Cloudflare outage impacts crypto exchanges
On Tuesday, Cloudflare suffered a wide-spread outage affecting services of a large number of its customers including Shopify, League of Legends, Discord, Feedly, DoorDash, and NordVPN. The outage also affected several major crypto exchanges including OKX, Bitfinex, and FTX prompting OKX’s CEO to tweet a plea for, “web3 alternative in the future.” Cloudflare had most services back online within two hours and has not yet disclosed the cause of the incident.
Biden signs a pair of cybersecurity bills
On Tuesday, President Biden signed into law two bipartisan bills that will aim to enhance cyber coordination with state and local governments and strengthen the federal cyber workforce. The first bill will enable CISA to offer state and local authorities access to upgrade digital security tools and procedures and will also bolster the Multi-State Information Sharing and Analysis Center to help prevent and respond to cyber incidents. The second bill establishes a rotational cyber workforce development program across government agencies in an effort to better compete with the private sector for cyber talent.
7-zip now supports Windows ‘Mark-of-the-Web’ security feature
7-zip has finally added support for the long-requested ‘Mark-of-the-Web’ Windows security feature. In 7-zip 22.00, Windows adds a special MoTW identifier to files downloaded from the Internet or other computers. Windows will display a warning message to users attempting to open such files. If the user opts to proceed, Microsoft Office will open the file in read-only mode and disable macros. You can check a file for the Mark-of-the-Web by right-clicking it in Windows Explorer and viewing its properties.
Microsoft Patch Tuesday (part 2)
On Tuesday, Microsoft released out-of-band (OOB) updates to address known issues in Azure and Microsoft 365 on Arm devices. Microsoft’s June 2022 Patch Tuesday updates are believed to have caused the issues which affect services including Azure Active Directory, VPN, Teams Desktop, OneDrive for Business, and Outlook Desktop. Microsoft said the updates will be automatically installed via Windows Update and can also be downloaded and installed manually via the Microsoft Update Catalog (KB5016139 for Windows 10 and KB5016138 for Windows 11).
Thanks to today’s episode sponsor, Optiv
• Increasing security
• Decreasing risk
• Lowering cost
Learn more at www.optiv.com/IAM-Microsoft.
Icefall flaws impact thousands of exposed industrial devices
Forescout researchers published a security report detailing a set of 56 Operational Technology (OT) vulnerabilities referred to collectively as “Icefall.” The bugs span across 10 vendors and enable remote code execution, compromised credentials, firmware and configuration changes, authentication bypass, and logic manipulation. Notably, 74% of the vulnerable products had previously been certified for their security. Forescout noted, “many vulnerabilities are due to the insecure-by-design nature of OTs,” adding that there were a number of flawed authentication schemes. Impacted customers have been advised to apply available bug fixes through firmware upgrades or segment OT networks and monitor activity while they wait on a fix.
ToddyCat targets Exchange servers with new malware
Kaspersky researchers have discovered a new advanced persistent threat (APT) group, dubbed ToddyCat, targeting Microsoft Exchange servers. ToddyCat leverages two formerly unknown tools the researchers called “Samurai” and “Ninja.” Samurai is a passive backdoor while Ninja allows multiple operators to collaborate on a target machine simultaneously. In December 2020, ToddyCat began compromising Exchange servers in Taiwan and Vietnam but between late February and early March of this year, the group expanded its tactics by abusing the ProxyLogon vulnerability to compromise multiple organizations across Europe and Asia. The researchers noted that ToddyCat’s motive appears to be geopolitical in nature with a focus on governmental and military targets.
Overconfidence in API security leaves orgs at high risk
Radware’s 2022 State of API Security report reveals a sharp increase in API usage due to reliance on cloud infrastructure and other intersystem communications. While 92% of those surveyed believe they have adequate protection for their APIs, 62% admit a third or more of APIs are undocumented, leaving organizations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks. Additionally, half of respondents indicated their existing tools provide only partial or minimal API protection highlighting that cyber security leaders may have a false sense of security when it comes to their APIs. Michelle McLean, Vice President at Salt Security, said the findings reinforce that API security is vastly under prioritized, and the time is now to turn the dial and incorporate adequate solutions as old tools are not enough.
Russian accused of hacking NATO think tank
The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused of carrying out a cyber espionage attack against a NATO think tank (Joint Air Power Competence Center) in Germany. Kozachek hacked at least two NATO systems in 2017 and installed a keylogger to spy on the organization. German investigators believe that Kozachek, who is still at large, is a member of the Russia-linked APT28 group (aka Fancy Bear).