Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Article Link: https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html
- According to Trellix, a legitimate Windows search feature, search-ms URI protocol handler, is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans, such as AsyncRAT and Remcos RAT.
- In many of the attacks, bad actors send phishing HTML attachments leading to compromised websites that use JavaScript to exploit the Windows feature.
- Researchers noted that malicious hackers have also tried putting dangerous links in PDFs and other shared files to create the illusion of security.
Why API Attacks are Increasing and How to Avoid Them
Article Link: https://www.csoonline.com/article/646557/why-api-attacks-are-increasing-and-how-to-avoid-them.html
- As the adoption of APIs (Application Programming Interfaces) grows, the amount of attacks against APIs by malicious actors does too.
- The article highlights that API attacks are increasing due to several reasons. These include APIs being exposed to network requests which expand the attack surface, APIs intentionally being easy to find and use, companies deploying cloud-based applications with many small components, potentially malicious data being transmitted in pieces, and APIs being easy enough to be deployed that IT teams often aren’t informed of their usage.
- Issues with authorization and authentication further degrade the security of APIs. As a result of the multitude of issues around APIs, many organizations are looking towards automation platforms to manage the multitude of APIs present.
In 2022, More Than 40% of Zero-Day Exploits Used in the Wild Were Variations of Previous Issues
Article Link: https://securityaffairs.com/148965/hacking/zero-day-2022-google-report.html
- According to Google Threat Analysis Group researchers, more than 40% of zero-day exploits used in the wild were variations of previous issues. Google’s data identified 41 zero days, 17 of which were fixed previously.
- Google noted that the amount of zero days dropped presumably due to an increase in no-click exploits and new browser extension mitigations designed to circumvent malicious users.
- Maddie Stone, one of Google’s researchers, encourages vendors to provide patches and mitigations to end-users as fast as possible and suggests that developers share more details about the root causes of the flaws.
DOD, OMB Expect September Release of Proposed CMMC Rule
Article Link: https://www.nextgov.com/cybersecurity/2023/07/dod-omb-expect-september-release-proposed-cmmc-rule/388834/
- The Department of Defense and Office of Management and Budget (OMB) have updated the timeline for the new proposed CMMC rules to be released in September 2023.
- It was noted that the OMB received the proposed rule to begin the reviewal process on July 24th, suggesting that the initial ruleset release and request for comment period will arrive soon.
- Once the rules are opened for public comment, the final rulemaking process will take at least another 6 months to complete. As such, the final CMMC rules are set to be released in mid-2024, at the earliest.
TSA Updates Pipeline Cybersecurity Requirements
Article Link: https://www.darkreading.com/ics-ot/tsa-updates-pipeline-cybersecurity-requirements
- The Transportation Security Administration has recently released an updated version of cybersecurity requirements for oil, natural gas, and other hazardous materials pipeline owners and operators.
- Remaining in place are previous requirements to report significant cybersecurity incidents to CISA, identify a cybersecurity point of contact, and conduct a cybersecurity vulnerability assessment.
- Updates are as follows: Pipeline owners and operators must establish and implement a TSA-approved Cybersecurity Implementation Plan, develop and maintain an incident response plan, and develop a Cybersecurity Assessment Plan. The Cybersecurity Assessment Plan must be submitted to the TSA for review and approval annually, show results from previous years with a schedule for assessing and auditing security measures, and test at least two Cyber Incident Response Plan (CIRP) objectives annually. Additionally, 100% of all cybersecurity measures must be assessed every three years.
- Link to the TSA’s Revisions: https://www.tsa.gov/news/press/releases/2023/07/26/tsa-updates-renews-cybersecurity-requirements-pipeline-owners
- Link to the TSA’s Cybersecurity Toolkit: https://www.tsa.gov/for-industry/surface-transportation-cybersecurity-toolkit
SEC Issues Final Rules on Cybersecurity Disclosure for Public Companies
- The SEC adopted final rules relating to the cybersecurity disclosures of public companies. Several rules were adopted, the most prominent being that material cybersecurity incidents must be reported within four days and that there must be an annual disclosure of a company’s processes to address material cybersecurity risks.
- The reporting rules will come into effect either 90 days after publication in the Federal Register or December 18, 2023, whichever is later with longer extensions for smaller organizations. Likewise, the disclosures will be required in annual reports for fiscal years ending on or after December 15, 2023.
- The rules also received a number of changes prior to the final adoption. These include a narrowing of the scope for incident disclosure, addition of a limited delay for disclosures that have national security or public safety risk, and removal of the disclosure of board cybersecurity expertise.
- Link to the SEC’s Final Rules: https://www.sec.gov/news/press-release/2023-139
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Article Link: https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation
- While CISOs often are included in cyber insurance discussions at large companies, small and some midsize organizations might not have a corporate CISO position and are thus at a disadvantage, especially if there is an insurance claim.
- Essentially, without IT or Security personnel at the table, organizations often have non-technology personnel addressing cybersecurity issues, adding risk to organizations rather than transferring it.
- When organizations fail to answer cyber insurance applications accurately, they risk having claims denied or having the insurer sue them. As such, it is vital that the personnel interacting with cyber insurance at a contractual level, typically a finance leader or a general counsel, are working closely with technical personnel.
