Google will use mobile devices to thwart phishing attacks
Google this week announced anti-phishing efforts that will make it possible to use Android and iOS devices in the same way as physical security keys such as Google’s Titan Security Key. Google is bundling the Titan capability into mobile devices, where Android and iOS devices use Bluetooth to verify they are in physical proximity to the device the user is trying to log into. Google is also expanding the types of Google Prompt challenges that users may experience if their login attempts look potentially fraudulent, including challenging users to connect their mobile devices to the same Wi-Fi network as the device they are attempting to log into.
CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability
Following on with one of the main stories of the week, CISA has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog “following reports of active abuse in the wild.” With the identifier CVE-2022-1388 and a CVSS score of 9.8, the flaw exploits a critical bug in the BIG-IP iControl REST endpoint, and can allow an attcker to execute arbitrary system commands. According to a report from Horizon3.ai, “an attacker can use this vulnerability to do just about anything they want to on the vulnerable server…including configuration changes, stealing sensitive information and moving laterally within the target network, as well as being able to completely erase targeted servers as part of destructive attacks to render them inoperable by issuing an “rm -rf /*” command that recursively deletes all files.”
Kick China off social media, says tech governance expert
Samir Saran is president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft’s Digital Peace Now Initiative. Saran, speaking at the Black Hat Asia conference, stated that “China’s Communist Party sees tech as a means of exerting control and uses social media to deliberately interfere in the affairs of other nations,” while simultaneously banning other nations access to its digital public square, and preventing its own citizens from venturing into global cyberspace inhabited by those of other countries. “Mischief abroad is the business model for Chinese tech,” he said.
Windows updates for May cause AD authentication failures
Some problems emerging for Microsoft after this month’s Patch Tuesday. Admins have been encountering the message “Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect.” errors. The issue impacts client and server Windows platforms and systems running all Windows versions, including the latest available releases (Windows 11 and Windows Server 2022). A patch for the patch is upcoming.
Thanks to our episode sponsor, Datadog
Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
Iranian cyberspy group launching ransomware attacks against US
According to a report from the Secureworks Counter Threat Unit (CTU), the Iran-linked cyberespionage group Charming Kitten has been busy recently, engaging in financially-motivated activities. This follows a joint advisory from government agencies in the US, UK, and Australia who warned of Iranian state-sponsored attacks targeting critical infrastructure and other organizations through the exploitation of Fortinet FortiOS vulnerabilities and a Microsoft Exchange ProxyShell bug. A December 2021 report from Microsoft noted that Charming Kitten was “showing high interest in acquiring exploits targeting the Log4j vulnerability, to modify and use them in new attacks. In January 2022, the APT was observed using a new PowerShell backdoor. Secureworks, which tracks the cyberespionage group as Cobalt Mirage, reported yesterday that the group appears to have turned to financially-motivated attacks, including the deployment of ransomware”.
APT gang ‘Sidewinder’ goes on two-year attack spree across Asia
It has in fact conducting almost 1,000 raids deploying increasingly sophisticated attack methods. According to Kaspersky’s global research and analysis team, speaking yesterday at the Black Hat Asia conference, SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations. Its expanded activities include new obfuscation techniques for the Javascript it drops into .RTF files, .LNK files, and Open Office documents. Kaspersky has observed unique encryption keys deployed across over 1,000 malware samples sourced from the group.
Novel ‘Nerbian’ trojan uses advanced anti-detection tricks
Proofpoint is warning of a newly discovered remote access trojan being spreading through malicious email campaigns that use COVID-19 related lures and which include features to evade analysis or detection. Named Nerbian RAT, the malware variant is written in the OS-agnostic Go programming language and “utilizes significant anti-analysis and anti-reversing capabilities”, according to a Proofpoint blog post published Wednesday.
Texas man gets 5 years for stealing 38,000 PayPal account credentials
According to a Justice Department press release, Austin resident Marcos Ponce, 37, has been ordered to pay $1.4 million in restitution, as a result of a November 2015 to November 2018, spree in which he and his co-conspirators established buyer accounts on an illegal online marketplace which sold stolen payment account credentials along with complementary personal identification information. “Prosecutors contend that Ponce and his co-conspirators developed social engineering techniques so they could dupe third parties into accepting money transfers from the compromised PayPal accounts before transferring the money into accounts they controlled.”