Cyber Security Headlines – Week in Review – July 4-8, 2022 This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, David Cross, SVP/CISO Oracle SaaS Cloud
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Jenkins discloses dozens of zero-day bugs in multiple plugins
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. The zero-days’ CVSS base scores range from low to high severity, and, according to Jenkins’ stats, the impacted plugins have a total of more than 22,000 installs. The complete list of flaws yet to be patched includes XSS, Stored XSS, Cross-Site Request Forgery (CSRF) bugs, missing or incorrect permission checks, as well as passwords, secrets, API keys, and tokens stored in plain text. Based on Shodan data, there are currently more than 144,000 Internet-exposed Jenkins servers that could be targeted in attacks if running an unpatched plugin.
Patchable and preventable security issues lead causes of Q1 attacks
Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent. The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyberattacks against United States organizations between January and March 2022. The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credential are still major factors in attacks against organizations.
Hacker claims to have stolen personal data of 1 billion Chinese citizens
Last week, an individual using the alias ‘ChinaDan’ posted on a hacker forum that they obtained 23 TB of personal information of 1 billion Chinese residents. ChinaDan claims the data was exfiltrated from a Shanghai National Police database and includes names, addresses, birthplaces, national ID numbers, mobile numbers, and criminal records. ChinaDan shared a sample of the records on Breach Forums where the data is being sold for 10 bitcoin, equivalent to around $200,000. Binance CEO Zhao Changpeng Tweeted that the company detected a large-scale data breach of an Asian government entity which he claims was caused by a developer who accidentally leaked credentials via a tech blog on CSDN. The data breach, which remains unconfirmed, would be one of the largest ever recorded.
(Infosecurity Magazine and Bleeping Computer)
NIST unveils ‘quantum-proof’ cryptography algorithms
On Tuesday, NIST announced its future standards will include four encryption algorithms designed to withstand hacking threats powered by quantum computing. The algorithms include one for general encryption purposes (CRYSTALS-Kiber) and another three for digital signatures and identity verification (CRYSTALS-Dilithium, Falcon and Sphincs+). All algorithms under final consideration met baseline security standards and the choice came down to small differences in criteria such as speed and ease of use. NIST expects to select at least one more general use algorithm, to include in its standards, due for release by 2024.
(SC Media)
AstraLocker ransomware gang shifts to cryptojacking
Hackers behind AstraLocker Ransomware, which is a spin-off of Babuk Ransomware, issued a statement that they are shutting down their ransomware operations and are shifting their focus to cryptojacking. The gang first stated their intentions to discontinue ransomware operations back in February due to law enforcement hindering their ability to obtain ransoms from their victims. The gang noted that they were prepared to provide a free decryption tool to their victims.
(Cybersecurity Insiders)
Thanks to today’s episode sponsor, Votiro
Attackers moving off Cobalt Strike
Cracked versions of the Cobalt Strike attack toolkit have become a staple of threat actors’ arsenal over the years, letting attackers quickly spread laterally across a breached network. However, Palo Alto Networks researchers found that the Brute Ratel toolkit is quickly becoming a popular replacement. Like Cobalt Strike, this was developed as a red team pen testing tool by a former researcher at Mandiant and CrowdStrike, letting a user deploy so-called Badger beacons to remote hosts that connect back to a C2 server for commands. Brute Ratel was specifically designed to evade detection by EDR and antivirus services, making it particularly hard to deal with. Researchers found the new tool particularly popular with the Russian-back group APT29, aka CozyBear, but has also seen growing use by ransomware groups.
Cyberattacks against law enforcement on the rise
A new report from the security firm Resecurity found that attacks against law enforcement agencies saw a notable rise in Q2. These attacks typically see actors sending faked subpoenas or Emergency Data Requests (EDRs) using a hacked email account belonging to a law enforcement agency. This typically yields sensitive details that can either be used for extortion or further cyberespionage. This appears to be an international phenomenon, impacting law enforcement in the US, Peru, and Bangladesh recently.
Canada’s RCMP have been using powerful malware to snoop on people’s communications
Canada’s national police force has described for the first time how it uses spyware to infiltrate mobile devices and collect data, including by remotely turning on the camera and microphone of a suspect’s phone or laptop. The Royal Canadian Mounted Police says it only uses such tools in the most serious cases, when less intrusive techniques are unsuccessful. But until now, the force has not been open about its ability to employ malware to hack phones and other devices, despite using the tools for several years. Between 2018 and 2020, the RCMP said it deployed this technology in 10 investigations. In the document, the police force says it needs to use spyware because traditional wiretaps are much less effective than they once were.
(Politico)