Hackers opting for new attack methods after Microsoft blocked macros by default
Malicious actors are being forced to come up with new ways to deliver malware now that Microsoft has taken steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps. Proofpoint says, in a report, that adversaries are now moving to container files such as ISO and RAR, as well as exploiting the Windows Shortcut (LNK) files. Proofpoint sees this as “a significant shift in the threat landscape,” noting that the number of campaigns containing LNK files increased 1,675% since October 2021, with the number of attacks using HTML attachments more than doubling from October 2021 to June 2022.
Microsoft 365 outage knocks down admin center in North America
A new outage hit Microsoft 365 yesterday, with administrators in North America seeing blank pages and 404 errors or no perceivable error message at all when trying to access the Microsoft 365 admin center. The company revealed on the Microsoft 365 Service health status page, “this outage could affect any admin in North America.” Microsoft is of course working on discovering the issue that triggered this incident and trying to find a potential fix to address its impact on North American admins.
22 million US health records breached thus far in 2022
This is according to a new report from GlobalData which also forecasts that spending on cybersecurity in the global healthcare industry will increase by nearly $400 million in the next three years. Included in these breaches is not just regular PII, but also private health information (PHI) which can include one’s medical history, address, email addresses, and social security numbers, perfectly suited for phishing schemes that target patients for further exploitation. Unlike credit card information or personal identification information, medical history cannot be changed, making it much more valuable on the black market.
Fallout from massive Shanghai Police data breach reverberates on dark web
Fallout from the massive Shanghai National Police breach that we reported on 2 weeks ago, appears to be an increase in the amount of supposedly hacked Chinese data on the dark web. While there was an average of 14 monthly leaks from Chinese entities posted to BreachForums between March and June, in the first 15 days of July, the total jumped to 25, setting a pace for more than 50 by month end. The surge in Chinese data posted to the forum came alongside “a significant increase in the quantity of Chinese-language activity on the predominantly English-speaking forum.”
Thanks to today’s episode sponsor, Snyk
Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.
Code, dependencies, containers, cloud infrastructure… all of it.
And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places.
Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.
Novel malware hijacks Facebook business accounts
Ducktail is a new form strain of malware that is attacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that focuses on LinkedIn accounts. According to researchers from WithSecure (formerly F-Secure), the malware uses browser cookies from authenticated user sessions to take over accounts and steal data. The campaign appears to belong to financially driven Vietnamese threat actors.
Radiation alert saboteurs arrested after sensors disabled
Two former government workers have been arrested on suspicion of “breaking into the computer network of the country’s radioactivity alert system (RAR) and disabling more than a third of its sensors.” The suspects, who conducted break-in between March and June 2021, worked for a company contracted by Spain’s General Directorate of Civil Protection and Emergencies (DGPCE). The footprints in this case led back to “A year-long probe eventually traced the cyberattack to a computer “in “the public-use network of a well-known establishment of hospitality in the center of Madrid,” – which might be interpreted as hotel WiFi. According to The Register, “the two suspects had been responsible for the maintenance program of the RAR system, through a company contracted by the DGPCE, which made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship.”
Chess robot breaks seven-year-old boy’s finger during Moscow Open
Sergey Lazarev, Moscow Chess Federation President, confirmed to the Tass news agency that the robot had indeed broken the child’s finger, adding, “this is of course bad.” A video shared on social media shows the robot taking one of the boy’s pieces. The boy then makes his own move, and the robot grabs his finger. Four adults rushed to help the boy, who was eventually freed and ushered away. Mr Lazarev said the machine had played many previous matches without incident, and the young victim was able to finish the final days of the tournament, wearing a cast.
(BBC News)