This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Upendra Mardikar, CSO, Snap Finance
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. This practice deviates from the more common method of registering domains with hosting providers. With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through a URL shortening service, generating new links as often as they want to bypass detection. The most widely abused reverse tunnel services that CloudSEK found in their research are Ngrok, LocalhostRun, and Cloudflare’s Argo. They also saw Bit.ly, is.gd, and cutt.ly URL shortening services being more prevalent.
( Bleeping Computer )
LastPass goes passwordless (Paired w/ Apple story below)
LastPass began rolling out the ability to use its authenticator app to access a password vault on desktop, rather than using a master password. The company claims it is the first password manager to offer passwordless access on desktop. Master passwords will still be required for registering an account, adding new trusted devices, making account changes, or if a passwordless attempt fails. LastPass already offers ways to log into its mobile app with biometrics.
( The Verge )
Passwords are finally dead – no, its for real this time
At its Worldwide Developer Conference on Monday, Apple announced its plan to launch passwordless login across Macs, iPhones, iPads, and Apple TVs later this year. Within iOS 16 and macOS Ventura, users will be able to log in to websites and apps using digital keys which are created using Touch ID or Face ID. These “passkeys” will sync across user devices using iCloud’s Keychain, rather than being stored on servers. In May, Apple, along with Microsoft and Google, declared their support for new FIDO standards upon which Apple’s passkeys were developed.
( Wired )
Critical flaws found in Unisoc chips
Checkpoint Research documented these stack overflow vulnerabilities, impacting Unisoc Tiger T700 SoCs found in recent budget Motorola phones. These flaws resulted in the phone skipping checks to make sure that its reading a valid subscriber ID when connecting over LTE, opening the door to a denial of service attack on LTE. Checkpoint alerted Unisoc in May and Google plans to release a patch in its next Android Security bulletin.
( InfoSecurity Magazine )
Thanks to our sponsor, PlexTrac
Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Cyberattack takes Palermo offline
Bleeping Computer reports that the city of Palermo, in Italy’s Sicily and the fifth largest city in the country, has been shut down for three days due to what may be a ransomware attack. While the operators of the Killnet hacking group previously threatened Italy with cyberattacks, the group typically has used DDoS attacks in the past. Palermo’s councilor for innovation said all systems were shut down and isolated from the network, which is behavior consistent with combating ransomware. In the meantime, all of Palermo’s services, including its police, can only be reached by phone or fax. Tourists can’t access online bookings for museums, theaters and other public venues. And no one can acquire traffic zone cards for restricted areas like the city center.
( Bleeping Computer )
Lack of reporting hurting the ransomware fight
In an interview, CISA’s executive assistant director for cybersecurity, Eric Goldstein, said that the severe lack of ransomware incident reporting to the US government is both hampering its ability to protect organizations, but also to retaliate proportionately to ransomware gangs. Goldstein makes the case that more consistent and comprehensive reporting would let CISA share indicators of compromise and outline unique infrastructure characteristics of ransomware families. CISA currently has no accurate scope of the number of ransomware incidents, leading to a speculative approach to sample data that might not reflect what’s actually occurring on the ground.
( The Record )
Paying ransomware paints bigger bullseye on target’s back
New ransomware numbers Cybereason’s April ransomware survey of 1,456 cybersecurity professionals. shows that eighty percent of ransomware victims that paid their attackers were hit a second time. According to the report, in addition to being hit again, the data encrypted by criminals often became unusable during the decryption process because of corruption issues.
( Threatpost )
New Emotet variant stealing users’ credit card information from Google Chrome
The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, which observed the component on June 6. The development comes amid a spike in Emotet activity since it was resurrected late last year following a 10-month-long hiatus in the wake of a law enforcement operation that took down its attack infrastructure in January 2021.
( The Hacker News )