Smaller Companies Must Embrace Risk Management
by Ariane Chapelle
September 08, 2023 https://hbr.org/2023/09/smaller-companies-must-embrace-risk-management
There are accepted rules for effective risk management: vigilance is key, and rapid intervention reduces impact. “If you see something, say something” is the New York City Subway’s motto to prevent terrorist attacks. “See it, say it, sorted” is the equivalent for the London Underground.
Managing risks is inseparable from managing performance. Positive risk management aims to capture the upside of uncertainty, and to prevent the downside as much as possible.
https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US government agencies that use Apple devices to update them within the month to patch recently discovered zero-day vulnerabilities. These vulnerabilities leave the devices open to potential spyware by gaining access to the system through a buffer overflow in ImageIO. Another vulnerability occurs through Apple Wallet, in which a malicious packet may result in code execution. This comes after a 2021 incident where it was found that nine US state department officials had their iPhones hacked by spyware made by NSO Group, a commercial Israeli malware company.
The attackers used social engineering tactics aimed at convincing the IT service desk personnel within organisations reset the MFA factors/administrative privileges of highly privileged users of US based Okta customers which would then leverage their compromise of highly privileged Okta Super Administrator accounts to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization that enabled them to impersonate users within the compromised organization.
Okta is an identity and authentication management provider, multiple reports with similar patterns were made to okta by their tenant clients.
These recent attacks highlight why protecting access to highly privileged accounts is so essential.
https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html
This news article is about Vietnamese hackers that use Python-based stealer to send to people on Facebook Messenger. It is a multi-stage process that is meant to steal your business account. The hackers target business accounts that basically send them messages to entice them to click on them. Then it leads them to delete all cookies and login credentials but before it deletes all the cookies it takes them from you first. Once they have your stolen cookies they then use them to change your passwords and to take control of them. Then sends the stolen data out to be sold on the market. 1 out of 250 victims are expected to be affected in the last 30 days which uses a tiny compressed file that is attached and sent to the potential victim.
https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US government agencies that use Apple devices to update them within the month to patch recently discovered zero-day vulnerabilities. These vulnerabilities leave the devices open to potential spyware by gaining access to the system through a buffer overflow in ImageIO. Another vulnerability occurs through Apple Wallet, in which a malicious packet may result in code execution. This comes after a 2021 incident where it was found that nine US state department officials had their iPhones hacked by spyware made by NSO Group, a commercial Israeli malware company
This article explains how Microsoft has released a report revealing multiple mistakes that allowed Chinese hackers to breach U.S. government emails. The incident was attributed to a crash dump taken from a compromised engineer’s corporate account in April 2021, which contained a Microsoft account (MSA) consumer key used to create tokens for unauthorized access to OWA and Outlook.com accounts. The report cited a race condition issue that permitted the key’s inclusion in the crash dump, which has since been fixed. Microsoft also acknowledged the failure of its internal systems to detect sensitive data leaks from crash dumps. Furthermore, the company does not possess specific logs of the exfiltration, leading to criticism of its M365 licensing structure and prompting plans to enhance logging defaults and data retention for lower-tier customers.
This security breach resulted in the theft of emails from around 25 organizations and led to U.S. Senator Ron Wyden’s call for Microsoft to be held accountable for “negligent cybersecurity practices” that facilitated the Chinese espionage campaign against the U.S. government. The U.S. government has initiated an investigation by its Cyber Safety Review Board (CSRB) into the Microsoft cloud hack and related issues concerning cloud-based identity and authentication infrastructure.
This article is about a cyber attack that targeted global entities, including the pharmaceutical company Merck & Co.
In 2017 on a Tuesday Merck & Co. along, with other global companies and government ministries in Ukraine became victims of a significant ransomware attack. The pharmaceutical giant publicly acknowledged the cyber intrusion through their Twitter account. Did not immediately provide information. Experts named the ransomware “Petya,” which encrypts computers and demands a ransom for restoring user access. This attack impacted companies in France, England, Russia and other countries. The presence of the ransomware was identified at Merck locations, in Pennsylvania and New Jersey.
The article highlights the increasing cyber threats. Mentions that this is not the time a major pharmaceutical company has faced such an attack. According to Symantec’s report between January 2014 and June 2015 hackers successfully breached systems belonging to three pharmaceutical firms with the aim of obtaining valuable information that could affect stock prices.
Smaller Companies Must Embrace Risk Management
by Ariane Chapelle
September 08, 2023
https://hbr.org/2023/09/smaller-companies-must-embrace-risk-management
There are accepted rules for effective risk management: vigilance is key, and rapid intervention reduces impact. “If you see something, say something” is the New York City Subway’s motto to prevent terrorist attacks. “See it, say it, sorted” is the equivalent for the London Underground.
Managing risks is inseparable from managing performance. Positive risk management aims to capture the upside of uncertainty, and to prevent the downside as much as possible.
https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US government agencies that use Apple devices to update them within the month to patch recently discovered zero-day vulnerabilities. These vulnerabilities leave the devices open to potential spyware by gaining access to the system through a buffer overflow in ImageIO. Another vulnerability occurs through Apple Wallet, in which a malicious packet may result in code execution. This comes after a 2021 incident where it was found that nine US state department officials had their iPhones hacked by spyware made by NSO Group, a commercial Israeli malware company.
Social Engineering Attacks Targeted at IT Admins
https://blog.knowbe4.com/social-engineering-okta-credentials Sept 7
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection Aug 31
The attackers used social engineering tactics aimed at convincing the IT service desk personnel within organisations reset the MFA factors/administrative privileges of highly privileged users of US based Okta customers which would then leverage their compromise of highly privileged Okta Super Administrator accounts to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization that enabled them to impersonate users within the compromised organization.
Okta is an identity and authentication management provider, multiple reports with similar patterns were made to okta by their tenant clients.
These recent attacks highlight why protecting access to highly privileged accounts is so essential.
https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html
This news article is about Vietnamese hackers that use Python-based stealer to send to people on Facebook Messenger. It is a multi-stage process that is meant to steal your business account. The hackers target business accounts that basically send them messages to entice them to click on them. Then it leads them to delete all cookies and login credentials but before it deletes all the cookies it takes them from you first. Once they have your stolen cookies they then use them to change your passwords and to take control of them. Then sends the stolen data out to be sold on the market. 1 out of 250 victims are expected to be affected in the last 30 days which uses a tiny compressed file that is attached and sent to the potential victim.
https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US government agencies that use Apple devices to update them within the month to patch recently discovered zero-day vulnerabilities. These vulnerabilities leave the devices open to potential spyware by gaining access to the system through a buffer overflow in ImageIO. Another vulnerability occurs through Apple Wallet, in which a malicious packet may result in code execution. This comes after a 2021 incident where it was found that nine US state department officials had their iPhones hacked by spyware made by NSO Group, a commercial Israeli malware company
https://www.securityweek.com/crash-dump-error-how-a-chinese-espionage-group-exploited-microsofts-errors/
This article explains how Microsoft has released a report revealing multiple mistakes that allowed Chinese hackers to breach U.S. government emails. The incident was attributed to a crash dump taken from a compromised engineer’s corporate account in April 2021, which contained a Microsoft account (MSA) consumer key used to create tokens for unauthorized access to OWA and Outlook.com accounts. The report cited a race condition issue that permitted the key’s inclusion in the crash dump, which has since been fixed. Microsoft also acknowledged the failure of its internal systems to detect sensitive data leaks from crash dumps. Furthermore, the company does not possess specific logs of the exfiltration, leading to criticism of its M365 licensing structure and prompting plans to enhance logging defaults and data retention for lower-tier customers.
This security breach resulted in the theft of emails from around 25 organizations and led to U.S. Senator Ron Wyden’s call for Microsoft to be held accountable for “negligent cybersecurity practices” that facilitated the Chinese espionage campaign against the U.S. government. The U.S. government has initiated an investigation by its Cyber Safety Review Board (CSRB) into the Microsoft cloud hack and related issues concerning cloud-based identity and authentication infrastructure.
https://www.infosecurity-magazine.com/news/cybercriminals-jailbreak-ai/
Criminals use AI vulnerabilities to avoid asking questions that violate the law. It is possible to use AI to hack.
https://www.fiercepharma.com/pharma/merck-targeted-global-ransomware-attack.
This article is about a cyber attack that targeted global entities, including the pharmaceutical company Merck & Co.
In 2017 on a Tuesday Merck & Co. along, with other global companies and government ministries in Ukraine became victims of a significant ransomware attack. The pharmaceutical giant publicly acknowledged the cyber intrusion through their Twitter account. Did not immediately provide information. Experts named the ransomware “Petya,” which encrypts computers and demands a ransom for restoring user access. This attack impacted companies in France, England, Russia and other countries. The presence of the ransomware was identified at Merck locations, in Pennsylvania and New Jersey.
The article highlights the increasing cyber threats. Mentions that this is not the time a major pharmaceutical company has faced such an attack. According to Symantec’s report between January 2014 and June 2015 hackers successfully breached systems belonging to three pharmaceutical firms with the aim of obtaining valuable information that could affect stock prices.