In today’s cybersecurity news…
Exploding pager tragedy: experts look towards supply chain sabotage rather than hacking
Security and technology experts surveying the wave of exploding wireless pagers that killed at least eight people and injured thousands more in Lebanon yesterday, are tending to rule out a cyberattack that might have essentially told the batteries to explode. Two brands of Gold Apollo alphanumeric pagers may have been involved, one that uses regular AAA batteries and another that uses a lithium-ion battery. Although both might be induced to explode by way of a script delivered through a hacked network that would cause the batteries to overheat, experts suggest they could not have been induced to create the magnitude of the explosion that could injure multiple bystanders. Jake Williams, vice president of research and development at Hunter Strategy, who formerly worked for the U.S. National Security Agency suggests that the pagers may have been intercepted and modified, with explosives physically added. He points out “this highlights the risks of supply chain security, especially in places where technology is harder to ship to,” and adds it would have required “operatives on both the tech distribution side and the Hezbollah procurement side, in order to get them to exactly the right people.”
(Wired)
Construction companies potentially vulnerable through accounting software
According to security firm Huntress, hackers are targeting companies in the construction industry through an accounting software called Foundation. The attackers search for installations of Foundation that are publicly accessible on the internet, and then brute force them. Many companies in plumbing, concrete and HVAC industries use the software. Although most company databases are “kept private and secured behind a firewall or virtual private network, Foundation features connectivity and access by a mobile app. This means that a certain TCP port, used to manage and distinguish network traffic on a computer, might be made available to the public, giving direct access to the MSSQL database.”
Over a third of cyberattacks result in job losses
A report from Dark Reading highlights the sobering fact that “of 500 UK-based IT, resilience and cyber security professionals surveyed, 37% reported that cyber-attacks resulted in dismissals. This follows and supports a report from Databarracks’ Data Health Check (DHC) who stated that that cyber-attacks are the leading cause of downtime and data loss within an organization. The job losses themselves “could be IT or Security staff being dismissed in direct response to the breach, or wider layoffs from business disruption.”
Thanks to today’s episode sponsor, Conveyor
Ransomware gangs using Microsoft Azure tool for data theft
According to researchers at cybersecurity firm modePUSHx, cybercrime gangs including BianLian and Rhysida are using Azure Storage Explorer and AzCopy to steal data from breached networks and are storing it in Azure Blob storage, before transferring it to their own storage spaces. The researchers note this activity requires some work, including installing dependencies and upgrading .NET to version 8, but they say it is indicative of the increasing focus on data theft in ransomware operations, being the main leverage for threat actors in the ensuing extortion phase. Azure is a trusted enterprise-grade service, unlikely to be blocked by corporate firewalls and security tools, heightening the risk of data transfer attempts going through undetected. In addition, its scalability and performance “allows it to handle large volumes of unstructured data, which is highly beneficial when attackers attempt to exfiltrate large numbers of files in the shortest possible time.”
Cisco’s second layoff this year affects thousands
This is the second round of layoffs for Cisco, following one in February, which saw 4,000 employees let go. This time, 5,600 employees, or 7% of its workforce, including some from Talos Security. On the same day as the layoff announcement, which was made in August, “Cisco published its most recent full-year earnings report, in which the company said 2024 was its ‘second strongest year on record,’ citing close to $54 billion in annual revenue,” with chief executive Chuck Robbins making close to $32 million in total executive compensation during 2023, according to the company’s filings.
CloudFlare outage temporarily bleeps out BleepingComputer
Yesterday’s rolling outage impacted access to some websites worldwide, including one of our favorite sources, BleepingComputer. This occurred while Cloudflare itself said it was conducting scheduled maintenance in Singapore and Nashville, but did not mention any problems. Other notifications of the outage were reported on X and DownDetector. Cloudflare had not commented as of this recording.