SAN MATEO, CA, November 25, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
CISOs now eligible for personal liability insurance
New Jersey-based insurer Crum & Forster has unveiled a professional liability insurance policy specifically designed to shield CISOs (chief information security officers) from personal liability if it is alleged to have not upheld their responsibilities. The firm seeks to close a loophole in which CISOs are not viewed as corporate officers under a directors and officers liability policy, saying, “CISOs are in a no-win situation. If everything goes right, that’s what people expect. If something goes wrong, they’re the person that everybody looks at, and they’re left holding the bag. Then, there are potentially significant financial ramifications for them because they’re often not covered by traditional insurance policies.” CISOs are finding themselves under increased legal scrutiny after cybersecurity incidents. Crum & Forster’s plan “offers zero deductible defense costs for immediate and effective protection, along with broad claims coverage, even in criminal proceedings, ensuring CISOs have robust protection against personal liabilities.” Read more.
Scammers moving in on BlueSky
X has been a notorious hotbed of scams that push fake crypto giveaways and look to steal banking information. As BlueSky becomes a viable alternative to X, formerly known as Twitter, scammers are moving in. Bleeping Computer has observed posts promoting crypto using AI-generated images of Mark Zuckerberg, fraudsters copying the look and feel of Meta to appear legitimate, and the use of images of celebrities to drive visitors to malicious URLs. “In the past 24 hours, we have received more than 42,000 reports (an all-time high for one day). We’re receiving about 3,000 reports/hour. To put that into context, in all of 2023, we received 360k reports,” said the BlueSky safety team. BlueSky’s decentralized nature poses challenges unique to the platform, and the team has pledged to “dial our moderation team up to max capacity.” Read more.
Amazon and Audible inundated with phony listings
Amazon, Amazon Music, and Audible are flooded with phony listings pushing forex trading sites, Telegram channels, and links claiming to offer pirated software. “What makes cases involving Spotify or Amazon peculiarly interesting is, one would instinctively expect the overhead associated with podcast and digital music distribution to deter spammers who’d otherwise rely on low hanging fruits, such as writing spammy social media posts or uploading YouTube videos with tainted descriptions.” However, Bleeping Computer found that the podcasts listed on Amazon were zero seconds long, their only purpose being to load Amazon’s listings to boost search engine rankings via SEO poisoning. Some listings send users to YouTube and Telegram channels associated with a suspicious company called “EliteMarketMovers.” The company’s site no longer works, but offered forex trading services without any trace of authenticity or safety. Read more.
AI and LLMs may give IT admins an edge
Security researchers rely on AI models to seek out software vulnerabilities and many currently feel confident that, while the technology is expected to increase the annual count of software bugs, it could result in fewer flaws making it to public release. By incorporating AI (artificial intelligence) and LLM (large language model) agents into the development of the software and not just into testing for defects after the fact, experts feel that the number of zero-day flaws showing up in the wild could be severely lessened. Additionally, these tools give developers the upper hand. “LLMs favor defenders because having access to source code and fixing issues is easy. So I’m kind of bullish that we can eliminate whole classes of vulnerabilities, but it’s not from finding more. It’s from being able to fix more,” said Chris Wysopal, co-founder and chief security evangelist at Veracode. Read more.
Windows initiative to avoid incidents like CrowdStrike
In an effort to enhance reliability, improve security, and ensure that systems remain stable, Microsoft has announced a new Windows Resiliency Initiative. The intent behind the initiative is to “avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer options to encrypt personal data.” A key feature highlighted in the initiative is Quick Machine Recovery. Expected to be available to the Windows Insider Program community next year, “this feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC,” David Weston, vice president of enterprise and OS security at Microsoft, said. Read more.
Apple patches two exploited zero-day bugs
Intel-based Mac computers are under exploitation due to a pair of zero-day vulnerabilities that Apple has fixed in a recent update. The flaws were present in the macOS Sequoia operating system, JavaScriptCore (CVE-2024-44308), and WebKit (CVE-2024-44309) components. “The JavaScriptCore CVE-2024-44308 flaw allows attackers to achieve remote code execution through maliciously crafted web content. The other flaw, CVE-2024-44309, allows cross-site scripting (CSS) attacks.” The company did not share any information regarding how these two bugs were actually being exploited. Apple has fixed a total of six zero-day bugs so far in 2024. Read more.
Ransomware gangs on the lookout for pen testers
Cato Network’s Cato Cyber Threats Research Lab (CTRL) has reported that threat actor groups are actively seeking pen testers to join ransomware affiliate programs. CTRL believes their discovery of Russian-language job listings describing the requirements that match those of pen testers indicates that ransomware groups need individuals willing to ensure their malware works effectively and can be deployed successfully. “Ransomware gangs are hiring people… not to secure systems, but to target systems,” said Etay Maor, Chief Security Strategist at Cato Networks. Maor said that other findings show that “the bar keeps going down in terms of how much it takes to be a criminal” and that AI plays a part in allowing laypeople access to tools and software used by financially motivated criminals. Read more.
T-Mobile targeted in Chinese espionage campaign
Telecom giant T-Mobile has confirmed that it, too, was targeted by Chinese threat group Salt Typhoon in their campaign to spy on the communications of “high-value intelligence” individuals. However, whether or not they took any data from the company has not yet been confirmed. T-Mobile joins AT&T, Verizon, and Lumen Technologies as the list of Salt Typhoon’s targets grows. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a spokesperson for the company said to The Wall Street Journal. The scope of the infiltration is expected to grow as the government’s probe into the campaign continues. Read more.
New feature gives Gmail users more privacy and less spam
A report from Android Authority reveals that Google seems to be preparing to launch a new feature within Gmail called Shielded Email that “allows users to create email aliases when signing up for online services and better combat spam.” The feature was reported last week after a teardown of Google’s most recent version of Google Play Services for Android. Android Authority says the feature will let people “create unique, single-use email addresses that forward the messages to the associated primary account, thereby preventing the need to provide the real email address when filling out forms or registering for new services online.” Read more.
North Korean IT workers spreading malware
North Korean IT workers securing employment in Western companies under false pretenses to engage in espionage for Pyongyang is no longer their only directive, according to research from Palo Alto’s Unit 42 team. It was observed that “a North Korean IT worker activity cluster tracked as CL-STA-0237 and likely operating from Laos, was involved in recent phishing attacks using BeaverTail-infected video conference apps.” Once employment is achieved, malicious North Korean workers use their positions to then “spread phishing campaigns and deploy malware across the world.” Unit 42 has shared recommendations companies should take note of to help prevent being infiltrated by IT workers operating for North Korean interests. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
