Akamai Technologies released a new report revealing that 29% of web attacks in 2023 targeted APIs, with the commerce sector being the most affected. The report emphasizes the increasing importance of API security due to their critical role in digital transformations and highlights common attack methods such as Local File Inclusion, SQL injection, and Cross-Site Scripting. It also points out the challenges in detecting and managing these threats, especially in the rapidly evolving API landscape, and stresses the need for organizations to integrate robust security measures and comply with emerging legislation.
Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. Sign1 malware is a JavaScript malware found inside WordPress custom HTML widgets or within the Simple Custom CSS and JS WordPress plugin that the attackers added to the compromised websites. With this, hackers infect websites without placing any malicious code into server files which allows the malware to stay unnoticed for a long time — as it’s much more common for security providers to scan website files for malware than to check in the database.
The interesting part is that the malware, however, uses obfuscation to hide its presence and would only execute if the visitor comes from a major website, such as Facebook, Google, Instagram, or Yahoo. Over the past six months, over 39,000 sites have been infected with different variants of the malware, with the most recent of them infecting more than 2,500 sites in the past two months.
In this week News is that Rowhammer attacks can be targeted against a dynamic random-access memory on AMD Zen 2 and Zen 3 CPU powered systems. The attack on these powered systems can be used to bypass memory protections, escalate privileges, and even to decrypt sensitive data. Researchers had previously demonstrated that the attacks can be launched remotely and against mobile devices. ZenHammer can be conducted even though target row refresh mitigations should be able to detect and prevent RowHammer attacks by refreshing victim rows before the bits can flip.
https://www.infosecurity-magazine.com/news/boards-cyber-expertise-financial/
The report by Diligent and Bitsight reveals that only 5% of businesses globally have a cybersecurity expert on their board, despite evidence linking stronger cybersecurity with better financial performance. Countries vary in the proportion of organizations with cyber experts, with France at 10% and Canada at 1%. Integration of cyber experts into specialized risk committees significantly improves cybersecurity performance, with companies achieving higher security scores. Strong cybersecurity correlates with superior financial performance, with companies in the advanced security range showing significantly higher total shareholder returns over three to five years. Highly-regulated industries like healthcare and financials tend to outperform others in cybersecurity, highlighting the importance of cyber risk management for boards and business leaders.
A Russian government-backed hacking group, Midnight Blizzard/Nobelium, breached Microsoft’s network, stealing emails and documents from senior executives, particularly in cybersecurity and legal departments. Detected on January 12, 2024, with origins in November 2023, the attack used a password spray tactic on a test account but didn’t compromise Microsoft’s products, customer data, or AI systems. Following this, Microsoft announced security enhancements for its legacy systems to prevent future breaches. This incident follows a separate attack by Chinese spies on US government organizations’ email inboxes. Midnight Blizzard/Nobelium is also known for the 2020 SolarWinds attack.https://www.securityweek.com/microsoft-says-russian-gov-hackers-stole-email-data-from-senior-execs/
The US cybersecurity agency CISA, the FBI, and the MS-ISAC have released updated joint guidance on how federal agencies and other organizations can defend against denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. The US government has released new guidance on DDoS mitigation, providing updated recommendations and categorizations of DDoS attacks. The guidance emphasizes proactive measures, incident response, and reporting to CISA, the FBI, or MS-ISAC. It aims to enhance cybersecurity resilience and encourages organizations to review and apply the recommendations.
In response, organizations should activate their incident response plans, notify internet service providers (ISP) or hosting providers, collect evidence, implement traffic filtering, enable DDoS mitigation services if available, scale up resources such as bandwidth, enable a Content Delivery Network (CDN) service, and maintain communication with internal teams and external stakeholders.
Dozens of VPN applications infiltrated Google Play, turning Android devices into residential proxies. Associated with Asocks, these apps were swiftly removed from the store, but Proxylib’s presence in the LumiApps SDK allowed for its integration into other APKs. This covert operation enables threat actors to initiate malicious activities by routing traffic through users’ devices, mimicking residential IP addresses. With developers enticed by claims of alternative monetization, the threat actor behind Proxylib promotes it as a lucrative method, while access to the proxy network is allegedly sold through Asocks, hinting at a potential common ownership between LumiApps and Asocks.
Akamai Technologies released a new report revealing that 29% of web attacks in 2023 targeted APIs, with the commerce sector being the most affected. The report emphasizes the increasing importance of API security due to their critical role in digital transformations and highlights common attack methods such as Local File Inclusion, SQL injection, and Cross-Site Scripting. It also points out the challenges in detecting and managing these threats, especially in the rapidly evolving API landscape, and stresses the need for organizations to integrate robust security measures and comply with emerging legislation.
https://www.darkreading.com/application-security/akamai-research-finds-29-of-web-attacks-target-apis
Websites Infected with Sign1 Malware Campaign
https://www.securityweek.com/39000-websites-infected-in-sign1-malware-campaign/
Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. Sign1 malware is a JavaScript malware found inside WordPress custom HTML widgets or within the Simple Custom CSS and JS WordPress plugin that the attackers added to the compromised websites. With this, hackers infect websites without placing any malicious code into server files which allows the malware to stay unnoticed for a long time — as it’s much more common for security providers to scan website files for malware than to check in the database.
The interesting part is that the malware, however, uses obfuscation to hide its presence and would only execute if the visitor comes from a major website, such as Facebook, Google, Instagram, or Yahoo. Over the past six months, over 39,000 sites have been infected with different variants of the malware, with the most recent of them infecting more than 2,500 sites in the past two months.
https://www.securityweek.com/zenhammer-attack-targets-dram-on-systems-with-amd-cpus/
In this week News is that Rowhammer attacks can be targeted against a dynamic random-access memory on AMD Zen 2 and Zen 3 CPU powered systems. The attack on these powered systems can be used to bypass memory protections, escalate privileges, and even to decrypt sensitive data. Researchers had previously demonstrated that the attacks can be launched remotely and against mobile devices. ZenHammer can be conducted even though target row refresh mitigations should be able to detect and prevent RowHammer attacks by refreshing victim rows before the bits can flip.
https://www.infosecurity-magazine.com/news/boards-cyber-expertise-financial/
The report by Diligent and Bitsight reveals that only 5% of businesses globally have a cybersecurity expert on their board, despite evidence linking stronger cybersecurity with better financial performance. Countries vary in the proportion of organizations with cyber experts, with France at 10% and Canada at 1%. Integration of cyber experts into specialized risk committees significantly improves cybersecurity performance, with companies achieving higher security scores. Strong cybersecurity correlates with superior financial performance, with companies in the advanced security range showing significantly higher total shareholder returns over three to five years. Highly-regulated industries like healthcare and financials tend to outperform others in cybersecurity, highlighting the importance of cyber risk management for boards and business leaders.
A Russian government-backed hacking group, Midnight Blizzard/Nobelium, breached Microsoft’s network, stealing emails and documents from senior executives, particularly in cybersecurity and legal departments. Detected on January 12, 2024, with origins in November 2023, the attack used a password spray tactic on a test account but didn’t compromise Microsoft’s products, customer data, or AI systems. Following this, Microsoft announced security enhancements for its legacy systems to prevent future breaches. This incident follows a separate attack by Chinese spies on US government organizations’ email inboxes. Midnight Blizzard/Nobelium is also known for the 2020 SolarWinds attack.https://www.securityweek.com/microsoft-says-russian-gov-hackers-stole-email-data-from-senior-execs/
US Government Issues New DDoS Mitigation Guidance
https://www.securityweek.com/us-government-issues-new-ddos-mitigation-guidance/
The US cybersecurity agency CISA, the FBI, and the MS-ISAC have released updated joint guidance on how federal agencies and other organizations can defend against denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. The US government has released new guidance on DDoS mitigation, providing updated recommendations and categorizations of DDoS attacks. The guidance emphasizes proactive measures, incident response, and reporting to CISA, the FBI, or MS-ISAC. It aims to enhance cybersecurity resilience and encourages organizations to review and apply the recommendations.
In response, organizations should activate their incident response plans, notify internet service providers (ISP) or hosting providers, collect evidence, implement traffic filtering, enable DDoS mitigation services if available, scale up resources such as bandwidth, enable a Content Delivery Network (CDN) service, and maintain communication with internal teams and external stakeholders.
https://www.securityweek.com/vpn-apps-on-google-play-turn-android-devices-into-proxies/
Dozens of VPN applications infiltrated Google Play, turning Android devices into residential proxies. Associated with Asocks, these apps were swiftly removed from the store, but Proxylib’s presence in the LumiApps SDK allowed for its integration into other APKs. This covert operation enables threat actors to initiate malicious activities by routing traffic through users’ devices, mimicking residential IP addresses. With developers enticed by claims of alternative monetization, the threat actor behind Proxylib promotes it as a lucrative method, while access to the proxy network is allegedly sold through Asocks, hinting at a potential common ownership between LumiApps and Asocks.