Cyber Security Headlines: Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper

Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit

As U.S. House of Representatives Speaker Nancy Pelosi made a brief visit to Taiwan this week, Taipei experienced a sharp increase in cyberattacks. Taiwan’s digital minister Audrey Tang said the volume of cyberattacks on Taiwan government units on Tuesday, before and during Pelosi’s arrival, surpassed 15,000 gigabits, 23 times higher than the previous daily record. Most of the attacks originated from addresses in China and Russia, but were not being attributed to the Chinese government, but to opportunistic hacktivists. An attack on Taiwan’s presidential website was followed by a DDoS attack on Taiwan’s Ministry of National Defense, on Wednesday, just after her departure. None of the attacks appear to show significant or lasting damage.

(Reuters and The Register)

Cisco addresses critical flaws in Small Business VPN routers

The flaw, tracked as CVE-2022-20842 resides in the web-based management interface of several Cisco Small Business VPN routers. An unauthenticated remote attacker can exploit the flaw to execute arbitrary code or trigger a denial of service (DoS) condition by causing an affected device to restart unexpectedly. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. It has received a CVSS Score of 9.8, and Cisco point out there are no workarounds that address this vulnerability.

(Security Affairs)

DOJ now relies on paper for its most sensitive court documents, official says

The Justice Department has been filing most sensitive documents old school as of since January 2021 to avoid any chance of a breach or vulnerability in electronic filing systems compromising its high stakes cases. In an interview this week, Deputy Assistant Attorney General for National Security Adam Hickey told CyberScoop the department implemented the policy last year but did not connect that change to any specific breach or cybersecurity event. However, the Administrative Office of the U.S. Courts did reveal “an apparent compromise” of the court system’s electronic case files on Jan 6, 2021 as well as “an incredibly significant and sophisticated cybersecurity breach,” that happened in early 2020 and that it “had lingering impacts” on the DOJ and other agencies.

(Cyberscoop)

New Linux malware brute-forces SSH servers to breach networks

A new botnet called ‘RapperBot’ has been used in attacks since mid-June, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. Researchers show that RapperBot is based on the Mirai trojan but deviates from the original malware’s normal behavior of uncontrolled propagation to as many devices as possible. Instead, RapperBot is more tightly controlled, has limited DDoS capabilities, and its operation appears geared towards initial server access, likely to be used as stepping stones for lateral movement within a network. Over the past 1.5 months since its discovery, the new botnet used over 3,500 unique IPs worldwide to scan and attempt brute-forcing the Linux SSH servers.

(Bleeping Computer)

Thanks to this week’s sponsor, HYAS

We know IT and security teams are already overloaded — facing constant pressure to improve security without additional resources. That’s why it’s so important to find solutions that bolster your security, not your workload.

HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn’t require day-to-day hand-holding — letting you focus on keeping your business moving full forward.

Visit HYAS.com

Microsoft bolsters threat intelligence security portfolio with two new products

Drawing from last year’s acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel (security information and event management) product. Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data, which it says it is offering for free, accessible directly by all users, or from within its existing Defender family of security products. Microsoft has also released Microsoft Defender External Attack Surface Management, designed to scan users’ computing environments and connections to provide security teams with the same view an attacker has of their organization while selecting a target.

(CSOOnline)

VMWare urges users to patch critical authentication bypass bug

VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. The bug—tracked as CVE-2022-31656—earned a rating of 9.8 on the CVSS and is one of a number of fixes the company made in various products in an update released on Tuesday for flaws that could easily become an exploit chain, researchers said. CVE-2022-31656 also certainly the most dangerous of these vulnerabilities, and likely will become more so as the researcher who discovered it–Petrus Viet of VNG Security–has promised in a tweet that a proof-of-concept exploit for the bug is “soon to follow,” experts said.

(ThreatPost)

Hive group demands £500,000 from British schools, citing cyber insurance policy

The Hive ransomware group is allegedly demanding £500,000 (about $608,000) from two schools in England following a hack targeting their IT systems, according to reports in British media. Students and parents of the Wootton Upper School and Kimberley College — both owned by Wootton Academy Trust in Bedfordshire, England — received a message last week from the hacking group claiming to have breached the Trust’s network and exfiltrated student’s home addresses, banking information, and medical records, with threats to leak the data if the it fails to pay. The Hive group claims to have breached the system and then obtained details of its cyber insurance policy to use in negotiations. But Allan Liska, a ransomware expert at Recorded Future, called such a threat “bluster” aimed at frightening the parents, stating that having a £500,000 cyber insurance policy does not mean that an insurance company will pay it.”

(The Record)

Faster spinning earth warns of Y2K-like negative leap second scenario

The Earth is spinning faster, and recently recorded its shortest day ever. June 29, 2022 was 1.59 millisecond less than the average day, scientist Leonid Zotov told CBS News. The normal length of day is 24 hours, or 86,400 seconds. But in recent years, the Earth’s rotation has accelerated, shortening some days by milliseconds. “Since 2016 the Earth started to accelerate,” said Zotov, who works at works for Lomonosov Moscow State University and recently published a study on what might cause the changes in Earth’s rotation. “This year it rotates quicker than in 2021 and 2020.” Zotov and his colleagues believe the fluctuation could be caused by the Earth’s tides. If the trend continues, atomic timekeeping may require the introduction if a negative leap second which could cause Y2K -like devastation in IT, with the potential for crashing programs and data corruption. 

(CBS News)