Data breach disclosures surge 14% in Q1 2022
According to the Identity Theft Resource Center (ITRC), for the first three months of 2022, publicly reported data breaches in the US increased by double digits year-on-year. This increase is the third successive year in which first quarter figures have exceeded those of the previous year. Of the breaches recorded by the ITRC, 92% were due to cyberattacks, with phishing and ransomware the top two causes overall. The report has a significant gap, however, with 154 data breach notices (40% of the total) did not identify a root cause. Unfortunately, this makes “unknown” the largest attack vector of Q1 2022.
Windows 11 tool to add Google Play secretly installed malware
In October last year with the release of Windows 11, Microsoft announced that it would allow users to run native Android apps directly from within Windows. But when the Android for Windows 11 preview was released in February, many were disappointed they could not use it with Google Play and were stuck with apps from the Amazon App Store. Around that time, someone released a new tool called Windows Toolbox on GitHub with a host of features, including the ability to debloat Windows 11, activate Microsoft Office and Windows, and install Google Play Store for the Android subsystem. However, unbeknownst to everyone until this week, the Windows Toolbox was actually a Trojan that executed a series of obfuscated, malicious PowerShell scripts to install a trojan clicker and possibly other malware on devices.
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
According to Cyberscoop, “Federal agents in Honolulu last week disrupted an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region.” Although few details were given about the motive or target, international law enforcement partners in several countries were able to make an arrest.” There are hundreds of undersea cables that form part of the internet, Justin Sherman, author of an Atlantic Council report on undersea infrastructure writes, many cable operators use remote management systems for cable networks, many of which have poor security.
(Cyberscoop and The Atlantic Council)
Global advertising giant Omnicom suffers ‘suspicious’ IT incident
The world’s second-largest marketing and advertising agency, Omnicom, took some of its IT systems offline over the past week due to what was called “suspicious activity.” This left many employees unable to access their VPNs, and for some even email was unavailable. Omincom represent 5,000 clients in more than 70 countries, including McDonald’s, Apple, Unilever and Johnson & Johnson.
Thanks to our episode sponsor, Code42
Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
Meet ZingoStealer: new, free malware from the Haskers Gang
Researchers from Cisco Talos announced on Thursday that a new malware named ZingoStealer is being made available for free to members of the Haskers Gang Telegram group. This group has just under four thousand subscribers who “share tips on cracks, crypters, bypassing security measures and hacking software.” Telegram is also used to manage the malicious executables and exfiltrated data packages. As for ZingoStealer, it can “harvest account credentials, Chrome and Firefox browser data, and Discord tokens, as well as cryptocurrency wallet credentials held by browser extensions from services including BitApp, Coinbase, Binance, and Brave.”
(ZDNet)
Elon Musk offers to buy Twitter for $43 billion
The offer, filed with the U.S. Securities and Exchange Commission shows that Musk is willing to pay $54.20 per share to buy 100% of the company. “It would be an all-cash offer that values the social network at $43.4 billion.” He said in an email to Bret Taylor, Twitter’s chairman of the board (and Salesforce co-chief executive), “I invested in Twitter as I believe in its potential to be the platform for free speech around the globe, and I believe free speech is a societal imperative for a functioning democracy. However, since making my investment I now realize the company will neither thrive nor serve this societal imperative in its current form. Twitter needs to be transformed as a private company.”
Microsoft details how China-linked crew’s malware hides scheduled Windows tasks
The Hafnium gang, which is linked to China, is using a strain of malware called Tarrask to maintain a persistent presence in compromised Windows systems. the malware creates “hidden tasks that maintain backdoor access even after reboots.” Researchers from the Microsoft Detection and Response Team (DART) and from the Threat Intelligence Center (MTIC) spotted the software “creating undesirable scheduled tasks via Windows Task Scheduler, which is typically used by IT administrators to automate such chores as updating programs, tidying up file systems, and starting certain applications.” The malware is part of a larger multi-stage attack against organizations that exploits an authentication bypass in the snappily named ManageEngine ADSelfService Plus, Zoho’s password-management and single-sign-on offering for Active Directory environments.
Man who paid $2.9m for NFT of Jack Dorsey’s first tweet discovers resale is NSF
Crypto entrepreneur Sina Estavi became infamous when, in March 2021, he paid $2.9m for an NFT of Jack Dorsey’s first tweet. Since then his efforts to resell it have gone virtually nowhere, receiving a top bid of $6,800 as of Thursday. At the time, Estavi’s purchase was among the most expensive sales of a non-fungible token, or NFT. Estavi is no longer sure if he will sell it. “It’s important to me who wants to buy it,” he says, continuing,” I will not sell this NFT to anyone because I do not think everyone deserves it.”