Canada’s foreign ministry hacked
As of Monday night, Canadian cybersecurity officials were still working to restore internet services of Canada’s foreign ministry, which were affected by a cyber attack which it detected last Wednesday. A statement from the Treasury board indicated that critical services are still functioning. The attack coincided with the Canadian Centre for Cyber Security’s warning to “critical infrastructure operators” to ensure adequate protection against Russia-backed cyber threats. No further details about the genesis of the attack on the ministry have been provided so far.
Hactivists target Belarus rail system to stop Russian military buildup
Hacktivists in Belarus said on Monday that they had infected the network of the Belarus Railway system with ransomware and would only provide the decryption key if Belarus President Alexander Lukashenko stopped aiding Russian troops ahead of a possible invasion of Ukraine. The group posted on Telegram and Twitter that they encrypted the majority of servers, databases and workstations and destroyed backups with the goal of overthrowing Lukashenko’s regime, building a democratic state, and protecting human rights. The attack appears to have affected billing and scheduling systems but the hackers deliberately excluded automation and security systems to avoid emergency situations.
Segway victimized by Magecart attack
According to Malwarebytes, the producer of the infamous personal motorized transporter has been serving up a nasty credit-card harvesting skimmer via its website since January 6. The researchers indicate the skimmer is likely linked to Magecart Group 12 and has exposed victims in the United States (which makes up 55 percent of site visitors), Australia (39 percent), Canada (3 percent), the UK (2 percent) and Germany (1 percent). Threat actors embedded the skimmer inside a favicon.ico file, which is a small icon image that links to other websites. The researchers noted, “The compromise of the Segway store is a reminder that even well-known and trusted brands can be affected by Magecart attacks. While it usually is more difficult for threat actors to breach a large website, the payoff is well worth it.”
Linux system service bug surrenders root on all major distros
Researchers at Qualys, have identified a vulnerability in Polkit’s pkexec, which they believe is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system. pkexec allows an authorized user to execute commands as another user, doubling as an alternative to sudo. The flaw dubbed PwnKit and tagged as CVE-2021-4034 has been traced back to the initial commit of pkexec, meaning it has been present for more than 12 years. A public exploit emerged less than three hours after Qualys published the technical details for PwnKit on Tuesday and administrators are urged to apply patches released by Polkit’s authors on GitLab.
Thanks to our episode sponsor, deepwatch
Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Missing Microsoft Intune certs break email and VPN
Microsoft says Samsung devices enrolled in Microsoft Intune and using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Intune is a cloud-based service designed to help enterprise admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices. After the Android upgrade, those using the AnyConnect VPN app will see prompts that a client certificate could not be found, while Outlook customers have reported issues accessing their email due to their SMIME certificate disappearing. While Microsoft is still working with Samsung to address these issues, users can work around them by clearing their VPN app data cache and by reinstalling Outlook.
Russia crackdown on hacker groups continues
The Russian Federal Security Service (FSB) and law enforcement have arrested Andrey Sergeevich Novak, leader of the Infraud Organization, along with three other members of the hacker group that caused losses of more than $560 million by acquiring and trading stolen payment card data and identities over a period of seven years. In 2018, an international law enforcement operation disrupted the organization with the US Department of Justice (DoJ) indicting 36 suspects, 13 of whom have been arrested in various countries. Novak has been detained for two months, while the investigation clarifies his role in the hacking group while the other three alleged members have been placed under house arrest.
Staff negligence is now a major reason for insider security incidents
According to Proofpoint’s 2022 Cost of Insider Threats Global Report published on Tuesday, insider threats now cost organizations $15.4 million annually, an increase of 34% in comparison to 2020 estimates. The report, which surveyed over 1,000 IT professionals worldwide, indicates that 56% of insider-related incidents were caused by staff or contractor negligence totaling losses of roughly $6.6 million, while 26% of insider incidents were linked to criminal activities and 18% were caused by theft of employee credentials costing $4.1 million and $4.6 million respectively. Also notable, it took organizations an average of 85 days to resolve these incidents, an increase from 77 days in Proofpoint’s previous report. Only 12% of reported incidents were contained within 30 days.
(ZDNet)
(ISC)² aims to launch entry-level cybersecurity certification
(ISC)² has opened registration for an entry-level cybersecurity certification exam pilot program. The exam evaluates candidates across five domains including business continuity (BC), disaster recovery (DR) and incident response, access controls, network security and security operations. The program aims to help close the cybersecurity workforce gap by assuring employers that new entrants to the field have the needed skills and knowledge to contribute to an organization’s cybersecurity team.