LinkedIn is now the most popular phish bait
Researchers at Check Point indicate that LinkedIn has become the most popular brand used in phishing attacks, accounting for more than 52% of all such incidents globally. This represents a dramatic uptick from the last quarter of 2021, where LinkedIn’s brand held the fifth spot, accounting for just 8% of impersonation attacks. The second most mimicked brand is German package delivery company DHL, which previously held the top spot due in large part to the holiday shopping season.
Lenovo patches firmware vulnerabilities impacting millions of users
Lenovo has patched a trio of bugs reported by a researcher at ESET back in October, that could be abused to perform UEFI attacks, where malicious operations are loaded on a compromised device at an early stage of the boot process. This means that malware can tamper with configuration data, establish persistence, and bypass security controls which load at the OS stage. ESET said the vulnerabilities impact over 100 laptop models affecting millions of users worldwide and recommends that users patch their firmware immediately.
(ZDNet)
Ukraine war stokes internet connectivity concerns in Taiwan
Ukraine has leveraged their extensive internet connectivity to rally resistance to Russia’s invasion and counter Moscow’s propaganda. Taiwanese officials are now expressing concern over the island’s vulnerability to being taken totally offline in the event that its undersea internet cables were severed by Chinese submarines, divers, or military strikes. About 95% of Taiwan’s data-and-voice traffic runs through 14 undersea cable bundles which reach land at only four locations along Taiwan’s coast. The risk posed by severed underwater cables was highlighted earlier this year when an undersea volcanic eruption took out the single cable connecting Tonga to the internet, creating a days-long information blackout. Taiwan plans to add one or two more landing stations within the next five years.
(WSJ)
SaaS misconfigurations lead to cybersecurity incidents
Software as a Service (SaaS) has become a critical element of business operations around the globe. According to a new report from Cloud Security Alliance (CSA), the benefits of SaaS solutions can come at a price as their rapport reveals that 43% of organizations have dealt with one or more security incidents caused by a SaaS misconfiguration. The report identified the main causes of those incidents to be lack of visibility into SaaS security setting changes (34%) and too many departments being allowed access to SaaS security settings (35%). In addition, nearly half of cybersecurity teams tasked with securing SaaS solutions are only permitted to check for SaaS vulnerabilities on a monthly basis.
Thanks to our episode sponsor, Votiro
Microsoft disables SMB1 by default for Windows 11 Home
Microsoft announced Tuesday that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev builds, which are the last editions of Windows or Windows Server that still came with SMBv1 enabled. Since 2016, Microsoft has recommended that admins remove SMBv1 support on their network due to lacking security improvements found in newer SMB versions, and also due to a leak of SMBv1 exploits by NSA back in 2017 which gave rise to an onslaught of destructive malware proliferated in the wild by botnets including TrickBot, Emotet, NotPetya, and WannaCry. Microsoft explained that the shift will not affect devices using SMBv1 following in-place upgrades, with admins still allowed to reinstall it.
41% of organizations suffered API security incidents in the past year
According to a new report from 451 Research, the use of application program interfaces (APIs) have experienced a growth rate of 201% over the past 12 months. The report revealed that 41% of organizations surveyed had an API security incident over the same period, with 63% of that group noting that the incident involved a data breach or data loss. While the majority (90%) of respondents noted that their organizations have API authentication policies, 31% expressed doubt in the effectiveness of those policies. Finally, 49% of respondents indicated that they lacked confidence in their API inventories.
Voice concealment algorithm blocks microphone spying
Columbia University researchers have developed an algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and connected devices. The algorithm works predictively, inferring what the user will say next and then generating obstructive audible background noise to cover the sound. The volume of the noise is relatively low, minimizing user disturbance and allowing comfortable conversations. Previous failed attempts to develop real-time audio concealing solutions required near-instantaneous computation which is not feasible with today’s hardware. For now, the new system works only with English and has a rate of success of roughly 80%.
ISC2 opposes anti-DEI legislation
The International Information System Security Certification Consortium, or (ISC)², which is a non-profit organization specializing in information security training and certifications, recently posted a blog stating, “we are troubled by any legislative measures that not only limit, but in some instances, outlaw, discussions about and considerations of diversity in schools and the workplace.” The blog points out that the cyber security profession “does not reflect the world we live in” and goes on to say that, “building a more diverse and inclusive profession is key to addressing the workforce shortage.”
(Cybersecurity Insiders)