"Microsoft disrupts spearphishing infrastructue belonging to Russia's FSB."
Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents. Accessed on 06 October 2024, 0011 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 10.04.24
Summary
At a glance.
- Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.
- Critical Ivanti flaw is being actively exploited.
- The Netherlands blames state-sponsored actor for police network breach.
- Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.
- Critical Ivanti flaw is being actively exploited.
- The Netherlands blames state-sponsored actor for police network breach.
Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.
Microsoft, working with the US Justice Department, has seized more than one hundred domains used by the Russian threat actor Star Blizzard to launch spearphishing attacks against US government employees and nonprofit organizations, the Record reports. The Five Eyes intelligence agencies have attributed Star Blizzard to Russia's Federal Security Service (FSB).
Steven Masada, Assistant General Counsel for Microsoft's Digital Crimes Unit, stated, "While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern. It will also enable us to quickly disrupt any new infrastructure we identify through an existing court proceeding."
Microsoft added, "Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive – by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities."
Now available: The SpyCloud 2024 Malware and Ransomware Defense ReportSpyCloud’s annual Malware & Ransomware Defense Report is packed with valuable insights from over 500+ security leaders and practitioners from across the US and UK. The findings include details about how infostealer malware is fueling ransomware, the most common entry points used by cybercriminals in ransomware attacks, industry-specific risks, and actionable takeaways on how to protect your organization from the criminal underground. Read the report now.
Microsoft, working with the US Justice Department, has seized more than one hundred domains used by the Russian threat actor Star Blizzard to launch spearphishing attacks against US government employees and nonprofit organizations, the Record reports. The Five Eyes intelligence agencies have attributed Star Blizzard to Russia's Federal Security Service (FSB).
Steven Masada, Assistant General Counsel for Microsoft's Digital Crimes Unit, stated, "While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern. It will also enable us to quickly disrupt any new infrastructure we identify through an existing court proceeding."
Microsoft added, "Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive – by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities."
SpyCloud’s annual Malware & Ransomware Defense Report is packed with valuable insights from over 500+ security leaders and practitioners from across the US and UK. The findings include details about how infostealer malware is fueling ransomware, the most common entry points used by cybercriminals in ransomware attacks, industry-specific risks, and actionable takeaways on how to protect your organization from the criminal underground. Read the report now.
Critical Ivanti flaw is being actively exploited.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a critical SQL injection vulnerability affecting Ivanti Endpoint Manager (EPM) is being actively exploited in the wild, SecurityWeek reports. The flaw, tracked as CVE-2024-29824, was patched in May, and "allows an unauthenticated attacker within the same network to execute arbitrary code."
Ivanti stated in an updated advisory, "Ivanti has confirmed exploitation of CVE-2024-29824 in the wild. At the time of this update, we are aware of a limited number of customers who have been exploited."
Are You Confident in the Security of Your Remote and Hybrid Employees?A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a critical SQL injection vulnerability affecting Ivanti Endpoint Manager (EPM) is being actively exploited in the wild, SecurityWeek reports. The flaw, tracked as CVE-2024-29824, was patched in May, and "allows an unauthenticated attacker within the same network to execute arbitrary code."
Ivanti stated in an updated advisory, "Ivanti has confirmed exploitation of CVE-2024-29824 in the wild. At the time of this update, we are aware of a limited number of customers who have been exploited."
A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.
The Netherlands blames state-sponsored actor for police network breach.
Dutch intelligence agencies “consider it highly likely that a state actor is responsible" for an cyberattack that breached a national police network and exposed personal information belonging to all Dutch police officers, BleepingComputer reports. The Netherlands Politie stated, "The police were informed by intelligence services that it is very likely a 'state actor'—in other words, another country or perpetrators acting on behalf of another country. Based on the intelligence services' information, the police immediately implemented strong security measures to counter this attack. To prevent making the perpetrators more aware and to not jeopardize further investigation, no more information can be shared at this time."
The agencies haven't shared which nation-state they believe is behind the attack.
[On Demand Podcast] Cloud Security in the Age of Generative AIListen to the recent discussion between N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni on how generative AI (GenAI) and Large Language Models (LLMs) are changing the cloud security landscape. We explored how to secure your AI deployments to safeguard sensitive information and went into the state-of-the-art for employing AI to boost the effectiveness of your cloud security teams in the face of evolving threats. Watch or listen to the discussion now.
Dutch intelligence agencies “consider it highly likely that a state actor is responsible" for an cyberattack that breached a national police network and exposed personal information belonging to all Dutch police officers, BleepingComputer reports. The Netherlands Politie stated, "The police were informed by intelligence services that it is very likely a 'state actor'—in other words, another country or perpetrators acting on behalf of another country. Based on the intelligence services' information, the police immediately implemented strong security measures to counter this attack. To prevent making the perpetrators more aware and to not jeopardize further investigation, no more information can be shared at this time."
The agencies haven't shared which nation-state they believe is behind the attack.
Listen to the recent discussion between N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni on how generative AI (GenAI) and Large Language Models (LLMs) are changing the cloud security landscape. We explored how to secure your AI deployments to safeguard sensitive information and went into the state-of-the-art for employing AI to boost the effectiveness of your cloud security teams in the face of evolving threats. Watch or listen to the discussion now.
Notes.
Today's issue includes events affecting the Netherlands, Russia, and the United States.
Sponsored EventsISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting the Netherlands, Russia, and the United States.
Attacks, Threats, and Vulnerabilities
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices.
Recently patched CUPS flaw can be used to amplify DDoS attacks (BleepingComputer) A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor.
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (BleepingComputer) Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks.
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices.
Recently patched CUPS flaw can be used to amplify DDoS attacks (BleepingComputer) A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor.
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (BleepingComputer) Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks.
Legislation, Policy, and Regulation
Neural data privacy an emerging issue as California signs protections into law (The Record) Neurobiologist Rafael Yuste had what he calls his “Oppenheimer moment” a decade ago after he learned that he could take over the minds of mice by turning on certain neurons in their brains with a laser.
Neural data privacy an emerging issue as California signs protections into law (The Record) Neurobiologist Rafael Yuste had what he calls his “Oppenheimer moment” a decade ago after he learned that he could take over the minds of mice by turning on certain neurons in their brains with a laser.
Litigation, Investigation, and Law Enforcement
Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) The judge called Tina Peters “a charlatan” after she gave a rambling defense of her actions.
Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (BleepingComputer) Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) The judge called Tina Peters “a charlatan” after she gave a rambling defense of her actions.
Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (BleepingComputer) Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones.
For a complete running list of events, please visit the Event Tracker.
Events
SecureWorld Denver (Denver, Colorado, USA, Oct 10, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
ISC2 Security Congress 2024 (Las Vegas and Virtual, Nevada, USA, Oct 14 - 16, 2024) Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape.
SecureWorld New York City (New York, New York, USA, Oct 15, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SINETNew York 2024 (New York, New York, USA, Oct 16, 2024) SINET events provide exclusive opportunities to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. SINET invites you to become an event sponsor and receive the unique advantage of showcasing your company’s offering directly to high level decision makers and influencers from the security profession.
SecureWorld Government & Education Virtual Conference (Virtual, Oct 16, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SecureWorld Denver (Denver, Colorado, USA, Oct 10, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
ISC2 Security Congress 2024 (Las Vegas and Virtual, Nevada, USA, Oct 14 - 16, 2024) Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape.
SecureWorld New York City (New York, New York, USA, Oct 15, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SINETNew York 2024 (New York, New York, USA, Oct 16, 2024) SINET events provide exclusive opportunities to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. SINET invites you to become an event sponsor and receive the unique advantage of showcasing your company’s offering directly to high level decision makers and influencers from the security profession.
SecureWorld Government & Education Virtual Conference (Virtual, Oct 16, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
Comments
Post a Comment
Please leave a comment about our recent post.