SBA launches cybersecurity program
The US Small Business Administration launched the Cybersecurity for Small Business Pilot program, offering $3 million in grants to help smaller organizations improve their security posture. These funds can be used by smaller firms across industries for security training, counseling, and remediation services. This pilot will only accept applications from January 26 through March 3rd. The hope is that this will help smaller firms shore up cybersecurity infrastructure before getting hit with an attack, which could pose more of an existential risk given their smaller size.
Ransomware gangs step up insider recruitment
According to a Hitachi ID survey of 100 large IT firms, 65% of firms report that they or their employees were approached by ransomware organizations in the past year to establish an initial access to an organization’s network. This is up from 48% last year. Of these approaches, 27% were over phone, although the vast majority used email or social media to contact insiders. 57% of the offers involved either cash or bitcoin transfers below $500,000 USD. Interestingly, getting the help of an insider seemed tangential to the ransomware gang’s plans, with targeted organizations attacked 50% of the time anyway. The survey found only 8% of IT executives were more worried about internal threats than external.
American Olympians warned to take cybersecurity precautions
The Wall Street Journal’s sources say the United States Olympic and Paralympic Committee notified athletes last month that “every device, communication, transaction and online activity may be monitored. Your device(s) may also be compromised with malicious software, which could negatively impact future use.” This also included a recommendation to leave personal devices at home and use one-off burner phones. This comes after researchers at the University Toronto discover the official app for the Olympics was rife with security and privacy issues. The Chinese government is allowing athletes to access sites normally blocked during the Games, including Facebook and YouTube.
(WSJ)
Australian PM loses access to WeChat account
The office of Australian Prime Minister Scott Morrison reported it lost access to its WeChat account in July. The account retained the PM’s 76,000 followers. It changed its name to “Australia China New Life” in January, and notified followers it would promote Chinese life in Australia. So was this a social engineering attack that obtained access to a prominent channel used by a head of government to disseminate misinformation? It doesn’t look that way. The Chinese firm Fuzhou 985 Technology acquired the WeChat account, and according to an employee, the company bought the account because it had a large fanbase, but was unaware it was connected to Morrison. The account was obtained by Morrisson’s office through an agent and registered with an individual in mainland China, who apparently sold it to the Chinese firm.
(Reuters)
Thanks to our episode sponsor, deepwatch
Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Tor appeals block in Russia
The Tor Project and the Russian digital rights organization RosKomSvoboda filed an appeal to a decision by the Saratov District Court to block the torproject.org website in Russia. The site was blocked in December 2021, as well as public proxy servers and some bridges. Tor argues the decision was not based on any particular content, saying the ban “violates the constitutional right to freely provide, receive and disseminate information and protect privacy.” Russian users account for the second-largest Tor user base with over 300,000 daily users.
(ZDNet)
CWP bug opens the door to root execution on Linux
Security Researchers at Octagon Networks discovered two flaws in the popular Linux control panel CWP, previously known as CentOS Web Panel, that could be chained to gain remote code execution as root on a server. CWP is supported on CentOS, Rocky Linux, Alma Linux, and Oracle Linux. A file inclusion vulnerability could let an attacker register for an API key and write a new key using a file write flaw. The researchers say they will release a proof-of-concept code once enough systems are upgraded to a patched CWP version. Bleeping Computer found 80,000 internet-exposed CWP servers online.
German publishers push back on Google’s cookie sunsetting
The Financial Times reports that a group of hundreds of German publishers, advertisers and trade groups filed a complaint with EU competition chief Margrethe Vestager, arguing that Google’s plans to sunset support for third-party cookies in Chrome, part of its overall Privacy Sandbox initiative, breaches EU competition laws. The publishers argue that Google’s proposed cookie replacement is insufficient, as they must be allowed to ask for user consent to process ad targeting data “without Google capturing this decision,” arguing Google’s system would be “interfering” in a relationship with users. Google also currently faces two antitrust investigations in Germany, with one involving its News Showcase product, so its relationship with German publishers was already on rocky ground.
Microsoft restricts all Excel macros by default
Ahh macros, literal application shortcuts that provide an example of the convenience-security spectrum. Given their ability to execute malicious code, Microsoft has been gradually restricting their use. In 2016 macros were turned off by default in Office 2016. Then last July, administrators had the option to restrict the use of Excel 4.0 (XLM) macros. Now the latest build of Excel restricts all Excel 4.0 macros by default. Admins can still allow these to be used, but they must be enabled in the Excel Trust Center as a Group Policy setting.