UK ransomware report isn’t pretty
The UK parliament’s Joint Committee on the National Security Strategy issued a report on the state of ransomware in the country. It found that the government’s failure to tackle the problem carries a “high risk” the country could face a “catastrophic ransomware attack at any moment.” The report further criticized the UK’s Home Office for deprioritizing ransomware policy over other issues like illegal migration. It further calls on the Home Office to lose responsibility for ransomware, instead handed over to the Cabinet Office and National Cyber Security Centre, with direct oversight by the Deputy Prime Minister. The report also called for increased funding to the NCSC to better assist public entities experiencing ransomware attacks.
MS warns of OAuth abuse
Microsoft’s Threat Intelligence team reports it saw a rise in threat actors using OAuth applications as a means to automate attacks, from business email compromise to deploying malicious VMs. The attackers initially target user accounts without multifactor authentication enabled with phishing attacks, attempting to gain permissions within OAth apps. From there hijacked accounts create new apps with high privileges. In one instance Microsoft found a threat actor creating roughly 17,000 OAth apps used to send almost a million phising messages. The company recommends using MFA to make initial compromise more challenging.
Apple discloses pushback to push notification disclosure
Last week, a letter from Senator Ron Wyden revealed that law enforcement officials from various countries maintained a practice of requesting push notification records from Apple and Google. Apple now updated its policy to require a judge’s order to hand over this information. The company previously updated its policies to make that data available “with a subpoena or greater legal process.” The policy change puts it on par with Google, which claims it always required judicial approval for the records.
(Reuters)
Google Gemini coming to enterprises
Last week, Google announced its next-generation LLMs called Gemini. It’s wasting no time deploying them, announcing Gemini Pro for enterprises. This will launch as a free offering for existing cloud customers through Google AI Studio and Vertex AI, who can build apps on top of the model. Eventually Google will launch a “competitively priced” standalone offering. Google will make its more powerful Gemini Ultra model available to select cloud customers for early experimentation, with plans for a public release next year.
Huge thanks to our sponsor, Barricade Cyber Solutions
Coalition for Open Digital Ecosystems forms to head off the EU
A group of tech companies formed this new coalition to work on how to implement current and upcoming EU regulatory frameworks through open platforms. Members will work with academic and policy makers in an attempt to comply and lead the conversation around open platforms. Founding members include Google, Meta, Qualcomm, Lenovo, Honor, Motorola, Nothing, and Opera. This comes as the EU’s Digital Markets Act requires a designated gatekeeper platform to allow third-parties to interoperate with their platforms.
(Reuters)
Ukraine claims attack on Russian tax service
The country’s defense intelligence directorate claims it compromised and corrupted databases and backups belonging to Russia’s state tax service. This involved accessing several centralized servers as well as over 2,300 regional ones throughout Russia and occupied Crimea. The agency claims this completely disrupted the tax service’s infrastructure as well as its ability to communicate with authorities in Moscow. No word on these attacks from Russia’s tax authority or on state media.
Attackers use proof of concept on Apache
According to the scanning provider Shadowserver, threat actors began attacking a recently patched vulnerability in the Apache Struts web app framework using publically available proof of concept code. Apache patched this exploit on December 7th, which opens the door to an attacker uploading malicious files to exploit code. While Struts remains widely used, Shadowserver saw only a small number of IP addresses impacted so far.
Threads tests federating
When Meta released it’s Threads microblogging service, it said it planned to support the ActivityPub protocol, allowing it to work with other federated services. Now CEO Mark Zuckerberg said it began testing showing Threads posts on Mastodon and other ActivityPub compliant services. Zuck didn’t share many other details on how the integration will work. There’s no roadmap of features, so no idea when more users will see it.