Cisco admits corporate network compromised by gang with links to Lapsus$
Cisco disclosed this fact on Wednesday, stating that an employee’s personal Google account had been compromised. The disclosure of the months-old incident also happed to occur after a list of files accessed during the incident appeared on the dark web. Their Security Incident Response (CSIRT) and Cisco Talos specified the data exfiltration was from an account with cloud storage locker Box that was associated with a compromised employee’s account. The ransomware gang “Yanluowang” has claimed responsibility for the leak.
CISA should split from DHS says Chris Krebs
Former CISA director Chris Krebs called for significant adjustments to the U.S. government’s approach to cybersecurity on Wednesday, during a keynote address at the Black Hat conference in Las Vegas. He instead suggested that a new “U.S. Digital Agency” be created, “which would incorporate elements of CISA, the National Institute of Standards and Technology, the National Telecommunications and Information Administration, the Department of Energy as well as parts of the Federal Trade Commission and the Federal Communications Commission.” The goal, he says, is to add privacy, trust, and safety issues to the existing security priorities.
Ransomware data theft epidemic fueling BEC attacks
According to a new report from Accenture, an increase corporate data being stolen by ransomware gangs is providing those in the cybercrime underground with ideal material for crafting business email compromise (BEC) attacks. Accenture’s Cyber Threat Intelligence team states in the report that between July 2021 and July 2022, it observed “over 4,000 corporate and government victims with data posted to leak sites representing the 20 most active cybercrime groups.” Accenture emphasizes that “early social engineering/reconnaissance stages of a BEC attack represent the most important and traditionally the most difficult part of a campaign.
Critical vulnerabilities found in Device42 asset management platform
The warning comes from Bitdefender, which has found multiple critical vulnerabilities including bugs that could be exploited to execute arbitrary code. The Device42 platform helps administrators track applications, devices, and hardware, providing them with the ability to manage data center assets, passwords, and services, as well as with device discovery and asset tagging features. “An attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the appliance files and database (through remote code execution)” Bitdefender said.
Thanks to today’s episode sponsor, Edgescan
FCC cancels $886 million in funding for SpaceX’s Starlink
The funding was intended for Starlink to expand access in rural areas. The cancellation is based on the system’s cost as well as doubts over its predicted download speeds. Long-form funding applications submitted by SpaceX and an ISP called LTD Broadband “failed to demonstrate that the providers could deliver the promised service,” the FCC said in a statement.” In addition to speed issues, the FCC highlighted the cots of the Starlink dish ($599) and the monthly subscription to be charged to consumers ($110 per month).
GitHub Dependabot now alerts developers on vulnerable GitHub Actions
Microsoft-owned GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. GitHub Actions is “a CI/CD solution that enables users to automate the software build, test, and deployment pipeline.” Dependabot is part of GitHub’s continued efforts to secure the software supply chain by notifying users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date.
NHS IT supplier held to ransom by hackers
A cyber-attack on Advanced, a company that provides digital services including patient check-in and a non-emergency medical helpline for England’s National Health Service (NHS) says it may take three to four weeks to fully recover from what has been confirmed as a ransomware attack. The NHS insists that disruption is minimal, but Advanced would not say whether NHS data had been stolen. Advanced also refuses to say if it was in negotiations with hackers or paying a ransom to them.
(BBC News)