Chrome testing IP Protection
Google plans to test this new feature in Chrome. This will route third-party traffic from specific domains through proxies, hiding the IP addresses. The company plans to evolve the feature over time, adding domains to automatically send proxy traffic in an effort to prevent cross-site tracking. Google will launch the feature as an opt-in for logged in Chrome users from US-based IPs. During “Phase 0” testing, it will send proxy requests to its own domains to test the infrastructure. The company acknowledged the feature could make it difficult for security teams to block DDoS attacks or detect invalid traffic. As a result, it may require users to authenticate with the proxy and test high-ceiling rate limiting.
Microsoft tests Security Copilot
Microsoft first announced its Copilot would receive a security-focused offering back in March. It will now open up an early access pilot embedded within Microsoft 365 Defender XDR. The company the Copilot can free up to 40% more time that would otherwise go to mundane tasks. The company frames the service as a way to upskill less-skilled analysts. In terms of features, Security Copilot can summarize security incidents into natural language, analyze incidents, and synthesize reports. It can also use natural language prompts to create KQL queries.
Cisco releases IOS XE patches
Cisco began rolling out its patches for the two high severity vulnerabilities in its IOS XE devices. The first patch release applies to ISO SE version 17.9.4. As of this recording, Cisco lists other version patch release dates as TBD. Since Cisco disclosed the first of these zero-days under active exploitation as of October 16ths, security researchers saw over 40,000 inflected devices online. This subsequently dropped to a few hundred over the weekend, although it remains unclear if this came from admins mitigating the devices or threat actors updating infected devices to avoid scans.
Former ASML employee allegedly took secrets to Huawei
Back in February, Bloomberg reports that a former employee at the Dutch chipmaking equipment giant ASML stole chip making secrets and took them to China. Now the Dutch newspaper NRC reports the employee is now employed at Huawei, indicating who directly benefitted from the stolen trade secrets. This all comes against the backdrop of continued escalating chip making technology export bans by the US against China. In response, we’ve seen Huawei continue hiring talent from Russia and enticing employees from Taiwanese chipmakers. Earlier this year, ASML CEO Peter Wennink characterized the stolen information to investors as quite limited.
Huge thanks to our sponsor, Vanta
Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing.
And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance.
Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
BHI Energy details ransomware attack
The US energy services firm saw the Akira ransomware organization breach its network as of May 30th. This occurred through stolen VPN credentials from a third-party contractor to access its internal network. Over the next week, Akira performed reconnaissance on the network. Threat actors then enumerated data targeted for exfiltration on June 16th. It stole 690 gigabytes of data between June 20th and 29th. On the 29th it also deployed its ransomware on network devices. BHI detected the attack at that time, with systems recovered by July 7th. The company restored from cloud backups and said it didn’t pay a ransom.
US seizes North Korean domains
Last week, the US Department of Justice seized 17 domains allegedly used to funnel money back to North Korea. This came as part of a ploy to send thousands of North Korean abroad to China and Russia, who then gained work as freelance IT workers globally. A previously sealed court document estimates that from October 2022 to January 2023, North Korea generated roughly $1.5 million in revenue from this scheme. These domains appeared as legitimate IT services companies based in the US. The FBI’s Special Agent in Charge Jay Greenberg said companies should remain vigilant to verify any contractors hired.
(SC Media)
Spain dismantles cybercrime organization
The Spanish National Police conducted 16 targeted searches across several major cities, arresting 34 members of the group. Confiscations included 80,000 euros in cash and a computer database with information on over 4 million people. Police said it linked the organization to a phishing campaign impersonating utility works and delivery operators, as well as pig butchering-like schemes. Law enforcement began investigating the group earlier this year following thousands of complaints, with the scammers attempting to get people to repay loans based on stolen credit data. It seems most of the group’s income came from reselling stolen data.
Health network restores services after cyberattack
On October 16th, the New York-based Westchester Medical Center Health Network disclosed that two of its hospitals and a residential care center experienced an IT outage as a result of a cyberattack. This knocked off phone, email, and internet at the facilities, and caused EMS to reroute to other hospitals. On Friday the facilities shut down all connected IT systems and successfully restored services by October 23rd, resuming EMS service. The hospital initially claimed the attack would not disrupt services. The network also contacted the FBI to help investigate the attack. No word on what group orchestrated the attack.