break existing cryptographic algorithms,” has been officially signed into law by President Biden. The law gives federal agencies six months to shore up systems vulnerable to quantum hacking and develop a strategy for migrating them to post-quantum cryptography. The new law comes on the heels of other provisions developed to update and future-proof federal agencies against increasingly sophisticated cyberattacks and espionage. Read more.

LockBit apologizes for hospital attack, provides decryption key

SickKids, a teaching and research hospital in Toronto that focuses on providing care to sick children, suffered a December 18th ransomware attack that affected internal phone lines and their website. Two days after SickKids announced the attack, the LockBit ransomware group “formally apolized” for the incident and provided a free decryptor key to the organization. LockBit, a ransomware-as-a-service administrator, said that a user violated their rules by attacking a medical institution and has been blocked. Oddly, previous attacks on hospitals using LockBit ransomware have not been issued apologies or keys. Read more.

BlackCat ransomware gang posts victim’s data on cloned website

The BlackCat ransomware gang has created a clone of a victim organization’s website upon which they have listed links to stolen data. The cloned site is different from a ransomware group’s typical operations in that it is available for all internet users to peruse as opposed to dumping on a dark web forum or database. The site closely matches the look of the victim’s and was created as a consequence for refusing to pay for a decryption key. This new tactic makes it easy for BlackCat to direct employees, customers or other people affected by an attack to a site where they can see what was exposed and put additional pressure on organizations to pay ransoms. Read more.

More cybersecurity news