This week’s Cyber Security Headlines – Week in Review, April 24-28, is hosted by Sean Kelly with our guest, Steve Zalewski, former CISO, Levi Strauss and co-host, Defense in Depth.
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Energy sector orgs in US, Europe hit by same supply chain attack as 3CX
On Friday, researchers from cybersecurity firm Symantec revealed that trojanized software from the financial services company Trading Technologies impacted two additional organizations in the energy sector, as well as “two other organizations involved in financial trading.” Researchers did not reveal how exactly the organizations were infected, nor did they reveal the names of the victim organizations, but said the infection chain started with a corrupted version of the X_Trader installer – which was digitally signed by the company and made to look benign.
(The Record and Symantec)
The ongoing pain of PaperCut
The print management software company PaperCut claims to have over 100 million users across 70,000 organizations. That big attack surface was put at risk according to a new security advisory from the company. This alerted customers that it patched a critical vulnerability in its two print management products under active exploitation. While patched in March, those still vulnerable were at risk of remote code execution with no need for credentials. A separate, although less severe, vulnerability could allow attackers to access user information stored on print servers. Researchers at Huntress found roughly 1,800 exposed PaperCut servers online, with attackers users the flaws to install legitimate remote access software to gain a backdoor.
New “all-in-one” infostealer on the market
Researchers at Fortinet discovered a new modular infostealer malware available for sale on cybercrime forums. A company called Kodex developed the tool, which claims it’s intended for educational use. Researchers noticed a surge in usage of the tool last month, largely in Europe and the US. The malware can steal data from endpoints, record keystrokes, activate peripherals like webcams, and capture a screen. Generally its used as part of a phishing campaign as a malicious attachment. The tool is under active development, increasing its stability and adding new features. Fortinet issued a report on the Kodex tool including indicators of compromise.
US policing use of AI for civil rights violations
On Tuesday, officials from several US government agencies warned financial firms and others that use of artificial intelligence (AI) can heighten the risk of bias and civil rights violations signaling they are policing marketplaces for such discrimination. For example, financial firms are legally required to explain adverse credit decisions. The agencies said, if companies don’t understand the reasons for the decisions their AI is making, they cannot legally use it. FTC chair, Lina Khan, said, “Claims of innovation must not be cover for lawbreaking.”
(Reuters)
Thanks to today’s episode sponsor, Tines
Malware-free cyberattacks on the rise
According to figures from Crowdstrike, threat actors performed 71% of all enterprise cyberattacks it observed in 2022 without malware. Instead attackers increasingly use legitimate tools to compromise networks. In a case study presented at RSA, Crowdstrike detailed the work of the “Spider” cybercrime group using this approach. This involved extensive social engineering to tailor a phishing email to obtain login credentials. Then the attackers used those credentials to set up an AnyDesk account. The attackers also used local hardware or services like DigitalOcean to avoid sending data to unusual domains.
Hacking a ESA satellite
Security researchers from Thales and members of the European Space Agency plan to show an in-depth attack scenario against one of the agency’s satellites at the CYSAT conference in Paris. This comes in light of recent US intelligence documents reported on by the Financial Times, which outlined how China began developing methods to mimic operator signals to satellites to potentially seize control of the hardware. The demonstration targets the ESA’s shoebox-sized OPS-SAT, first launched in 2019. The attack made it possible to “compromise the data sent back to Earth” including changing image files. This is believed to be the first ethical hacking demonstration against a satellite.
Big tech crackdown looms as EU, UK ready new rules
TikTok, Twitter, Facebook, Google, and Amazon are facing rising pressure from European authorities as London and Brussels advanced new rules Tuesday to curb the power of digital companies. They’re among those on a list of the 19 biggest online platforms and search engines that the European Union’s executive arm said must meet extra obligations for cleaning up illegal content and disinformation and keeping users safe under the 27-nation bloc’s landmark digital rules that take effect later this year. TikTok will allow European Commission officials to carry out a “stress test” of its systems to ensure they comply with the Digital Services Act, Commissioner Thierry Breton said in an online briefing.