Cisco admits corporate network compromised by gang with links to Lapsus$
Cisco disclosed this fact on Wednesday, stating that an employee’s personal Google account had been compromised. The disclosure of the months-old incident also happed to occur after a list of files accessed during the incident appeared on the dark web. Their Security Incident Response (CSIRT) and Cisco Talos specified the data exfiltration was from an account with cloud storage locker Box that was associated with a compromised employee’s account. The ransomware gang “Yanluowang” has claimed responsibility for the leak.
CISA should split from DHS says Chris Krebs
Former CISA director Chris Krebs called for significant adjustments to the U.S. government’s approach to cybersecurity on Wednesday. During a keynote address at the Black Hat conference in Las Vegas, Krebs proposed the creation of a “U.S. Digital Agency,” which would incorporate elements of CISA, the National Institute of Standards and Technology, the National Telecommunications and Information Administration, the Department of Energy as well as parts of the Federal Trade Commission and the Federal Communications Commission. The goal, he says, is to add privacy, trust, and safety issues to the existing security priorities.
Ransomware data theft epidemic fueling BEC attacks
A surge in corporate data stolen by ransomware gangs is inundating the cybercrime underground with exactly the sort of information fraudsters need to launch convincing business email compromise (BEC) attacks, according to Accenture. Between July 2021 and July 2022, Accenture’s Cyber Threat Intelligence team (ACTI) claimed in a new report to have observed over 4000 corporate and government victims with data posted to leak sites representing the 20 most active cybercrime groups. Such information can be used to good effect to help the early social engineering/reconnaissance stages of a BEC attack, which Accenture claims is “the most important and traditionally the most difficult” part of a campaign.
Critical vulnerabilities found in Device42 asset management platform
The warning comes from Bitdefender, which has found multiple critical vulnerabilities including bugs that could be exploited to execute arbitrary code. The Device42 platform helps administrators track applications, devices, and hardware, providing them with the ability to manage data center assets, passwords, and services, as well as with device discovery and asset tagging features. “An attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the appliance files and database (through remote code execution)” Bitdefender said.
Thanks to today’s episode sponsor, Edgescan
FCC cancels $886 million in funding for SpaceX’s Starlink
The funding was intended for Starlink to expand access in rural areas. The cancellation is based on the system’s cost as well as doubts over its predicted download speeds. Long-form funding applications submitted by SpaceX and an ISP called LTD Broadband “failed to demonstrate that the providers could deliver the promised service,” the FCC said in a statement.” In addition to speed issues, the FCC highlighted the cots of the Starlink dish ($599) and the monthly subscription to be charged to consumers ($110 per month).
GitHub Dependabot now alerts developers on vulnerable GitHub Actions
Microsoft-owned GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. GitHub Actions is a CI/CD solution that enables users to automate the software build, test, and deployment pipeline. Dependabot is part of GitHub’s continued efforts to secure the software supply chain by notifying users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date.
NHS IT supplier held to ransom by hackers
A cyber-attack on Advanced, a company that provides digital services including patient check-in and a non-emergency medical helpline for England’s National Health Service (NHS) says it may take three to four weeks to fully recover from what has been confirmed as a ransomware attack. The NHS insists that disruption is minimal, but Advanced would not say whether NHS data had been stolen. Advanced also refuses to say if it was in negotiations with hackers or paying a ransom to them.
(BBC News)
Sierra Leone internet cut amid anti-government protests
The West African nation of Sierra Leone experienced a near-total internet blackout on Wednesday, in the midst of anti-government protests sparked by the rising cost of living. Internet governance watchdog NetBlocks found that, beginning at noon local time, “national connectivity” fell to about 5% of its normal level, with multiple mobile and fixed-line Internet operators going dark. Netblocks’ director of research, said connectivity was “largely restored” after approximately two hours, but service remains “somewhat impacted.” The disruption affected providers routed through Sierra Leone Cable, which “controls the country’s internet gateway.”