A former cybersecurity consultant from the U.S. Department of Justice was arrested and may face 20 years in prison; Surbana Security plans to acquire no less than 60% of Tianyu Yunan’s shares | Cybersecurity Niu Lan
Date: May 6, 2024
Viewed: 81
News at a Glance
dot NASA faces inconsistent spacecraft cybersecurity
dot US arrests former Justice Department cybersecurity consultant
dot Ransom recovery costs hit $2.73 million
dot Israeli private investigator arrested in London on suspicion of hacking
dot CISA warns: Critical flaws in GitLab may lead to increased risk of account hijacking
dot Dropbox Sign was hacked and exposed user data, raising security concerns in the electronic signature industry
dot Attackers can exploit Microsoft Graph API to evade common security detection
dot FBI warns of new Kimsuky phishing attack
dot OpenVPN has serious security flaws that may affect millions of endpoints around the world
dot Shengbang Security intends to acquire no less than 60% of the equity of Tianyu Yunan
dot Mimic launches new anti-ransomware defense platform
dot Microsoft and Google plan to expand Passkey support
Hot spots to watch
NASA faces inconsistent spacecraft cybersecurity
Recently, the U.S. Government Accountability Office (GAO) conducted a review of the National Aeronautics and Space Administration (NASA)’s cybersecurity measures. The review results show that there are still inconsistencies in many network security policies and standards, and there are large network security risks.
This review focuses on three NASA programs: Gateway Power and Propulsion Elements, Orion Multi-Purpose Manned Spacecraft, and Space History Exploration Project (SPHEREx). Although the contracts related to these projects clearly require contractors to address cybersecurity issues, NASA has not updated relevant policies and implementation standards for a long time since the release of the “Space System Protection Standards” in 2019.
GAO recommended that NASA develop a plan with a time frame to update its cybersecurity strategy. NASA said it will actively advance plans to improve policies and standards, but noted that the diversity of spacecraft and engineering constraints make it difficult to safely implement advanced cybersecurity capabilities. Relevant security experts say it is critical to find a balance between engineering constraints and safety and reliability to deal with threats to NASA's most valuable systems.
Original link:
US arrests former Justice Department cybersecurity consultant
Recently, according to BleepingComputer, the U.S. Department of Justice announced the arrest of former cybersecurity consultant Vincent Cannady, who was accused of extorting $1.5 million from a New York-based multinational IT infrastructure service provider. It is said that Cannady was assigned to the IT company by a human resources company to deal with possible network security issues. The Justice Department said that after being fired, Cannady used a company-issued laptop to download the IT company's trade secrets, architecture diagrams and other confidential and proprietary information, and later sought $1.5 million from the company for employment discrimination. . Cannady then went one step further, revoking the human resources firm's access to his laptop as he attempted to disclose the stolen information through regulatory filings and the media. If found guilty of extortion, Cannady could be sentenced to up to 20 years in prison.
Original link:
https://www.scmagazine.com/brief/us-arrests-ex-cyber-consultant-accused-of-it-firm-extortion
Ransom recovery costs hit $2.73 million
According to Sophos, the average ransom payment has increased by 500% in the past year. Organizations paying ransoms reported that the average payment reached $2 million, double from $400,000 in 2023. However, the ransom is only part of the cost. Excluding ransom, the survey found the average cost of recovery reached $2.73 million, an increase of nearly $1 million from the $1.82 million Sophos reported in 2023. The survey also found that the frequency of ransomware attacks has decreased slightly, but 59% of organizations are still affected. Most attacks are carried out through vulnerability exploits, compromised credentials and malicious emails. Among organizations that paid ransom, 24% paid the full amount requested and 44% paid less than the amount requested.
Original link:
Israeli private investigator arrested in London on suspicion of hacking
An Israeli private investigator, Amit Follett, was reportedly arrested in London after being accused of conducting cyber espionage on behalf of an American public relations firm. However, the United States' first extradition request was rejected by Magistrates Court in Westminster due to a legal technicality. U.S. attorney Amy Labram told the court that Follett was accused of participating in a scheme to hire hackers. The U.S. charges include claims that a Washington-based public relations and lobbying firm paid Follett's company 16 million pounds (about $20 million) for intelligence related to Argentina's debt crisis. Follett faces three charges in the United States, including conspiracy to commit computer hacking, conspiracy to commit wire fraud and wire fraud. Follett also faces computer hacking charges from aviation executive Farhad Azimah, whose emails were stolen and used against him during a 2020 London trial. Follett previously admitted to obtaining Azima's emails but denied conducting the hack, saying he accidentally discovered the information online.
Original link:
Network attacks
CISA warns: Critical flaws in GitLab may lead to increased risk of account hijacking
The U.S. National Information Security Administration (CISA) recently issued a warning that a critical security flaw in the software development platform GitLab is being exploited by attackers. The flaw allows an attacker to hijack user accounts by sending a password reset request to any email address. According to security experts, attackers can use this flaw to completely control the compromised GitLab account. In addition, they can change the associated email address and prevent the legitimate account owner from logging in or using password recovery. This flaw is currently listed as a known exploitable vulnerability (KEV, CVE-2023-7028) by CISA and is rated as the highest severity, with a CVSS vulnerability severity score of 10. CISA requires federal civilian agencies to repair FCEB networks threatened by activity.
Security experts emphasize that GitLab stores source code and proprietary data, so the risk to organizations from this flaw is extremely high. Attackers may inject malicious code into the software supply chain. It is recommended that organizations that manage their own GitLab deployments should develop an upgrade plan to patch vulnerabilities as soon as possible. If an immediate upgrade is not possible, mitigation measures should be taken, such as regularly changing passwords or using an independent authentication provider.
Original link:
https://www.darkreading.com/application-security/critical-gitlab-bug-exploit-account-takeover-cisa
Dropbox Sign was hacked and exposed user data, raising security concerns in the electronic signature industry
A few days ago, overseas cloud service provider Dropbox notified the U.S. Securities and Exchange Commission (SEC) yesterday that its electronic signature platform DropboxSign (formerly known as HelloSign) was hacked and a large number of users' key/MFA verification information was leaked. After investigation, Dropbox found that hackers had invaded the server and obtained a large number of users' emails, usernames, phone numbers, (hashed) passwords, API keys, OAuth tokens, MFA verification information and other content.
It is reported that this security incident affects all users who have used Dropbox Sign (even if the user does not have a Dropbox account). As long as the user has used Dropbox Sign to sign documents, their email address and user name have been leaked. Dropbox stated that based on the current investigation results, there is no evidence that files, contracts, templates, payment information, etc. under user accounts have been obtained by hackers. The scope of the relevant security incident is limited to the infrastructure of Dropbox Sign and does not affect the operating environment of other Dropbox products. However, Dropbox did not explain how many users were affected by this security incident, nor did it disclose the means by which hackers invaded the server.
Original link:
Attackers can exploit Microsoft Graph API to evade common security detection
According to researchers from Symantec, attackers are using the Microsoft Graph API, which is the interface used by developers to access Microsoft cloud service resources, to avoid detection. Attackers choose the Graph API because it is less likely to arouse suspicion when performing activities on known entities, and services such as Microsoft OneDrive as a base account are a free, cheap, and secure source of infrastructure. This technique has been exposed in real espionage operations, and new malware was discovered in a Ukrainian organization using the Microsoft Graph API, leveraging Microsoft OneDrive for command and control (C2) purposes. Experts say the use of Graph API makes attack activity look like legitimate traffic, making it difficult to detect with traditional security tools.
Original link:
https://www.scmagazine.com/news/attackers-evade-detection-by-leveraging-microsoft-graph-api
FBI warns of new Kimsuky phishing attack
According to Nextgov, the U.S. State Department, National Security Agency, and FBI jointly issued an alert warning organizations across the country, especially educational institutions, nonprofits, and think tanks, to be vigilant against the hacker group Kimsuky (also known as APT43, Emerald Sleet and Velvet Chollima) are using increasingly advanced phishing techniques to conduct attacks. The joint alert states that Kimsuky exploits improper configuration of the Domain Base Message Authentication, Reporting and Compliance (DMARC) protocol to compromise an organization's email domain and impersonate a legitimate user. The alert calls on organizations to carefully scrutinize incoming emails while guarding against such intrusions by implementing DMARC policy changes, including recoding to restrict certain messages.
Original link:
https://www.scmagazine.com/brief/feds-warn-of-new-kimsuky-phishing-attack-techniques
OpenVPN has serious security flaws that may affect millions of endpoints around the world
Recently, security researchers discovered four serious security flaws in the popular VPN solution OpenVPN. These flaws can pose significant security threats to millions of network devices around the world. The flaws, codenamed internally OVPNX, affect multiple operating systems, including Windows, iOS, macOS, Android and BSD, affecting thousands of companies around the world. The security flaws found in OpenVPN are highly technical and exploit the complexity of the software. It operates across various permission levels and is tightly integrated with operating system APIs. According to the BlackHat report, the research team's approach included a close examination of OpenVPN's code base, using reverse engineering techniques to dissect the software at the bit and byte level. One of the critical vulnerabilities begins with a remote code execution (RCE) attack against the OpenVPN plug-in mechanism. By exploiting a stack overflow in the OpenVPN system service, an attacker can crash the NT system service. This crash triggers a race condition in the creation of a named pipe instance, allowing an attacker to seize control of the OpenVPN named pipe resource.
The flaw allows an attacker to impersonate a privileged user and execute arbitrary code at the kernel level by leveraging a vulnerable signed driver using a technique known as BYOVD (Bringing a Vulnerable Driver). These flaws expose millions of endpoints to potential data breaches, unauthorized access, and system takeovers, which could cause significant operational disruption and financial losses to affected organizations.
Original link:
https://cybersecuritynews.com/openvpn-zero-day-flaws/
Industry trends
Shengbang Security intends to acquire no less than 60% of the equity of Tianyu Yunan
According to the Beijing Business Daily, Shengbang Security (688651) announced on May 5 that the company plans to use its own funds not to exceed 30 million yuan to hold Beijing Tianyu Yunan Technology Co., Ltd. (hereinafter referred to as “Tianyu Yunan”). ) holds no less than 60% of the equity and signed an “Investment Letter of Intent” with Tianyu Yun'an.
The announcement shows that the subject Tianyu Yunan has accumulated a number of core technologies in the field of satellite communication security and formed a complete set of satellite communication security solutions, including satellite communication center station encryption machines, satellite small station encryption machines, satellite communication encryption management systems, Satellite communication configuration management system, etc.; at the same time, the target company has also formed cryptographic chip-related products around the cryptography industry, including high-speed link cryptography machines, high-density and large-power cryptography resource pools, encryption accelerated transmission systems, cryptography teaching platforms, and commercial cryptography series products etc.
Original link:
https://baijiahao.baidu.com/s?id=1798212490356779479&wfr=spider&for=pc
Mimic launches new anti-ransomware defense platform
Mimic is an anti-ransomware defense company that provides organizations with a solution to detect, contain and recover from ransomware attacks. Recently, the company said that its latest anti-ransomware platform can restore an organization's environment and data to an uninfected state within 24 hours without paying a ransom. Mimic's platform “works in tandem” with customers' existing security controls, Mimic CEO Derek Smith said in a statement. Smith was the CEO of Shape Security, a web and mobile application security company acquired by F5 in 2019 for $1 billion. As part of the launch, Mimic raised $27 million in seed funding from Ballistic Ventures, Menlo Ventures, Team8, Wing Venture Capital and Shield Capital. Financial services provider Apex Group is currently using the platform, the company said.
Original link:
https://www.darkreading.com/endpoint-security/mimic-launches-with-new-ransomeware-defense-platform
Microsoft and Google plan to expand Passkey support
On the occasion of World Password Day 2024, both Microsoft and Google announced that they will expand Passkey support to provide more authentication options. According to a survey by the FIDO Alliance, more and more people are turning to Passkey and believe that they are more convenient and secure than traditional passwords. Microsoft will provide Passkey support for consumer accounts and add the ability to bind Passkey to devices in its Authenticator mobile app. Google has introduced Passkey support for Google Accounts, Google Workspace and Google Cloud accounts last year, and plans to use Passkey for its Advanced Protection Program to help users at risk of targeted attacks. Other companies such as Bitwarden have also launched related Passkey services to enable key management for their users. According to the FIDO Alliance, passkey is now supported by 20% of the world’s top 100 websites and 12% of the top 250 websites.
Original link:
GIPHY App Key not set. Please check settings