Article: White House, EPA warn water sector of cybersecurity threats
This article details how government officials are currently investigating and concerned over cyberattacks that may be targeting water systems and potentially disabling and interrupting availability of water supplies. According to white house officials, a hacking group called Volt Typhoon may be responsible for these attacks, allegedly at the behest of the Chinese government in the event of a counter attack being needed against the US. This article highlights to me how ubiquitous the use of hacking as a tool not just for personal enrichment but a threat to national security and infrastructural resources. Being aware of how hacking has evolved over the decades is necessary to be able to counter these potential attacks and ensure that they are treated with the seriousness that they require
Title: U.S. bans maker of spyware that targeted a senator’s phone
The U.S. Treasury Department has imposed sanctions on Intellexa, a company known for creating spyware software called Predator, which can hijack smartphones for surveillance purposes. This move marks the most aggressive action by the U.S. government against a spyware company to date. The sanctions prohibit Americans and U.S.-affiliated individuals from conducting business with Intellexa, its founder Tal Dilian, employee Sara Hamou, and four associated companies. A White House official emphasized that these sanctions are unprecedented, representing the first time the U.S. has targeted commercial spyware vendors for enabling misuse of their tools. Amnesty International’s investigation revealed Predator’s use against journalists, human rights workers, and political figures, including members of the European Parliament and the Taiwanese president. The software was also implicated in a Greek scandal in 2022. The Department also highlighted how governments worldwide have used similar technology to suppress dissent and violate human rights.
Title: $200,000 Awarded at Pwn2Own 2024 for Tesla Hack
Link: https://www.securityweek.com/200000-awarded-at-pwn2own-2024-for-tesla-hack/
Summary: The first day of Pwn2Own Vancouver 2024 hacking competition was quite eventful, with participants winning over $700,000 in rewards. Some notable events were hacking into a Tesla car, cracking Linux and Windows systems, and finding vulnerabilities in other popular software. Contestants from Synacktiv snagged $200,000 and a Tesla Model 3 for their exploit on the Tesla ECU. Other teams also made out well, winning large prizes for their hacks on VMware Workstation, Oracle VirtualBox, and various web browsers and operating systems. The day ended with a total of 19 zero-day vulnerabilities uncovered with more to come, with targets including Firefox, Chrome, Edge, and Docker Desktop.
Ransomware attack on MarineMax yachts claimed by Rhysida gang
The luxury yacht dealer and boating lifestyle brand first announced the breach on March 12th, filing a notice with the US Securities and Exchange Commission (SEC), labeling it a third-party related “cybersecurity incident.” The gang requested 15BTC from MarineMax. Which was market equivalent of exactly $774,415.65 on Thursday March 21st . MarineMax was given roughly six days to pay the gang’s undisclosed ransom amount, or its data will be sold to the highest bidder. https://cybernews.com/news/marinemax-yachts-ransomware-attack-rhysida-gang/
This article surprised me as they are saying that the boardrooms are still not coordinating correctly and urgently when attacks happen at the business. It also points out the cybersecurity must form part of the board’s growth strategy as that is the board’s job, to grow and safeguard the company’s interests along with its management team. Awareness and education were some topics pointed out in this article that companies need to start doing along with real-world developments. It goes on and explains how even though CS is a topic being brought up more and more, its suggests that a lot of companies are really behind, especially the boards. What came to surprise me is the Tokyo Olympics experienced 450 million cyberattacks which is double form the 2012 London Olympics.
CISA reported that the Ivanti products used by the agency had been exploited. There were two systems that had been compromised and in response, CISA immediately took them offline. As reported, there had not been any impact to operations and no one has taken responsibility for the attack.
The US Cybersecurity and Infrastructure Security Agency (CISA) was hacked. Two critical systems, the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), were offline to prevent further compromise. While no operational impact is reported, the breached systems house vital information about US infrastructure and chemical security plans. This incident highlights the ongoing threats that critical infrastructure, even government agencies, face.
I find this article interesting because it emphasizes the need for a comprehensive understanding of potential attack scenarios, especially in dealing with legacy systems. Rigorous testing is essential to identifying vulnerabilities accurately as more applications move online and become exposed to threats.
Infosecurity Magazine Home » News » US Government Releases New DDoS Attack Guidance for Public Sector
US Government Releases New DDoS Attack Guidance for Public Sector
NEWS
22 MAR 2024
Written by
Photo of James Coker
James Coker
Deputy Editor, Infosecurity Magazine
Follow @ReporterCoker
The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services.
The document is designed to serve as a comprehensive resource to address the specific needs and challenges faced by federal, state and local government agencies in defending against DDoS attacks.
A new phishing-as-a-service platform named “Tycoon 2FA” has been re-discovered that targets Microsoft 365 and Gmail accounts with bypass capability against 2FA protection. Originally, the platform was discovered in October 2023. Recently, a new version was released that is much stealthier and leverages 1,100 domains for phishing attacks.
The platform leverages a multi-step process that steals session cookies through a reverse proxy that intercepts user input and replays the input using session cookies to bypass MFA. The platform utilizes a six-step process:
Stage 0 – Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 1 – A security challenge (Cloudflare Turnstile) filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
Stage 2 – Background scripts extract the victim’s email from the URL to customize the phishing attack.
Stage 3 – Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page.
Stage 4 – This stage presents a fake Microsoft login page to steal credentials, using WebSockets for data exfiltration.
Stage 5 – The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
Stage 6 – Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.
The tool is being updated to be more evasive and more powerful, and over 1,800 transactions linked to the Bitcoin wallet of the operators has been recorded since October 2019.
“Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account ”
In January 2024, Microsoft was hacked by Russian-state hackers Midnight Blizzard, using a simple password spray attack on an inactive account. This incident highlights the vulnerability of even large companies due to basic security oversights like weak password practices. The hackers accessed Microsoft’s system through a password spray attack, exploiting weak passwords across multiple accounts and gaining access to a legacy test account, from which they could escalate their privileges. Over seven weeks, they extracted emails and documents, affecting a small percentage of accounts, including those of senior leadership.
This breach underlines the importance of securing all user accounts, not just the active or privileged ones, as attackers can use any foothold to infiltrate a network. It stresses the need for strong password policies, multi-factor authentication, regular audits, and scans for compromised passwords to protect against such attacks. The Microsoft case serves as a reminder for all organizations to enhance their password security measures comprehensively, including using tools like Specops Password Auditor for Active Directory audits and implementing Specops Password Policy to protect against compromised passwords, ensuring a more robust defense against potential cyber threats.
URL: https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html
To sum up how I feel about this article, it seems to me like a potential case study in the making. The article says how 4/10 compliance professionals in asset management, private market firms and investment advisors haven’t evaluated AI as a cybersecurity risk. to go into percentages, 27% don’t even consider AI important to cybersecurity. The SEC has gotten involved as they proposed new rules/guidance that go into the discussion of AI and it’s relevance to securities. On one hand, it’s easy to understand why, because AI is still in it’s early stages, but on the other hand, it’s because AI is in the early stages why everyone needs to be on board with taking AI seriously. As the premises of cybersecurity is constantly keeping up to date with technology.
Malicious NuGet Package Linked to Industrial Espionage Targets Developers
https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html
It has been discovered that a potential malicious package named SqzrFramework480 is primarily targeting developers. The malicious package uses tools produced by a Chinese industrial and digital manufacturing firm. It is said that SqzrFramework480 may be linked to industrial activities that are facilitated by features such as screenshot capture and continuous ping requests.
Andrew Young says
Article: White House, EPA warn water sector of cybersecurity threats
This article details how government officials are currently investigating and concerned over cyberattacks that may be targeting water systems and potentially disabling and interrupting availability of water supplies. According to white house officials, a hacking group called Volt Typhoon may be responsible for these attacks, allegedly at the behest of the Chinese government in the event of a counter attack being needed against the US. This article highlights to me how ubiquitous the use of hacking as a tool not just for personal enrichment but a threat to national security and infrastructural resources. Being aware of how hacking has evolved over the decades is necessary to be able to counter these potential attacks and ensure that they are treated with the seriousness that they require
Link: https://cyberscoop.com/epa-water-threats-governors/
Chidi Okafor says
Title: U.S. bans maker of spyware that targeted a senator’s phone
The U.S. Treasury Department has imposed sanctions on Intellexa, a company known for creating spyware software called Predator, which can hijack smartphones for surveillance purposes. This move marks the most aggressive action by the U.S. government against a spyware company to date. The sanctions prohibit Americans and U.S.-affiliated individuals from conducting business with Intellexa, its founder Tal Dilian, employee Sara Hamou, and four associated companies. A White House official emphasized that these sanctions are unprecedented, representing the first time the U.S. has targeted commercial spyware vendors for enabling misuse of their tools. Amnesty International’s investigation revealed Predator’s use against journalists, human rights workers, and political figures, including members of the European Parliament and the Taiwanese president. The software was also implicated in a Greek scandal in 2022. The Department also highlighted how governments worldwide have used similar technology to suppress dissent and violate human rights.
Link: https://www-nbcnews-com.cdn.ampproject.org/c/s/www.nbcnews.com/news/amp/rcna141855
Alex Ruiz says
Title: $200,000 Awarded at Pwn2Own 2024 for Tesla Hack
Link: https://www.securityweek.com/200000-awarded-at-pwn2own-2024-for-tesla-hack/
Summary: The first day of Pwn2Own Vancouver 2024 hacking competition was quite eventful, with participants winning over $700,000 in rewards. Some notable events were hacking into a Tesla car, cracking Linux and Windows systems, and finding vulnerabilities in other popular software. Contestants from Synacktiv snagged $200,000 and a Tesla Model 3 for their exploit on the Tesla ECU. Other teams also made out well, winning large prizes for their hacks on VMware Workstation, Oracle VirtualBox, and various web browsers and operating systems. The day ended with a total of 19 zero-day vulnerabilities uncovered with more to come, with targets including Firefox, Chrome, Edge, and Docker Desktop.
Ikenna Alajemba says
UnitedHealth Group and its subsidiary Change Healthcare will be investigated by a federal agency over last month’s cyber attacks that may have breached patient data—the latest fallout from what the department called an “unprecedented” attack on the U.S. healthcare system.
https://www.msn.com/en-us/health/other/department-of-health-investigating-unitedhealth-after-unprecedented-cyber-attack/ar-BB1jQq2j
Mariam Hazali says
Ransomware attack on MarineMax yachts claimed by Rhysida gang
The luxury yacht dealer and boating lifestyle brand first announced the breach on March 12th, filing a notice with the US Securities and Exchange Commission (SEC), labeling it a third-party related “cybersecurity incident.” The gang requested 15BTC from MarineMax. Which was market equivalent of exactly $774,415.65 on Thursday March 21st . MarineMax was given roughly six days to pay the gang’s undisclosed ransom amount, or its data will be sold to the highest bidder.
https://cybernews.com/news/marinemax-yachts-ransomware-attack-rhysida-gang/
Jeffrey Sullivan says
AI is changing cybersecurity and businesses must wake up to the threat | ZDNET
https://www.zdnet.com/article/ai-is-changing-cybersecurity-and-businesses-must-wake-up-to-the-threat/
This article surprised me as they are saying that the boardrooms are still not coordinating correctly and urgently when attacks happen at the business. It also points out the cybersecurity must form part of the board’s growth strategy as that is the board’s job, to grow and safeguard the company’s interests along with its management team. Awareness and education were some topics pointed out in this article that companies need to start doing along with real-world developments. It goes on and explains how even though CS is a topic being brought up more and more, its suggests that a lot of companies are really behind, especially the boards. What came to surprise me is the Tokyo Olympics experienced 450 million cyberattacks which is double form the 2012 London Olympics.
Erskine Payton says
Erskine Payton
In the News Article- Unit 10
MIS 5214
Temple University
CISA hit by hackers, key systems Taken Offline
https://securityintelligence.com/news/cisa-hackers-key-systems-offline/
CISA reported that the Ivanti products used by the agency had been exploited. There were two systems that had been compromised and in response, CISA immediately took them offline. As reported, there had not been any impact to operations and no one has taken responsibility for the attack.
Kelly Conger says
What happens when the company that teaches you how to be secure gets hacked?
https://9to5mac.com/2024/03/10/security-bite-hackers-breach-cisa-forcing-the-agency-to-take-some-systems-offline/
The US Cybersecurity and Infrastructure Security Agency (CISA) was hacked. Two critical systems, the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), were offline to prevent further compromise. While no operational impact is reported, the breached systems house vital information about US infrastructure and chemical security plans. This incident highlights the ongoing threats that critical infrastructure, even government agencies, face.
Samuel Omotosho says
Bolstering web application security
I find this article interesting because it emphasizes the need for a comprehensive understanding of potential attack scenarios, especially in dealing with legacy systems. Rigorous testing is essential to identifying vulnerabilities accurately as more applications move online and become exposed to threats.
https://fedscoop.com/bolstering-web-application-security/
Michael Obiukwu says
Infosecurity Magazine Home » News » US Government Releases New DDoS Attack Guidance for Public Sector
US Government Releases New DDoS Attack Guidance for Public Sector
NEWS
22 MAR 2024
Written by
Photo of James Coker
James Coker
Deputy Editor, Infosecurity Magazine
Follow @ReporterCoker
The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services.
The document is designed to serve as a comprehensive resource to address the specific needs and challenges faced by federal, state and local government agencies in defending against DDoS attacks.
The advisory noted that DDoS attacks, where a multitude of compromised computers send a flood of traffic or requests to the target system to render it unavailable to its users, are difficult to trace and block.
https://www.infosecurity-magazine.com/news/us-ddos-attack-guidance-public/?&web_view=true
Kenneth Saltisky says
A new phishing-as-a-service platform named “Tycoon 2FA” has been re-discovered that targets Microsoft 365 and Gmail accounts with bypass capability against 2FA protection. Originally, the platform was discovered in October 2023. Recently, a new version was released that is much stealthier and leverages 1,100 domains for phishing attacks.
The platform leverages a multi-step process that steals session cookies through a reverse proxy that intercepts user input and replays the input using session cookies to bypass MFA. The platform utilizes a six-step process:
Stage 0 – Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 1 – A security challenge (Cloudflare Turnstile) filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
Stage 2 – Background scripts extract the victim’s email from the URL to customize the phishing attack.
Stage 3 – Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page.
Stage 4 – This stage presents a fake Microsoft login page to steal credentials, using WebSockets for data exfiltration.
Stage 5 – The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
Stage 6 – Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.
The tool is being updated to be more evasive and more powerful, and over 1,800 transactions linked to the Bitcoin wallet of the operators has been recorded since October 2019.
https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/
Nicholas Nirenberg says
“Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account ”
In January 2024, Microsoft was hacked by Russian-state hackers Midnight Blizzard, using a simple password spray attack on an inactive account. This incident highlights the vulnerability of even large companies due to basic security oversights like weak password practices. The hackers accessed Microsoft’s system through a password spray attack, exploiting weak passwords across multiple accounts and gaining access to a legacy test account, from which they could escalate their privileges. Over seven weeks, they extracted emails and documents, affecting a small percentage of accounts, including those of senior leadership.
This breach underlines the importance of securing all user accounts, not just the active or privileged ones, as attackers can use any foothold to infiltrate a network. It stresses the need for strong password policies, multi-factor authentication, regular audits, and scans for compromised passwords to protect against such attacks. The Microsoft case serves as a reminder for all organizations to enhance their password security measures comprehensively, including using tools like Specops Password Auditor for Active Directory audits and implementing Specops Password Policy to protect against compromised passwords, ensuring a more robust defense against potential cyber threats.
URL: https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html
Hashem Alsharif says
https://www.napa-net.org/news-info/daily-news/investment-firms-reportedly-overlooking-ai-cybersecurity-risk
To sum up how I feel about this article, it seems to me like a potential case study in the making. The article says how 4/10 compliance professionals in asset management, private market firms and investment advisors haven’t evaluated AI as a cybersecurity risk. to go into percentages, 27% don’t even consider AI important to cybersecurity. The SEC has gotten involved as they proposed new rules/guidance that go into the discussion of AI and it’s relevance to securities. On one hand, it’s easy to understand why, because AI is still in it’s early stages, but on the other hand, it’s because AI is in the early stages why everyone needs to be on board with taking AI seriously. As the premises of cybersecurity is constantly keeping up to date with technology.
Akintunde Akinmusire says
Malicious NuGet Package Linked to Industrial Espionage Targets Developers
https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html
It has been discovered that a potential malicious package named SqzrFramework480 is primarily targeting developers. The malicious package uses tools produced by a Chinese industrial and digital manufacturing firm. It is said that SqzrFramework480 may be linked to industrial activities that are facilitated by features such as screenshot capture and continuous ping requests.