New DoJ cyber prosecution team will go after nation-state threat actors
The US DoJ has announced that its National Security Division (NSD) has a new cyber section, dubbed ‘NatSec Cyber.’ NatSec Cyber was created in response to findings from the 2022 Comprehensive Cyber Review conducted by the US Attorney General’s office. Assistant Attorney General Matthew G. Olsen said, “This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security.” Olsen added that NatSec will position prosecutors to begin investigating reported cyber threats in the earliest stages.
(Dark Reading and cybernews)
Apple fixes zero-days used to deploy Triangulation spyware
Researchers from Kaspersky have released more details about an iOS backdoor they’ve named ‘TriangleDB’ (CVE-2023-32434). The spyware leverages zero-click exploits via the iMessage platform, and allows attackers to dump iCloud Keychain data and load additional Mach-O modules in memory to harvest file contents, geolocation, installed iOS applications, and running processes. The malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The threat actors behind the campaign are currently unknown, although Russia is accusing the US government of carrying out a reconnaissance operation. Apple pushed fixes across nearly all iPhones, iPads and Apple Watches on Wednesday.
(The Hacker News and The Register)
Schumer unveils strategy to regulate AI
On Wednesday, Senate Majority Leader Chuck Schumer unveiled a framework for regulating artificial intelligence and warned that “Congress must join the AI revolution” now or risk losing its only chance to regulate the rapidly moving technology. He revealed plans to launch a series of “AI Insight Forums” featuring top AI developers, executives, scientists, community leaders, workers, and national security experts which will form the foundation for more detailed policy proposals for Congress. Shumer said, “We have no choice but to acknowledge that AI’s changes are coming, and in many cases are already here.”
(NBC)
MOVEit update: ransomware victim list continues to grow
Gen Digital, the parent company of cybersecurity subsidiaries Avast and Norton, confirmed on Tuesday that the personal information of its employees was compromised in yet another MOVEit ransomware attack. The company said compromised data included names, addresses, employee IDs, and email addresses. Gen Digital said all known vulnerabilities have been remediated and that there was no impact to customers, partners or core IT systems and services.
The news comes after Metro Vancouver Transit Police confirmed earlier this week that it too fell victim to hackers gaining unauthorized access to files on its MOVEit server.
And on Tuesday, three plaintiffs from Louisiana, representing more than 100 individuals, filed a class-action lawsuit in a Massachusetts against MOVEit producer Progress Software. The lawsuit indicates after their data was compromised in the Louisiana Office of Motor Vehicles MOVEit breach, affected individuals have become targets of social engineering attacks. The complaint also claims Progress Software failed to notify impacted victims.
(Dark Reading and The Cyber Express and SC Magazine)
And now a word from our sponsor, Wing Security
Mondelēz International’s info compromised in 3rd party breach
The producer of Oreo cookies and Ritz crackers among other snack foods has warned 51,000 of its past and present employees that their personal info was stolen from the company’s 3rd party law firm. Hackers broke into the network of Bryan Cave Leighton Paisner LLP and were able to access social security numbers,names, addresses, dates of birth, marital status, gender, employee identification numbers, and retirement plan info belonging to current and former Mondelēz workers. As a side note Mondelēz was among the global companies hit in the NotPetya outbreak and recently settled a $100-million-plus cleanup bill with its cyber insurer, Zurich American Insurance Company.
Emerging ransomware group 8Base doxxes SMBs globally
Since at least April 2022, a ransomware group called 8Base, not to be confused with the Florida-based software company of the same name, has been conducting double-extortion attacks against small and midsized businesses (SMBs). Victims span industries including science and technology, manufacturing, retail, construction, and healthcare. In May, the group dumped data belonging to 67 organizations on the cyber underground. Researchers say little is known about the gang’s tactics , techniques, and protocols (TTPs), but their leak site includes a terms-of-service section outlining 13 rules including a prohibition against police involvement. 8base has already doxxed 29 new businesses this month.
63% of IT leaders measure IT success by reduced risk
A survey by Rocket Software took a look at the biggest challenges facing IT leaders of large organizations and their approach to modernizing their IT department. The report revealed that the top concerns among IT leaders include improving overall IT performance (60%), data security (50%), process risk and compliance (46%) and the need to improve agility (41%).
Respondents noted that the top measure of success within their IT organization was by increased efficiency (71%) which they defined as faster DevOps and automated processes. Optimized resources (67%) and reduced risk (63%) were also among the top measures of IT success.
UPS discloses data breach after customer info used in SMS phishing
In a somewhat sneaky fashion, multinational shipping company UPS has alerted some Canadian customers that their personal information may have been exposed. UPS entitled their letters, “Fighting phishing and smishing – an update from UPS,” which seemed to be a reminder to customers about the dangers of phishing. It turns out, however, the letters were actually data breach notifications stating that some package recipients received SMS phishing messages demanding payment in order for their packages to be delivered. UPS found that the attackers used its package look-up tools to access delivery details, including the recipients’ personal contact information, between February 2022 and April 2023.