US House passes bill to boost chip manufacturing and R&D
The US House of Representatives passed a bill on Friday intended to boost U.S. semiconductor production, in order to spur the economy and to compete with China. The America Competes Act of 2022 provides $52bn in funding “to help semiconductor companies build new factories and to fund research and development.” The legislation, which is still in draft mode also “earmarks $45bn in funding to boost the supply chain and alleviate problems related to chip shortages, which have hit key sectors, such as consumer electronics and automotive.” It must now reconcile with the US Senate’s version of the bill, the US Innovation and Competition Act, which passed in last June.
One in seven ransomware extortion attempts leak key operational tech records
Researchers from Mandiant and Cisco Secure are both reporting a change in the way ransomware is being deployed. At one time is was used as a catch-all used to infect systems and extort blackmail payments from the general public, normally with regard to cryptocurrency. More recently, threat actors are targeting high-value targets for larger payoffs. Some cybersecurity experts call this “big game hunting.” Large enterprise firms, utilities, hospitals, and key supply chain players have become the preferred targets. “The research performed independently by Mandiant and Cisco Secure show how thieves will penetrate networks in order to steal employee credentials, asset tags, third-party vendor agreements and legal documents, project files, product diagrams, process documents, spreadsheets, visualizations, and in one case, the proprietary source code of a satellite vehicle tracker’s GPS platform.’ This technique allows threat actors to “learn about an industrial environment, identify paths of least resistance, and engineer cyber-physical attacks.”
(ZDNet)
New Argo CD bug could let hackers steal secret info from Kubernetes apps
According to The Hacker News, “users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys.” The flaw, which has a CVSS score of 7.7, affects all versions. “Cloud security firm Apiiro has been credited with discovering and reporting the bug on January 30, 2022.” The Hacker News describes Argo CD as being used by organizations such as Alibaba Group, BMW Group, Deloitte, Gojek, IBM, Intuit, LexisNexis, Red Hat, Skyscanner, Swisscom, and Ticketmaster.
BlackCat ransomware linked to BlackMatter, DarkSide gangs
The Black Cat ransomware gang, which also goes by the name ALPHV, “has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation.” BlackCat was launched in November 2021 and uses the Rust programming language. According to BleepingComputer, “the ransomware executable is highly customizable, with different encryption methods and options allowing for attacks on a wide range of corporate environments.
Thanks to our episode sponsor, Datadog
In this Datadog Security Monitoring product brief, you’ll learn how to:
Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/
FBI shares Lockbit ransomware technical details, defense tips
In a new flash alert published this Friday, the FBI has released technical details and indicators of compromise associated with LockBit ransomware attacks. The report also delivered information to help organizations block LockBit’s attempts to breach their networks. LockBit has been active since September 2019 when it launched as a ransomware-as-a-service (RaaS), and the gang is now also trying to remove the intermediaries by recruiting insiders to provide them with access to corporate networks via Virtual Private Network (VPN) and Remote Desktop Protocol (RDP).
FBI’s warning about Iranian firm highlights common cyberattack tactics
In more FBI news, the agency released a warning this week that outlines the TTPs Iran-based Emennet Pasargad. This is purportedly a cybersecurity and intelligence firm servicing Iranian government agencies. The Private Industry Notification lists the most common and recent CVEs that Emennet is known to exploit. They also describe their techniques, such as exploiting open-source tools like web pages running PHP code or pages with externally accessible MySQL databases. The notification also pointed out how Emennet ran an interference campaign during the US 2020 election, obtaining confidential voter information from state election websites, sending intimidating emails to voters, crafting and distributing misinformation videos about voting vulnerabilities, and hacking into media companies’ computer networks.
Elementor WordPress plugin has a gaping security hole
Owners of WordPress sites that use the Elementor website creation toolkit are being warned of a security hole that combines data leakage and remote code execution, if they are incorporating a plugin called Essential Addons for Elementor, a popular tool for adding visual features such as timelines, image galleries, ecommerce forms and price lists. This is due to a file inclusion vulnerability in the product which makes it possible for attackers to trick the plugin into accessing and including a server-side file using a filename supplied in the incoming web request. Users should upgrade to version 5.0.6 or later.
German court rules websites embedding Google fonts violates GDPR
A court in Munich has “ordered a website operator to pay €100 in damages for transferring a user’s personal data, their IP address, to Google via the search giant’s Fonts library without the individual’s consent.” This was seen as a contravention of the user’s privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the “persons behind the IP address.” GDPR considers IP addresses, advertising IDs, and cookies to be personal identifiable information (PII), making it mandatory for businesses to seek users’ explicit permission before processing such information.