Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Article Link: https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html
- According to Proofpoint, malicious hackers are using a phishing-as-a-service (PhaaS) toolkit called EvilProxy to target the accounts of prominent executives at various organizations. Between March and June of 2023, over 120,000 phishing emails have been sent out to organizations across the globe.
- While EvilProxy has been used by bad actors in the past, this new wave of attacks has focused heavily on the Microsoft 365 credentials of CFOs, CEOs, finance departments, and more. The scams hide as links to services like Adobe and DocuSign before redirecting victims to fake Microsoft 365 login pages.
- Following a successful account compromise, hackers work to maintain account control through methods like enabling their own MFA methods. Likewise, they try to gain additional access to other sensitive cloud services to further exploit victims.
Ford Says Cars with Wi-Fi Vulnerability Still Safe to Drive
Article Link: https://www.bleepingcomputer.com/news/security/ford-says-cars-with-wifi-vulnerability-still-safe-to-drive/
- Ford is warning of a buffer overflow RCE vulnerability in its SYNC3 infotainment system, used for in-vehicle Wi-Fi hotspots and other services, placed in many Ford and Lincoln vehicles, but says that vehicle driving safety isn’t impacted.
- Ford noted that an attacker within wireless range of a vulnerable device can access the memory of the host processor. However, Ford stated that the vulnerability is challenging to exploit and even if it was exploited, it would not impact driving the vehicle itself.
- Ford highlighted that they hadn’t observed exploitation in the wild but indicated that a software patch would be available via a USB in the near future.
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Article Link: https://thehackernews.com/2023/08/emerging-attacker-exploit-microsoft.html
- Attackers continue to target Microsoft identities in a variety of ways. A common tactic that bad actors have looked to is abusing native Microsoft tools and functionality.
- This article looks at how attackers can move laterally in networks by exploiting cross-tenant synchronization (CTS) within Microsoft environments. In essence, CTS allows for users and groups to be synced within Microsoft and some non-Microsoft applications for easy account configuration.
- Within the article, there is a walkthrough of how CTS can be exploited as a means for both lateral movement and as a backdoor onto a compromised tenant.
- Several prevention tips are described in the article. These include continuing to enforce security best practices, properly configuring CTS-using tenants, ensuring CTS-using tenants are properly regulated and monitored, and detecting and responding efficiently and effectively to any concerns.
Google to Fight Hackers with Weekly Chrome Security Updates
Article Link: https://www.bleepingcomputer.com/news/google/google-to-fight-hackers-with-weekly-chrome-security-updates/
- Starting last week on August 9th, Google changed the Google Chrome security updates schedule from bi-weekly updates to weekly updates.
- The goal is to reduce the interval between when patches are tested and released to the public. The gap has previously allowed bad actors to exploit known vulnerabilities as updates wait to be rolled out to users.
- While the changes will be beneficial for PCs, the vulnerability patch gap will likely remain for mobile devices due to delays in device manufacturers releasing operating system updates.
Navigating Cybersecurity’s Seas: Environmental Regulations, OT & the Maritime Industry’s New Challenges
Article Link: https://www.darkreading.com/ics-ot/environmental-regulations-ot-maritime-industry-challenges
- Over the last few years, regulators have outlined environmental regulations for the maritime industry. Although the regulations are relatively positive in nature, they require shipping vessels to adopt advanced technologies to achieve designated emissions levels while also layering said technologies onto existing, older operational technology (OT) devices.
- While the advancements are beneficial, simply stacking new, advanced systems on top of OT systems can increase risk for OT systems. From authentication and access control issues to an inability to update OT systems in a timely manner, further connecting OT systems to modern technologies on a larger network or systems on dry land puts ships at a greater risk of becoming cyberattack victims.
- As the article notes, OT is often used in vessels for systems such as radar, electronic charts, cargo and engine monitoring, and more. Due to this, an increase in risk to these systems could be detrimental to shipping vessel crews.
- Overall, the article calls for the maritime industry to focus on mitigating risks and enhancing systems up front instead of waiting for issues to arise.
The Most-Clicked Phishing Emails Pretend to Come From HR
Article Link: https://fortune.com/2023/08/02/human-resources-phishing-scams-most-clicked-emails-hr/
- According to KnowBe4’s Q2 Global Phishing Report, 50% of the phishing tests that employees clicked on featured subject lines related to HR.
- The report highlights that 19% of phish tests clicked on discussed time off and vacations, with other common click topics ranging from dress code changes to possible typos within documents. Additionally, seasonal topics tend to be effective as well.
- The article noted that three key steps to mitigating phishing risk include investing in the proper security tools to prevent phishing emails from being received, informing employees of cyber risks, and announcing policy changes in forums other than email.
- Link to KnowBe4’s Report: https://www.knowbe4.com/press/knowbe4-phishing-test-results-reveal-half-of-top-malicious-email-subjects-are-hr-related
Oregon Passes Comprehensive Privacy Law
Article Link: https://www.reuters.com/legal/legalindustry/oregon-passes-comprehensive-privacy-law-2023-08-11/
- On July 18, 2023, the governor of Oregon signed Senate Bill 619 (the “Act”), which goes into effect on July 1, 2024. The Act has a similar formula to other data privacy laws.
- The Act has seven key sections. These include sections on the right to know, right to correction, right to deletion, right to opt out, right to data portability, sensitive data protections, and special protections for youth.
- The Act applies to any organization that does business in Oregon and processes or controls the personal data of at least 100,000 Oregon residents or at least 25,000 Oregon residents while deriving at least 25% of its revenue from the sale of personal data. Non-profits are excluded until July 1, 2025. Additionally, a variety of common exceptions, such as those who comply with GLBA and FERPA, are noted as well.
- Link to an Overview of the Law: https://www.doj.state.or.us/media-home/news-media-releases/oregon-legislature-passes-ag-rosenblums-long-awaited-consumer-data-privacy-law/
- Link to the Full Text of the Law: https://olis.oregonlegislature.gov/liz/2023R1/Downloads/MeasureDocument/SB619/Enrolled
Why Cybersecurity is a Blue-Collar Job
Article Link: https://www.helpnetsecurity.com/2023/08/09/cybersecurity-talent-pool/
- As the demand for skilled professionals continues to surge, traditional approaches to education and job requirements are being challenged. This article looks at how the gap in cybersecurity professionals is better filled by certification-based employees who have hands-on skills akin to that of those in blue collar trade careers.
- Additionally, the article looks at how a focus on hiring people based on their soft skills, such as problem solving, and then training them on the job-specific hard skills can further address skill shortages and get more people into the cybersecurity industry.
- As the author states. “By shifting our focus toward practical skills and hands-on experience, we can recognize the accessibility of coding, engineering, and cybersecurity training beyond the confines of traditional college degrees.”
