In today’s cybersecurity news…
FBI and CISA urge Americans to use encrypted apps rather than calling
Further developments from the Salt Typhoon attack on U.S. telecommunications companies, officials from both agencies are recommending that Americans use start using encrypted messaging apps. Speaking to the media on Tuesday, Jeff Greene, executive assistant director for cybersecurity at CISA, along with a senior FBI official who asked not to be named, said they plan to use the same message as they do inside their respective organizations: Encryption is your friend,” whether it’s on messaging or encrypted voice communication. They also suggest people considering using a cellphone that “automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.”
(NBC News)
iVerify scanner finds seven Pegasus spyware infections
A report published by the mobile device security firm iVerify puts into question the idea that commercial spyware is used to target a small number of people. It says that out of 2500 devices offered by customers to be inspected, seven devices had the Pegasus malware manufactured by the NSO Group. Rocky Cole, chief operating officer of iVerify and a former U.S. National Security Agency analyst, stated that “the owners of these targeted devices were not journalists and activists, but business leaders, people running commercial enterprises, people in government positions.” Wired magazine, which ran this story points out that although 7 out of 2500 is a small percentage, “fact that the tool has already found a handful of infections at all speaks to how widely the use of spyware has proliferated around the world.”
(Wired)
Japan warns of I-O Data zero-day router flaws exploited in attacks
Japan’s Computer Emergency Response Team aka CERT, is warning of a zero-day vulnerabilities in I-O Data router devices. These can be exploited to modify device settings, execute commands, or even turn off the firewall. “The vendor has acknowledged the flaws in a security bulletin published on its website.” But, the fixes are only expected to land on December 18, which means users will be exposed to risks until then unless mitigations are enabled. The three flaws, which were identified on November 13, and which all have CVE numbers, relate to information disclosure, remote arbitrary OS command execution, and the ability to disable firewalls.
Huge thanks to our sponsor, Vanta
With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs.
Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.
Visit vanta.com to learn more about Questionnaire Automation.
UK law enforcement uncovers major Russian ransomware-related money laundering operation
On Wednesday, British law enforcement announced the discovery of a large Russian money laundering system “used by transnational drug traffickers, cybercriminals, Moscow elites evading sanctions and even the Kremlin’s espionage operations.” The discovery follows an investigation into how a ransomware gang was cashing out extorted cryptocurrency. More than 80 people have been arrested this far in this operation, which is named Operation Destabilise and which has “exposed billion-dollar money laundering networks operating in a way previously unknown to international law enforcement.” The head of this particular snake belongs to two Russian businesses, one called Smart and the other TGR Group, both based in Moscow’s Federation Tower. They are accused of providing critical liquidity and logistics services allowing criminals to collect funds in one country and make the equivalent value available in another.
Still lots of security risks in Open Source ecosystem
A new report from the Linux Foundation, OpenSSF, and Harvard University has found that “significant security risks continue to be prevalent in open source software practices. The CENSUS III project made more than “12 million observations of free and open source software (FOSS) libraries used in production apps at over 10,000 companies.” The issues included ongoing reliance on Python 2 language, a lack of standardized naming for software components, the fact that security is dependent on a handful of accounts and that individual developer accounts tend to have fewer protections associated with them than organizational accounts.
Backdoored Solana library downloaded by developers
Solana Web3.js is a popular JavaScript library used to build decentralized applications for Node, web, and React Native. On Tuesday, two malicious versions of the library were discovered as available for download. The backdoored iterations, versions 1.95.6 and 1.95.7, “contained code that allowed the attackers to steal private key material and drain funds from decentralized applications.” They remained available for about five hours through the official repository. Developers who downloaded either of these versions are advised to update to Solana Web3.js version 1.95.8 as soon as possible and rotate any suspect keys and account credentials.
Microsoft stands firm on TPM requirements for Windows 11
Microsoft is pushing hard on its upgraded security culture by dashing the hopes some may have about lower hardware requirements for Windows 11. Windows 10 end of support is approaching in October 2025, and Microsoft says that its Trusted Platform Module (TPM) 2.0 requirement for Windows 11 is “non-negotiable.” PM 2.0. It’s a hardware-level chip or firmware capability that helps encrypt or decrypt data, confirm digital signatures, and assist with any other cryptographic operations.