CISA expands automated malware analysis
Back in November, CISA opened its Malware Next-Gen service to government and military workers. This provides automated analysis of malware samples and other suspicious digital artifacts with a combination of static and dynamic tools. CISA will now open submissions on Malware Next-Gen to other organizations, although only authorized users can access results. Since opening the tool, CISA said 400 registered users submitted 1,600 files to review.
US Cyber Command launched “hunt forward” missions
In written testimony to the Senate Armed Services Committee, NSA chief and Air Force General Timothy Haugh disclosed the Cyber National Mission Force engaged in 22 “hunt forward” operations last year. This marks the first time US Cyber Command confirmed a figure for such missions. These missions resulted in over 90 malware samples collected that it subsequently released to the cybersecurity community. We don’t know specifically where these took place, but missions occurred in 17 countries, across all of the Defense Department’s geographic combatant commands.
Spectre v2: Linux Boogaloo
Researchers from VU Amsterdam documented a new version of the speculative execution side-channel flaw on modern Intel processors, creatively called Spectre v2. This new attack specifically works against Linux systems through Branch Target and Branch History Injections. This opens the door to allowing an attacker to read memory data and break isolation privilege levels. The researchers say existing Spectre mitigation doesn’t work on v2, while Intel recommended disabling unprivileged Extended Berkeley Packet Filter, and enabling Supervisor Mode Execution Protection and Enhanced Indirect Branch Restricted Speculation features. The researchers released a tool to identify vulnerable code segments in the Linux kernel.
AT&T updates recent breach figures
Back in 2021, a threat actor published a trove of AT&T customer data for sale on a hacking forum. This dataset included information on over 70 million people. AT&T only confirmed the dataset belonged to them earlier this year. Now the company says the leak impacted 51.2 million customers. AT&T did not respond to questions from Bleeping Computer as to why there is a large discrepancy in these figures, how threat actors obtained the data, and why it took years to respond to the leak.
Huge thanks to our sponsor, Vanta
With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA.
Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires.
Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time.
Watch Vanta’s on-demand demo at vanta.com/ciso.
Wiz acquires Gem Security
The cloud-security company Wiz confirmed to Fortune it acquired the startup Gem Security. Wiz did not disclose terms, but Fortune’s sources say the deal closed at $350 million. Gem offers cloud detection and response solutions. This marks Wiz’s second acquisition, after scooping up the cloud platform Rafft in December for a reported $50 million. Wiz CEO Assaf Rappaport told Fortune he sees 2024 as “the year of acquisitions” in the industry.
(Fortune)
Malicious PowerShell script shows signs of AI origin
Researchers at Proofpoint documented a known threat actor using a malicious PowerShell script that showed indications of creation by a large language model. The script included comments in code to explain specific components, something not commonly seen in malware, indicating the attacker could have used an LLM to make it, or copied it from someone that did. The threat actor, known as TA547, isn’t new, operating since 2017 as an initial access broker. This particular campaign attempted to spread the Rhadamanthys modular infostealer on German targets.
ISP “nutrition labels” deadline
As of April 10th, the US Federal Communications Commission requires internet service providers to publish so-called “nutrition labels” detailing costs, fees, “typical” service speeds, and data limits to consumers. The FCC first proposed this requirement back in 2016. These use the same design language as familiar nutrition labels, required both online and in physical stores. ISPs with less than 100,000 lines have until October 10th to comply.
Consulting firm attack exposed DOJ data
The Greylock McKinnon Associates consultancy began sending breach notification letters to victims, after discovered a breach on its internal network back in May 2023. This exposed US Department of Justice data on over 340,000 individuals, including Medicare and personal data. The firm did not release details on any suspected attacker or how they got in. Greylock said it began working with investigators and third-party specialists as soon as it discovered the breach. However it did not obtain contact information for victims until February 7th. The first said it deleted DOJ data from its servers after the incident and will offer those impacted the classic 24 months of identity protection.
(SC Media)