Welcome to the Cyber Watch series for today, November 3, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. You can read the full story by clicking on each headline. We encourage you to review these stories and take steps to protect your organization.
According to a recent Security Magazine report, the National Security Agency (NSA) has united with various U.S. agencies in a concerted effort to address the growing menace of phishing attacks. This collaboration has yielded a cybersecurity information sheet (CSI) titled “Phishing Guidance: Stopping the Attack Cycle at Phase One,” which is designed to equip IT departments with strategies to thwart phishing threats more effectively.
The CSI underlines that phishing attacks have evolved beyond traditional email-based attempts and now encompass a wide range of communication platforms such as SMS, Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger. Cybercriminals leverage these platforms to trick users into divulging sensitive login credentials or interacting with malicious links and attachments that can introduce malware into systems. See: CSI Phishing Guidance
IoTTechNews reports that GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been chosen as the foundation for a European Standard (EN). This milestone development aims to enhance the security of IoT devices. It simplifies regulatory challenges and creates a unified framework for understanding, deploying, and explaining security measures.
As the IoT ecosystem faces an array of complex national and regional regulations, SESIP offers a standardized approach tailored to IoT’s unique security needs. The World Economic Forum’s report highlighting a 358% increase in cybersecurity threats underscores the urgency of standardization in IoT security. SESIP’s adoption extends globally, fostering innovation and efficiency by supporting certificate composition and reuse.
The Forum of Incident Response and Security Teams (FIRST) has officially introduced CVSS 4.0, marking an essential update to the Common Vulnerability Scoring System (CVSS) since its inception in 2005. CVSS serves as the primary standard for assessing the technical severity of vulnerabilities, enabling security teams to prioritize their vulnerability management processes and bolster defenses against cyber threats.
CVSS 4.0 enhances the system’s granularity, particularly focusing on base metrics, and is tailored to accommodate operational technology (OT), industrial control systems (ICS), and the Internet of Things (IoT). This adaptation recognizes the evolving threat landscape that these sectors face, given the increasing number of attacks.
According to an SC Magazine report, one significant change in CVSS 4.0 is the revised nomenclature, which emphasizes scores like Base, Base + Threat, and Base + Environmental. The Base Metric Group sees key alterations, with refinements in the User Interaction metric and the removal of the Scope metric. Threat Metrics, formerly Temporal Metrics, underscore the emphasis on real-time vulnerabilities and threat intelligence. See: FIRST Press Release
A recent Infosecurity Magazine report reveals that the US Department of Commerce has introduced the US Artificial Intelligence Safety Institute (USAISI) to lead AI safety and trust efforts. USAISI, situated within the National Institute of Innovation and Technology, aims to establish safety standards for AI models, content authentication, and testing environments.
The institute will collaborate with partners in academia, industry, government, and civil society and work with international counterparts like the UK’s AI Safety Institute. This initiative follows President Biden’s Executive Order on Safe, Secure AI, reinforcing the need for rigorous safety measures in AI development and deployment to ensure trust and safety.
A recent Cyber Wire report exposes the North Korean Lazarus Group’s attempt to infiltrate blockchain engineers through a new macOS malware called “KANDYKORN.” Delivered via a concealed Python application disguised as an arbitrage bot, the attackers have adopted a novel technique, execution flow hijacking. This attack targets the widely used Discord application, making it an attractive entry point for takeover.
The campaign, which began in April 2023, showcases the Lazarus Group’s evolving capabilities in cryptocurrency-related attacks and their willingness to employ advanced tactics. They engage victims through chat technologies, building trust before coercing them into running malicious software.
In a colossal breach, the personal data of 815 million Indian citizens, including Aadhaar and passport details, names, phone numbers, and addresses, has surfaced on the dark web. This alarming breach raises concerns over data privacy and security. The breach became known when a hacker, going by ‘pwn0001,’ advertised the data on Breach Forums on October 9.
According to a recent Cybersecurity News report, the HUNTER team conducted an investigation and found the hacker willing to sell the complete dataset, offering sensitive details for up to $80,000. The dataset contains a vast array of information, including names, fathers’ names, phone numbers, passport numbers, ages, genders, addresses, districts, pin codes, and states.
The Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds, a major information technology firm, accusing the company of fraud and inadequate internal controls preceding the 2019 cyber-espionage attack attributed to a Russian-backed hacking group, as revealed by a recent CNBC report. In the suit, SolarWinds’ Chief Information Security Officer, Tim Brown, is also named, and the SEC alleges that the company misrepresented its cybersecurity practices while downplaying known vulnerabilities in its systems. The legal action has resulted in a 1.5% drop in SolarWinds’ shares.
According to the SEC, SolarWinds had made generic cybersecurity risk disclosures in its prospectus and continued filings, despite its knowledge of inadequate cybersecurity practices. The complaint highlights an internal presentation by Brown, which took place around the time of SolarWinds’ initial public offering, as evidence of the company’s awareness of its cybersecurity weaknesses.
In a recent concerning development, Summit Health, an extensive healthcare network spanning the northeastern United States and Central Oregon, has fallen victim to a ransomware attack executed by the notorious LockBit gang. Cyber News reports that this breach potentially exposes the sensitive medical and personal data of thousands of patients, as well as the personal information of approximately 13,000 employees.
The incident serves as a stark reminder of the mounting cybersecurity threats faced by the healthcare sector, highlighting the urgency of enhancing security measures to protect critical patient data and ensure uninterrupted healthcare services.
Boeing, one of the world’s leading aerospace companies, has acknowledged falling victim to a cyberattack, following claims by the LockBit ransomware group of successfully infiltrating the corporation’s systems and exfiltrating a substantial volume of sensitive data. This alarming breach underlines the increasing cyber threats faced by even the most advanced industries.
According to a recent Security Week report, Boeing has launched an investigation to assess the scope and impact of the breach, which has since seen the cybercriminal group initiating negotiations with the company. LockBit further disclosed that its affiliates exploited a zero-day vulnerability to gain unauthorized access to Boeing’s systems, emphasizing the evolving sophistication of cyber threats.
A recent investigation by ThreatLabz revealed 117 unique vulnerabilities within Microsoft 365 applications that resulted from the introduction of SketchUp (SKP) file format support. According to a recent ZScaler report, Microsoft has assigned CVEs to track these vulnerabilities and took prompt action, including issuing patches and temporarily disabling SketchUp support in Microsoft 365 to ensure user security.
This incident highlights the potential security challenges associated with third-party file format integration and underscores the importance of continuous vigilance in the realm of cybersecurity.
That’s all for today. Stay tuned for our next episode. See you next week!