Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
CISO perspective on why boards don’t fully grasp cyber attack risks
In this Help Net Security interview, David Christensen, CISO of PlanSource, proposes strategies to understand and acknowledge the broader organizational and strategic implications of cybersecurity risk management, strategy, and governance.
How Google Cloud’s AML AI redefines the fight against money laundering
In this Help Net Security interview, Anna Knizhnik, Director, Product Management, Cloud AI, Financial Services, at Google Cloud, explains how Google Cloud’s AML AI outperforms current systems, lowers operational costs, enhances governance, and improves the customer experience by reducing false positives and minimizing compliance verification checks.
Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)
Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation.
Chinese hackers forged authentication tokens to breach government emails
Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday.
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America.
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
Meta’s Threads app used as a lure
It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or Russia).
Flaw in Revolut payment systems exploited to steal $20 million
Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation.
Malware delivery to Microsoft Teams users made easy
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released.
Law firms under cyberattack
In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.
Combatting data governance risks of public generative AI tools
Companies must carefully assess the data security measures implemented by AI tool providers to ensure robust safeguards are in place.
Number of email-based phishing attacks surges 464%
The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence (AI) systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.
Cybersecurity best practices while working in the summer
In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks.
Staying ahead of the “professionals”: The service-oriented ransomware crime industry
Effective malware, ready-made infrastructure, and phishing campaigns can be purchased so the tools, infrastructure and TTPs are no longer a reliable identifier of the active attacker in a security incident.
White House publishes National Cybersecurity Strategy Implementation Plan
The NCSIP, along with the Bipartisan Infrastructure Law, CHIPS and Science Act, Inflation Reduction Act, and other major Administration initiatives, will protect investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base.
Attack Surface Management: Identify and protect the unknown
In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM).
Overcoming user resistance to passwordless authentication
Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge.
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities
FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0).
New disturbing ransomware trend threatens organizations
Ransomware attacks increased by over 37% in 2023 compared to the previous year, with the average enterprise ransom payment exceeding $100,000, with a $5.3 million average demand, according to Zscaler.
20% of malware attacks bypass antivirus protection
Security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren’t concerned at all, according to SpyCloud.
Only 45% of cloud data is currently encrypted
39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales.
Owncast, EaseProbe security vulnerabilities revealed
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go.
New infosec products of the week: July 14, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Fidelis Cybersecurity, Hubble, NETSCOUT, Regula, and WatchGuard.