This week, new findings revealed that Beijing-backed hackers compromised the email server of the Association of Southeast Asian Nations, an intergovernmental body of 10 Southeast Asian countries. The security alert, shows that Chinese hackers remain as prolific and invasive as ever, especially with China’s escalated hacking activities in the region amidst rising tensions. Meanwhile, the Kremlin is scrambling to get a home-brewed Android phone off the ground this year, as Russia faces economic sanctions over its invasion of Ukraine. The National Computer Corporation company, a Russian IT giant, aims to produce and sell 100,000 smartphones and tablets by the end of 2023, but the project could face licensing restrictions from Google for the new Russian phone, potentially forcing it to seek a different mobile operating system.
At the Network and Distributed System Security Symposium in San Diego, researchers presented findings that popular DJI quadcopters communicate using unencrypted radio signals that can be intercepted, revealing the drones’ location and GPS coordinates of their operators. In the US, a national cybersecurity plan from the White House debuted, focusing on priorities such as hardening defenses for critical infrastructure and expanding efforts to disrupt cybercriminal activity. The plan also includes a proposal to shift legal liability for vulnerabilities and security failures onto the companies who cause them, such as software makers or institutions that don’t make a reasonable effort to protect sensitive data.
For cybersecurity hygiene, there are pressing software patches to download ASAP. Each week, the security news roundup covers stories that weren’t covered in-depth, including the LastPass breach, which was even worse than it seemed, compromising encrypted copies of some users’ password vaults and other personal information. LastPass disclosed a second incident that allowed attackers to rampage through the company’s cloud storage and exfiltrate sensitive data. Attackers gained access by targeting a specific LastPass employee with deep system privileges.
According to an account by LastPass, attackers targeted a DevOps engineer’s home computer and exploited a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault. To do this, the attackers exploited a Plex Media Server software vulnerability that had already been long-patched at the time. The company had issued a fix for the bug in May 2020, roughly 75 versions ago, according to Plex.
In mid-February, a stand-alone US Marshals Service network suffered a data exfiltration and ransomware attack, according to US law enforcement officials. The affected system contained law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees. Marshals Service spokesperson Drew Wade said that officials had “determined that it constitutes a major incident.” However, the impacted data seemingly did not include information from the Witness Security Program or witness protection database.
Three cybercriminal groups that conduct SIM-swapping attacks have claimed that they repeatedly hacked T-Mobile last year as part of their scams. The groups targeted T-Mobile employees with phishing attacks to gain access to internal company systems. Then, they sold this access to other cybercriminals to intercept individual T-Mobile customers’ SMS text messages and calls on attacker-controlled devices. The findings come from an analysis by Krebs on Security of Telegram chat activity of the three SIM-swapping gangs. T-Mobile declined to confirm or deny the claims to Krebs on Security.
Representative Steve Toth proposed a bill in Texas last week that would mandate Texas internet service providers to block websites that offer information about receiving abortion care. The bill would also outlaw domain registration and hosting for websites that help Texas residents obtain abortions, either through fundraising, procuring abortifacient drugs, or sharing resources. The proposal lists specific examples of websites that would have to be blocked, including aidaccess.org, heyjane.co, plancpills.org, mychoix.co, justthepill.com, and carafem.org.
Go to Source
Author: Lily Hay Newman