MFA could be long haul for some federal agencies says CISA official
Numerous agencies have not yet met a November deadline on multifactor authentication laid out as part of President Biden’s ambitions executive order of last year. At the 2022 RSA Conference, Eric Goldstein, executive assistant director for cybersecurity at CISA pointed out the significant number of federal systems that are running on legacy infrastructure, which means that it’s not just as simple as deploying a modern authentication stack on top of a modernized infrastructure. The Biden administration is currently seeking $300 million for the Technology Modernization Fund in fiscal 2023, a fund that dedicates dollars to agencies for upgrading aging IT systems.
New Emotet variant stealing users’ credit card information from Google Chrome
Emotet malware is now using a new module designed to extract credit card information stored in the Chrome web browser. According to Proofpoint, it focuses solely on Chrome, and can exfiltrate the data and send it to different remote command-and-control (C2) servers. This comes amid a surge in Emotet activity following its reawakening last year following. It had gone dark for much of 2021 after a law enforcement takedown.
Symantec: More malware operators moving in to exploit Follina
Malware operators continue to exploit the critical “Follina” remote code execution vulnerability in Windows, while Microsoft works on a fix. It is tracked as CVE-2022-30190 . The company has provided workarounds for the time being. Proofpoint’s Threat Insight team noted a phishing campaign, possibly aligned with a nation-state, that is using Follina to target US and EU agencies. The researchers also detected another Follina infection campaign run by a group connected to the Qbot data-stealing/backdoor botnet.
Thousands of Mobike user IDs exposed online
Security researcher Bob Diachenko found a trove of more than 120,000 passports, drivers licenses and identity documents, including selfies and signatures in an unprotected Amazon-hosted storage bucket on February 11 and passed details to TechCrunch in an effort to get the data secured. The bucket appears to belong to Mobike, a bike-sharing operator founded in China. The bucket was accessible to anyone and contained passports and identity documents dating back to 2017. Almost all of the documents belonged to users in Latin America, including Argentina and Brazil, and none of it data was encrypted. Mobike was founded in 2015 in Beijing, and was later acquired by Chinese on-demand services giant Meituan in 2018.
Thanks to today’s episode sponsor, PlexTrac
Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Hackers using stealthy Linux backdoor Symbiote to steal credentials
Researchers have discovered a Linux backdoor that canhide itself on compromised servers and steal credentials. Dubbed Symbiote because of the way it injects itself into existing processes, it has been in development since at least November 2021 and seems to have been targeting the financial sector in Latin America. Researchers from BlackBerry describe the malware as highly evasive. In addition to hiding itself, Symbiote is designed to hide the presence of other malware programs that attackers might deliver or files that are used to store stolen credentials.
UK Ministry of Defense acquires government’s first quantum computer
Stephen Till, of the MoD’s Defence Science and Technology Laboratory (DSTL), called it a “milestone moment” as the British MoD starts work with London based Orca Computing to explore applications for quantum technology in defense. The MoD will work with Orca’s small PT-1 quantum computer, which the company says is the first of its kind to be able to operate at room temperature, rather than require sub-zero surroundings to keep heat-sensitive qubits cool. Orca’s system uses photons, or single units of light, to optimise machine learning tasks like image analysis and decision-making.
(BBC News)
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
Threat analysts at SentinelLabs are warning of a new Chinese-speaking threat actor group who have actually been working quietly since 2013. Named Aoqin Dragon, the group targets government, education, and telecommunication organizations in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. It has been deploying a removable disk shortcut file that performs DLL hijacking and loads an encrypted backdoor payload. “The malware runs under the name “Evernote Tray Application” and executes upon system start. If the loader detects removable devices, it also copies the payload to infect other devices on the target’s network.”
Paying ransomware paints bigger bullseye on target’s back
New ransomware numbers in Cybereason’s April ransomware survey of 1,456 cybersecurity professionals shows that eighty percent of ransomware victims that paid their attackers were hit a second time. According to the report, in addition to being hit again, the data encrypted by criminals often became unusable during the decryption process because of corruption issues.