In today’s cybersecurity news…
Microsoft ends Authenticator password autofill in favor of Edge
Password storage and autofill features in the Microsoft Authenticator app will start deprecation in July and will be completed in August. The goal is to streamline autofill support and consolidate credentials management under Microsoft Edge. As such, users will have up to August 1, 2025, to export their information from Authenticator, or risk losing it. The autofill feature was added to mobile Authenticator apps in December 2020, allowing users to fill their credentials saved in the Authenticator on sign-in forms automatically.
StealC malware enhanced with stealth upgrades and data theft
According to a new report from Zscaler the people behind StealC, a well-known and much-used information stealer and malware downloader, have released a new and improved version. StealC first appeared on the dark web in early 2023 and sold access for $200/month. Improvements made in 2024 included a bypassing mechanism for Chrome’s ‘App-Bound Encryption’ cookie-theft defenses, allowing the “regeneration” of expired cookies for hijacking Google accounts. Among the improvements in version 2.2.4 are added Telegram bot support for real-time alerts to operators and added capability to screenshot the victim’s desktop with multi-monitor support.
White House proposes cutting $491M from CISA budget
The President’s fiscal 2026 budget proposal was described in a summary released Friday. This dollar amount represents a nearly 17% reduction to the agency’s almost $3 billion budget. The administration did not release details about what areas or services were to be cut. Instead, it stated that “the Budget refocuses CISA on its core mission — Federal network defense and enhancing the security and resilience of critical infrastructure,” targeting a reduction in what it describes as “so-called” disinformation and misinformation programs and offices; “duplicative” programs of other programs at the state and federal level; “external engagement offices such as international affairs.”
Ransomware attacks on food and agriculture industry have increased this year
Speaking at RSA, Jonathan Braley, director of the Food and Agriculture-Information Sharing and Analysis Center, (Food and Ag-ISAC), said that paired with the increase in ransomware attacks is the fact that many go unreported, preventing visibility into the full scope of the problem. The increase in attacks seems to stem from activities by the Clop ransomware gang, specifically its exploitation of MOVEit, GoAnywhere and Accellion, as well as activity from the groups RansomHub and Akira. The industry saw 84 attacks from January to March, more than double the number seen in Q1 2024. A report from Food and Ag-ISAC says that industries in food, agriculture, and manufacturing typically face ransomware attacks because they tend to have more legacy equipment and industrial control systems, making them easier targets.
Thanks to today’s episode sponsor, ThreatLocker
UK retailer Harrods suffers cyberattack
The trend in attacking UK retailers seems to be continuing, this time the upscale London-based department store has announced that it detected an attempted cyberattack, which is similar to the statements made my fellow retailers Marks & Spencer and Co-op this past week. A Harrods spokesperson says the company stated that “IT security team immediately took proactive steps to keep systems safe,” and that both in-person and online shopping remained unaffected.
Microsoft sets passkeys default for new accounts
This represents a big change that ensured individuals signing up for new accounts must use passkeys by default, which therefore means passwordless by default. In addition, existing users can visit their account settings to delete their password. Microsoft adds that it has also simplified the sign-in and sign-up user experience by prioritizing passwordless methods. Furthermore, the sign-in process now automatically detects the best available method on a user’s account and sets that as the default.
Disney Slack attacker turns out to be Ryan from California
Following up on a story we covered last July, in which The Walt Disney Company suffered the theft of more than one terabyte of data through its Slack channels, it turns out that the perpetrator was not a Russian hacktivist group, but was instead, 25-year-old California resident Ryan Mitchell Kramer. The hack was originally described as retribution against Disney for how it handled artist contracts, their use of AI, and how it treated its consumers. Now, according to the Department of Justice, “Kramer published a program online that purported to be an AI art generation app but actually contained malware that gave him remote access to the victim’s computer. A Disney employee downloaded the program, allowing Kramer to nab login credentials for various accounts in their name, including their Disney Slack account.” Kramer has agreed to plead guilty to one count of accessing a computer and obtaining information, and one count of threatening to damage a protected computer, which could lead to ten years in prison.
Government of Peru possibly suffers cyberattack
According to researcher Dominic Alvieri, the Rhysida ransomware gang is claiming responsibility for this breach, which affected the government’s official digital platform, gob.pe. The gang is demanding a ransom of five bitcoin and is allowing until May 9 for payment. It has posted images of documents allegedly stolen in the attack. Other cyber industry sources are not so sure. Researchers at the security firm Comparitech, state that Peruvian officials are denying any ransomware attack took place, attributing the disruption to glitches on the government’s website.
(Security Affairs and Cybernews)