The CyberWire Daily Briefing.
"Suspected North Korean hackers develop new macOS malware."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 13 November 2024, 0349 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/214
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 11.12.24
Summary
At a glance.
- Suspected North Korean hackers develop new macOS malware.
- Amazon confirms third-party breach affecting employee contact info.
- Alleged Hot Topic breach affects nearly 57 million accounts.
- Suspected North Korean hackers develop new macOS malware.
- Amazon confirms third-party breach affecting employee contact info.
- Alleged Hot Topic breach affects nearly 57 million accounts.
Suspected North Korean hackers develop new macOS malware.
Researchers at Jamf warn that suspected North Korean threat actors are using new strains of malware to target macOS devices. One of the strains was made with Flutter, a software development kit from Google designed for creating cross-platform applications. The malware was embedded in an open-source Minesweeper game built with Flutter. Jamf notes, "Applications built using Flutter lead to a uniquely designed app layout that provides a large amount of obscurity to the code. This is due to the fact that code written into the main app logic using the Dart programming language is contained within a dylib that is later loaded by the Flutter engine."
The researchers believe the malware is still in its testing phase.
Are You Confident in the Security of Your Remote and Hybrid Employees?A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.
Researchers at Jamf warn that suspected North Korean threat actors are using new strains of malware to target macOS devices. One of the strains was made with Flutter, a software development kit from Google designed for creating cross-platform applications. The malware was embedded in an open-source Minesweeper game built with Flutter. Jamf notes, "Applications built using Flutter lead to a uniquely designed app layout that provides a large amount of obscurity to the code. This is due to the fact that code written into the main app logic using the Dart programming language is contained within a dylib that is later loaded by the Flutter engine."
The researchers believe the malware is still in its testing phase.
A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.
Amazon confirms third-party breach affecting employee contact info.
Amazon has confirmed that employee contact information was stolen last year during a breach involving the MOVEit file transfer system, the Register reports. The breach occurred at one of Amazon's vendors. An Amazon spokesperson stated, "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations."
Fortify Your Cybersecurity Against Modern-Day Outlaws with CiscoIn our free eBook, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats, we delve into the attacker’s playbook and arm you with the knowledge and tools to bolster your secure access. Learn how to build powerful, secure identity access that protects your business, your data, and your workers—no matter where they are. Download the eBook now and take the first step in modernizing and galvanizing your secure access against identity-based threats.
Amazon has confirmed that employee contact information was stolen last year during a breach involving the MOVEit file transfer system, the Register reports. The breach occurred at one of Amazon's vendors. An Amazon spokesperson stated, "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations."
In our free eBook, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats, we delve into the attacker’s playbook and arm you with the knowledge and tools to bolster your secure access. Learn how to build powerful, secure identity access that protects your business, your data, and your workers—no matter where they are. Download the eBook now and take the first step in modernizing and galvanizing your secure access against identity-based threats.
Alleged Hot Topic breach affects nearly 57 million accounts.
Have I Been Pwned (HIBP) warns that merch and clothing chain Hot Topic sustained a breach in October affecting nearly 57 million customer accounts, exposing email and physical addresses, dates of birth, partial credit card data, phone numbers, and purchases. The breach also affected Hot Topic's BoxLunch and Torrid customers.
HudsonRock published a report on the alleged breach last month, noting that a threat actor was demanding a $100,000 ransom to keep the data private. BleepingComputer says Hot Topic hasn't commented on the reported breach.
Have I Been Pwned (HIBP) warns that merch and clothing chain Hot Topic sustained a breach in October affecting nearly 57 million customer accounts, exposing email and physical addresses, dates of birth, partial credit card data, phone numbers, and purchases. The breach also affected Hot Topic's BoxLunch and Torrid customers.
HudsonRock published a report on the alleged breach last month, noting that a threat actor was demanding a $100,000 ransom to keep the data private. BleepingComputer says Hot Topic hasn't commented on the reported breach.
Notes.
Today's issue includes events affecting the Democratic People's Republic of Korea, Russia, and the United States.
Sponsored EventsNew webinar: Next-generation firewalls (Virtual, on-demand, Nov 1 - 30, 2024) Watch this webinar to learn how you can increase protection of your enterprise cloud environment using a next-generation firewall (NGFW). Firewalls have been around awhile, but an NGFW raises the concept to a higher level. Hear what features and capabilities make an NGFW “next generation.” See how AWS Marketplace sellers can help implement an NGFW—or optimize your existing one—to protect your organization against modern cyberthreats and increase your security posture. Watch now.Upcoming Cybersecurity Summits (Multiple Locations, Nov 15 - Dec 17, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 11/15 in NY, 11/21 in Los Angeles, 12/6 in Scottsdale and 12/12 in Jacksonville! Learn about the latest threats and solutions from The IRS, IBM, Horizon3.ai & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)Visit Cloudflare at AWS re:Invent (The Venetian Hotel, Las Vegas, NV, Dec 2 - 5, 2024) See how Cloudflare’s connectivity cloud helps organizations connect, protect, and build applications. Experts will be on-site offering demos of rapid full-stack & AI deployments and excited to discuss how to modernize your applications and enhance your organization’s digital infrastructure.Selected Reading
Today's issue includes events affecting the Democratic People's Republic of Korea, Russia, and the United States.
Attacks, Threats, and Vulnerabilities
New Black Duck Research Finds High-Risk Sectors Riddled with Critical Vulnerabilities (PR Newswire) /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck") today announced the publication of the "2024 Software Vulnerability Snapshot" report highlighting...
New Black Duck Research Finds High-Risk Sectors Riddled with Critical Vulnerabilities (PR Newswire) /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck") today announced the publication of the "2024 Software Vulnerability Snapshot" report highlighting...
Trends
New SailPoint Research Reveals Universal Challenges in Securing Machine Identities; Highlights Need for Comprehensive Identity Security (BusinessWire) Despite 60% of surveyed organizations agreeing machine identities pose a greater security risk than human identities, security measures continue to lag behind
New SailPoint Research Reveals Universal Challenges in Securing Machine Identities; Highlights Need for Comprehensive Identity Security (BusinessWire) Despite 60% of surveyed organizations agreeing machine identities pose a greater security risk than human identities, security measures continue to lag behind
Marketplace
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value (Trustwave) Trustwave and Cybereason announce a merger agreement offering a comprehensive and expanded suite of cybersecurity solutions.
Worklyn Partners Acquires New Hampshire-Based IT Management Solutions (EINPresswire) Acquisition of Boutique Managed IT Services Provider Furthers Worklyn’s New England Presence and Adds New Cutting-Edge Capabilities
Snyk Acquires Developer-First DAST Provider Probely | Snyk (Snyk) Company Now Covers API Security Testing Crucial for Modern AI Development
PointFive Secures $20M in Series A Funding to Accelerate Cloud Cost Optimization With Multi-Cloud Support (Newswire) The round, led by Salesforce Ventures, brings the company's total funding to $36M amidst rapid U.S. expansion
Trustle Appoints Gant Redmon (Trustle) Trustle, provider of innovative cloud access management solutions, announced the appointment of Gant Redmon as Chief Executive Officer to Drive Next Level of Growth.
Menlo Security Appoints Cybersecurity Veteran Bill Robbins as President (Menlo Security) Seasoned leader with a history of scaling global operations and delivering exceptional results joins the leader of Secure Enterprise Browsers.
Pathlock Appoints Haviv Rosh as Chief Technology Officer to Drive Innovation in Identity Governance (PR Newswire) /PRNewswire/ -- Pathlock, the leader in identity and application access governance, today announced the appointment of Haviv Rosh as Chief Technology Officer...
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value (Trustwave) Trustwave and Cybereason announce a merger agreement offering a comprehensive and expanded suite of cybersecurity solutions.
Worklyn Partners Acquires New Hampshire-Based IT Management Solutions (EINPresswire) Acquisition of Boutique Managed IT Services Provider Furthers Worklyn’s New England Presence and Adds New Cutting-Edge Capabilities
Snyk Acquires Developer-First DAST Provider Probely | Snyk (Snyk) Company Now Covers API Security Testing Crucial for Modern AI Development
PointFive Secures $20M in Series A Funding to Accelerate Cloud Cost Optimization With Multi-Cloud Support (Newswire) The round, led by Salesforce Ventures, brings the company's total funding to $36M amidst rapid U.S. expansion
Trustle Appoints Gant Redmon (Trustle) Trustle, provider of innovative cloud access management solutions, announced the appointment of Gant Redmon as Chief Executive Officer to Drive Next Level of Growth.
Menlo Security Appoints Cybersecurity Veteran Bill Robbins as President (Menlo Security) Seasoned leader with a history of scaling global operations and delivering exceptional results joins the leader of Secure Enterprise Browsers.
Pathlock Appoints Haviv Rosh as Chief Technology Officer to Drive Innovation in Identity Governance (PR Newswire) /PRNewswire/ -- Pathlock, the leader in identity and application access governance, today announced the appointment of Haviv Rosh as Chief Technology Officer...
Products, Services, and Solutions
Druva empowers businesses to secure data throughout Microsoft environments (Help Net Security) The Druva Data Security Cloud secures and protects data anywhere it lives on the entire spectrum of Microsoft environments.
Tigera Enhances Calico with Major Network and Runtime Security Updates (PR Newswire) /PRNewswire/ -- Tigera, the creator of Project Calico, the most adopted technology for container networking and security, today announced several new features...
C1 Helps Educational Institutions Make the Grade with Security, Network, and Communications Upgrades (C1 MediaRoom) 65% of Educational institutions are aggressively implementing generative-AI based capabilities across their schools and communities BLOOMINGTON, Minn., Nov. 12, 2024 /PRNewswire/ -- C1, the global...
New SolarWinds Report: Automation, Self-Service, and SLAs Are Keys to ITSM Efficiency (BusinessWire) Findings from the SolarWinds 2024 State of ITSM Report showcase several more effective methods for up-leveling ITSM
BlackFog Unveils AI Based Anti Data Exfiltration (ADX) Platform for Ransomware and Data Loss Prevention (BusinessWire) BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today announced the launch of its next generation enterprise platform to deliver even more powerful ransomware and insider threat prevention.
KPMG in India Announces Alliance with SecurityBridge GmbH to Strengthen SAP Security SecurityBridge (SecurityBridge) KPMG in India, one of India’s leading professional services firms today announced, a strategic alliance with SecurityBridge
wolfSSL Inc. announces Rock-solid curl: long term supported curl releases (wolfSSL) Rock-Solid curl: long term supported curl releases EDMONDS, Wash., Nov. 11, 2024 /PRNewswire-PRWeb/ -- wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, announces Rock Solid curl long term supported curl releases. Each release branch w
Corelight Simplifies Alert Triage with AI-Led Workflows to Help SOC Analysts Understand Threat Context in Seconds (PR Newswire) /PRNewswire/ -- Corelight, the fastest growing provider of network detection and response (NDR) solutions, today unveiled Guided Triage - a new set of...
At-Bay Releases Annual Ranking of Email Security Solutions: Google Workspace and Mimecast Top Categories (BusinessWire) New InsurSec report ranks the top Email Services and Email Security Solutions from best to worst; Finds email incidents grew by nearly 25% in 2023
Druva empowers businesses to secure data throughout Microsoft environments (Help Net Security) The Druva Data Security Cloud secures and protects data anywhere it lives on the entire spectrum of Microsoft environments.
Tigera Enhances Calico with Major Network and Runtime Security Updates (PR Newswire) /PRNewswire/ -- Tigera, the creator of Project Calico, the most adopted technology for container networking and security, today announced several new features...
C1 Helps Educational Institutions Make the Grade with Security, Network, and Communications Upgrades (C1 MediaRoom) 65% of Educational institutions are aggressively implementing generative-AI based capabilities across their schools and communities BLOOMINGTON, Minn., Nov. 12, 2024 /PRNewswire/ -- C1, the global...
New SolarWinds Report: Automation, Self-Service, and SLAs Are Keys to ITSM Efficiency (BusinessWire) Findings from the SolarWinds 2024 State of ITSM Report showcase several more effective methods for up-leveling ITSM
BlackFog Unveils AI Based Anti Data Exfiltration (ADX) Platform for Ransomware and Data Loss Prevention (BusinessWire) BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today announced the launch of its next generation enterprise platform to deliver even more powerful ransomware and insider threat prevention.
KPMG in India Announces Alliance with SecurityBridge GmbH to Strengthen SAP Security SecurityBridge (SecurityBridge) KPMG in India, one of India’s leading professional services firms today announced, a strategic alliance with SecurityBridge
wolfSSL Inc. announces Rock-solid curl: long term supported curl releases (wolfSSL) Rock-Solid curl: long term supported curl releases EDMONDS, Wash., Nov. 11, 2024 /PRNewswire-PRWeb/ -- wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, announces Rock Solid curl long term supported curl releases. Each release branch w
Corelight Simplifies Alert Triage with AI-Led Workflows to Help SOC Analysts Understand Threat Context in Seconds (PR Newswire) /PRNewswire/ -- Corelight, the fastest growing provider of network detection and response (NDR) solutions, today unveiled Guided Triage - a new set of...
At-Bay Releases Annual Ranking of Email Security Solutions: Google Workspace and Mimecast Top Categories (BusinessWire) New InsurSec report ranks the top Email Services and Email Security Solutions from best to worst; Finds email incidents grew by nearly 25% in 2023
Legislation, Policy, and Regulation
White House Slams Russia Over Ransomware's Healthcare Hits (BankInfoSecurity) With ransomware attacks on the rise and healthcare getting pummeled more than ever, a coalition of UN members urged countries to focus on collective critical
Industry EventsFor a complete running list of events, please visit the Event Tracker.
White House Slams Russia Over Ransomware's Healthcare Hits (BankInfoSecurity) With ransomware attacks on the rise and healthcare getting pummeled more than ever, a coalition of UN members urged countries to focus on collective critical
For a complete running list of events, please visit the Event Tracker.
Events
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
The Cyber Guild Virtual Employer Roundtable (Virtual, Nov 12, 2024) The Cyber Guild Employer Roundtable is an innovative sequence of virtual events for business, technical and people leaders across all sectors and industries building a sustainable cyber ecosystem, and who are invested in driving inclusive workforce practices. A peer discussion on how an intentional approach to deploying innovative tools ensures the desired outcome of increased innovation, inclusion and alignment with NIST AI standards.
Beyond Earth Symposium (Washington, DC, USA, Nov 12 - 13, 2024) The acceleration of space innovations that will enable space migration is outpacing public policy and international law regimes. Beyond Earth Institute’s mission is to create a policy and legal framework to support the robust development of an in-space economy and the expansion of human civilization beyond Earth. At the Beyond Earth Symposium 2024, we will wrestle with the critical current issues of the day and delve into the bleeding edge issues that must be moved to the center of international debate. What we do in a post-ISS era is an urgent, immediate concern. Policies that can foster the creation of a lunar-based economy are equally important. Let’s be bold together! Join stakeholders from across the industry, government, and international sector for this third annual Beyond Earth Symposium. Momentum is building to transform policy and legal landscape to enable a space migration future. Dare to be part of this work.
SecureWorld Midwest Virtual Conference (Virtual, Nov 13, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
CYBERSAT24 (Reston, Virginia, USA, Nov 18 - 20, 2024) CyberSat Summit has been at the forefront of the satellite industry’s burgeoning cybersecurity landscape since the event’s launch in 2017. Initially run as a single annual event, it morphed into two separate events in recent years – CyberLEO and CyberSatGov. This was done in response to changing market conditions, most notably the huge growth of LEO satellites and the corresponding rise of commercial interest in space. While CyberSatGov and CyberLEO were successful independently, the continued demand for LEO architectures and the ever-increasing collaboration between government and industry meant that these conversations needed to happen under one roof. As a result, 2024 will feature a single CyberSat event in November, where for the first time in its 7-year history, we will nearly double the event’s content offerings to include two concurrent tracks – one track titled “Space Infrastructure” and the second track titled “Space Data & Technology.” The “Space Infrastructure” track will continue CyberSat’s legacy focus on the overall satellite cybersecurity ecosystem and the protection of tangible assets like ground systems and satellite components, while the new “Space Data & Technology” track will focus on emerging technologies and the protection of space’s intangible assets like data. Keynotes, and a handful of general sessions, will contain talks that apply to all attendees.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
The Cyber Guild Virtual Employer Roundtable (Virtual, Nov 12, 2024) The Cyber Guild Employer Roundtable is an innovative sequence of virtual events for business, technical and people leaders across all sectors and industries building a sustainable cyber ecosystem, and who are invested in driving inclusive workforce practices. A peer discussion on how an intentional approach to deploying innovative tools ensures the desired outcome of increased innovation, inclusion and alignment with NIST AI standards.
Beyond Earth Symposium (Washington, DC, USA, Nov 12 - 13, 2024) The acceleration of space innovations that will enable space migration is outpacing public policy and international law regimes. Beyond Earth Institute’s mission is to create a policy and legal framework to support the robust development of an in-space economy and the expansion of human civilization beyond Earth. At the Beyond Earth Symposium 2024, we will wrestle with the critical current issues of the day and delve into the bleeding edge issues that must be moved to the center of international debate. What we do in a post-ISS era is an urgent, immediate concern. Policies that can foster the creation of a lunar-based economy are equally important. Let’s be bold together! Join stakeholders from across the industry, government, and international sector for this third annual Beyond Earth Symposium. Momentum is building to transform policy and legal landscape to enable a space migration future. Dare to be part of this work.
SecureWorld Midwest Virtual Conference (Virtual, Nov 13, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
CYBERSAT24 (Reston, Virginia, USA, Nov 18 - 20, 2024) CyberSat Summit has been at the forefront of the satellite industry’s burgeoning cybersecurity landscape since the event’s launch in 2017. Initially run as a single annual event, it morphed into two separate events in recent years – CyberLEO and CyberSatGov. This was done in response to changing market conditions, most notably the huge growth of LEO satellites and the corresponding rise of commercial interest in space. While CyberSatGov and CyberLEO were successful independently, the continued demand for LEO architectures and the ever-increasing collaboration between government and industry meant that these conversations needed to happen under one roof. As a result, 2024 will feature a single CyberSat event in November, where for the first time in its 7-year history, we will nearly double the event’s content offerings to include two concurrent tracks – one track titled “Space Infrastructure” and the second track titled “Space Data & Technology.” The “Space Infrastructure” track will continue CyberSat’s legacy focus on the overall satellite cybersecurity ecosystem and the protection of tangible assets like ground systems and satellite components, while the new “Space Data & Technology” track will focus on emerging technologies and the protection of space’s intangible assets like data. Keynotes, and a handful of general sessions, will contain talks that apply to all attendees.
Comments
Post a Comment
Please leave a comment about our recent post.