In today’s cybersecurity news…
Microsoft Entra admins must enable MFA or lose access to admin portals
As part of its new Secure Future Initiative, Microsoft is warning global admins of the Entra family of Zero Trust network access products that they have until October 15 of this year to enable multi-factor authentication for its tenants. Microsoft sent 60-day advance notices to all Entra global admins via email and Azure Service Health notifications. Admins are allows to request a postponement, but Microsoft is warning against doing that. If MFA is not enabled and there is no request to delay enforcement past the October 15 deadline, users themselves will be required to set up MFA before signing into administration portals.
Cybercrime gang uses fake Windows update screen to hide data theft
This activity comes from a new group named Mad Liberator. Their “About Us” page says they are there to help companies fix their security issues and recover their files. In the mean time, they target AnyDesk users with what security firm Sophos describes as randomly trying addresses until someone answers. The group then drops a Windows update splash screen – the one with the “percent complete, don’t turn off your computer” message to obscure its actions, which involve using AnyDesk’s File Transfer tool to steal data from OneDrive accounts, network shares, and the local storage. During the update, the victim’s keyboard is disabled to prevent any interruption of the theft.
Google Pixel devices shipped with vulnerable Verizon app
A majority of the devices shipped since September 2017 come with a dormant app called Verizon Retail Demo Mode, which is not manufactured by Google, but by a third-party vendor, but according to Google, is owned by Verizon, who requires it on all Android devices. Embedded in this app is another app called Showcase.apk which, according to mobile security firm iVerify, “downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level.” This leaves Android Pixel smartphones susceptible to adversary-in-the-middle (AitM) attacks, granting malicious actors powers to inject malicious code and spyware. “Since this app is not inherently malicious, most security technology may overlook it and not flag it as malicious, and since the app is installed at the system level and part of the firmware image, it can not be uninstalled at the user level,” iVerify added.
Huge thanks to our sponsor, Nudge Security
Ransomware gangs rake in more than $450 million in “worst year on record”
A new report from blockchain researchers Chainalysis shows the amount extorted actually reached $459 million in the first six month of this year. This is an increase of $10 million from last year. The reporting shows an increase in the median amount of ransoms paid, and the fact that “businesses and critical infrastructure providers may be more likely to pay ransoms of inordinate size due to these targets’ deep pockets and systemic importance.” Paradoxically, despite these increases in attack frequency and in payment size, “fewer victims are paying ransoms.” Ransomware payment events show a 27% decline compared to last year, suggesting that victim companies “may be better prepared and are opting to recover from attacks on their own.”
U.S. lawmakers focus on China-made TP-Link routers as a national security threat
Two members of Congress are asking the Commerce Department to look into Wi-Fi routers manufactured by Chinese company TP-Link Technologies. The representatives from Michigan and Illinois, who head up the House Select Committee on China, claim that “TP-Link’s routers have been found to have an unusual degree of vulnerabilities.” In their announcement, they cited activity by the Chinese APT group Volt Typhoon as a reason for their concern, given that the group is known for infiltrating of home routers.
Flint, Michigan latest city to suffer ransomware attack
Last week on the Monday broadcast we reported on the city of Killeen, Texas, and Sumter County, Florida as victims of municipal level attacks, and this week it is Flint, Michigan. It’s a similar scenario, with many parts of the IT and phone systems reduced in capacity and an inability for the city to take credit card payments for utility bills. Emergency services remain unaffected. No ransomware gang has yet been named in this occurrence.
Disney+ terms prevent allergy death lawsuit, Disney says
A cautionary tale in reading end user license agreements: An individual named Jeffrey Piccolo has filed a wrongful death lawsuit against Disney and the owners of an independently-owned restaurant located within the Florida Disney World theme park after his wife died in 2023 from a severe allergic reaction after eating at the restaurant. Disney World, however, is arguing the plaintiff cannot sue because of terms he signed up to in a one-month free trial of Disney+, and again when buying tickets for the theme park, meaning they would have to settle out of court. Disney argues it cannot be taken to court because, in its terms of use, it says users agree to settle any disputes with the company via arbitration, which is quicker and cheaper than the courts and does not involve a judge. Mr. Piccolo’s lawyers argument includes the fact that the plaintiff agreed to the Disney terms of use for himself, whereas he is now acting on behalf of his deceased wife, who never agreed to those terms.
(BBC News)