Hackers opting for new attack methods after Microsoft blocked macros by default
With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. A report from Proofpoint says that in its place, adversaries are moving to container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns to distribute malware, which Proofpoint calls a significant shift in the threat landscape. “The number of campaigns containing LNK files increased 1,675% since October 2021,” the enterprise security company noted, adding the number of attacks using HTML attachments more than doubled from October 2021 to June 2022.
Microsoft 365 outage knocks down admin center in North America
A new outage hit Microsoft 365 yesterday, with administrators in North America seeing blank pages and 404 errors or no perceivable error message at all when trying to access the Microsoft 365 admin center. The company revealed on the Microsoft 365 Service health status page, “this outage could affect any admin in North America.” Microsoft is of course working on discovering the issue that triggered this incident and trying to find a potential fix to address its impact on North American admins.
22 million US health records breached thus far in 2022
This is according to a new report from GlobalData which also forecasts that spending on cybersecurity in the global healthcare industry will increase by nearly $400 million in the next three years. Included in these breaches is not just regular PII, but also private health information (PHI) which can include one’s medical history, address, email addresses, and social security numbers, perfectly suited for phishing schemes that target patients for further exploitation. Unlike credit card information or personal identification information, medical history cannot be changed, making it much more valuable on the black market.
Fallout from massive Shanghai Police data breach reverberates on dark web
The availability of supposedly hacked Chinese data on the dark web appears to have surged in recent weeks on the heels of the massive Shanghai National Police breach that we reported on 2 weeks ago, which was one of the largest ever recorded. While there were an average of 14 monthly leaks from Chinese entities posted to BreachForums between March and June, in the first 15 days of July, the total jumped to 25, setting a pace for more than 50 by month end. The surge in Chinese data posted to the forum came alongside “a significant increase in the quantity of Chinese-language activity on the predominantly English-speaking forum.”
Thanks to today’s episode sponsor, Snyk
WordFly data breach impacts clients in the arts
SecurityWeek reports digital marketing firm WordFly suffered a data breach that has taken all of its services offline for the past two weeks. According to WordFly’s most recent status update, a system disruption was first detected on July 10, and within hours all services hosted internally, including its backup services, were shut down. Only July 14 it was discovered the intruder exfiltrated data including user names, email, and other imported info, but WordFly claims the attacker deleted the data the following day. Among the organizations affected by this breach are Smithsonian’s National Zoo & Conservation Biology Institute, the Canadian Opera Company, Toronto Symphony Orchestra, and the Canadian Stage company.
Novel malware hijacks Facebook business accounts
The new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts. The malware, dubbed Ducktail, uses browser cookies from authenticated user sessions to take over accounts and steal data, researchers said. Researchers from WithSecure, formerly F-Secure, discovered the ongoing campaign, which appears to be the work of financially driven Vietnamese threat actors. They stated in a report, “the malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim’s Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to.”
Radiation alert saboteurs cuffed by cops after sensors disabled
Spain’s national police say they have arrested two former government workers suspected of breaking into the computer network of the country’s radioactivity alert system (RAR) and disabling more than a third of its sensors. The intrusion happened between March and June 2021 and the two suspects worked for a company contracted by Spain’s General Directorate of Civil Protection and Emergencies (DGPCE). A year-long probe eventually traced the cyberattack to a computer “in the public-use network of a well-known establishment of hospitality in the center of Madrid,” – which might be interpreted as hotel WiFi. The two suspects had been responsible for the maintenance program of the RAR system, through a company contracted by the DGPCE, which made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship.
Chess robot breaks seven-year-old boy’s finger during Moscow Open
Sergey Lazarev, Moscow Chess Federation President, confirmed to the Tass news agency that the robot had indeed broken the child’s finger, adding, “this is of course bad.” A video shared on social media shows the robot taking one of the boy’s pieces. The boy then makes his own move, and the robot grabs his finger. Four adults rushed to help the boy, who was eventually freed and ushered away. Mr Lazarev said the machine had played many previous matches without incident, and the young victim was able to finish the final days of the tournament, wearing a cast.