CISA warns of data-wiping attacks
The Cybersecurity and Infrastructure Security Agency issued a warning to US organizations to strengthen defenses against data-wiping attacks that have recently targeted Ukrainian organizations. These attacks likely exploited a vulnerability in the OctoberCMS platform, although Ukrainian authorities are investigating the use of Log4j vulnerabilities as another attack vector. CISA recommends US organizations validate that all remote access to networks requires multi-factor authentication, ensure software is patched, and disable all non-essential ports and protocols.
EU working on its own DNS service
The European Union is in the project planning phase of a proposed service called DNS4EU, its own recursive DNS service, available to EU institutions and the public for free. Part of the decision to look into its own DNS service was the consolidation of the DNS market around a handful of non-EU operators. The EU said that the DNS service would also include built-in filtering, able to block name resolutions for bad domains, like those hosting malware or phishing sites, but also court ordered content like pirated content and child sexual abuse materials. It’s unclear if DNS4EU would be mandatory for EU and national government organizations.
Biden expands the NSA’s cybersecurity purview
A new directive from President Biden expands the role of the National Security Agency in protecting sensitive government networks. The NSA now has the power to issue binding operational directives around potential cybersecurity threats on national security systems. The Department of Homeland Security has the power to issue these directives for civilian government networks, something it did to mandate log4j patches. Agencies will also be required to report cyber incidents with national security systems to the NSA. The directive also mandates a baseline of security standards for national security systems, including use of encryption and two-factor authentication. These baselines apply to federal agencies and contractors supporting them.
(WSJ)
1Password seeing customer growth
As part of a large $620 million Series C funding round, the password management company 1Password announced that it increased paying customers to over 100,000 since July 2021, up over 11% and adding larger corporate customers including Datadog, Intercom and Snowflake. The company said this growth is part of a move by organizations to deal with work-related burnout due to pandemic working conditions. In a survey, the company said 80% of office workers and 84% of security specialists reported feeling burned out since the start of the pandemic, with 12% using just a few or one password for all work-related logins. The company said it will use the funds to triple engineering and support teams, as well as look at strategic acquisitions.
Thanks to our episode sponsor, Datadog
New rules on Chinese tech investment might be coming
Reuters’ sources say proposed requirements from the Cyberspace Administration of China would require large internet companies to get approval before receiving any investments or fundraising. This would apply to platforms with over 100 million users or with over 10 billion yuan in revenue (about $1.58 billion USD). Firms on a list of protected tech sectors issued by China’s National Development and Reform Commission last year would also require approval. Some firms have already been briefed on the proposed rules, although the rules have not yet been finalized. After the report, the Cyberspace Administration of China issued a statement denying that it issued a document with these rules cited in Reuter’s report.
(Reuters)
Apple and Google warn of antitrust security implications
Apple’s senior director of government affairs, Timothy Powderly, warned that the American Innovation and Choice Online Act and the Open App Markets Act, due to be considered by the Senate this week, could expose consumers to privacy and security risks by requiring sideloading of apps on iOS. Apple argues this could allow malware to be installed on devices and let developers ignore its privacy policies. Google’s Chief Legal Officer Kent Walker made a similar argument, saying the bills would prevent Google from integrating automated security features and detect security risks across products.
(CNBC)
SysJoker works on Apple silicon
The novel SysJoker malware definitely raised some eyebrows in the security community, as the malware showed extensive cross-platform support and indicated an origin with an advanced threat actor. While the security firm Intezer’s analysis focused on the Windows variant, security researcher Patrick Wardle looked into the macOS version. This shows support for both Intel and M1-based Macs, disguised in a video file that hides a universal binary. It copies itself into the Library/MacOSServices/ directory so that it will run on a restart, and contacts a server to deliver a further payload. Wardle claims this is the first Mac malware of 2022.
(9to5Mac)
Opera released beta of crypto browser
If you don’t know what to do with a browser these days, put some crypto on it. The makers of the Opera browser launched a “Crypto Browser” in beta, available on Android, Windows and Mac, with an iOS version coming soon. This includes a built-in wallet with support for Ethereum, Bitcoin, Celo and Nervos blockchains at launch, and users will be able to view NFTs and purchase cryptocurrency directly from the browser. It also supports decentralized apps, with a dedicated “Crypto Corner” for blockchain related news. To allay concerns about the environmental impact of cryptocurrency, Opera will work to implement the energy-efficient Etherium Layer 2 standard “as quickly as possible.”
(Engadget)