Phishing campaign spells double-trouble for Kaseya customers
While Kaseya attempts to help customers recover from a ransomware attack on its VSA cloud service, security experts warn of a new phishing campaign that is attempting to ensnare victims with the Cobalt Strike remote-control tool disguised as a security update. According to MalwareBytes, the phishing emails contain a file named ‘SecurityUpdates.exe’ in addition to a link masquerading as a Microsoft patch for the Kaseya vulnerability. In what may or may not be a coincidence, the REvil gang, which is behind the Kaseya VSA cyberattack, has been known to inject Cobalt Strike’s Beacon into compromised networks.
Google sued by 36 states over Play Store fees
Amidst a recent wave of regulatory challenges against Big Tech, 36 states are accusing Google of operating like a monopoly and eliminating competition. The complaint zeroes in on Google’s use of app store commissions, typically 30%, which are charged to developers and then usually passed on to consumers. Starting this month, Google is cutting its commissions in half for the first $1 million developers make annually. A similar announcement was made by Apple in May, drawing criticism of Apple’s CEO Tim Cook by federal judge Yvonne Gonzalez Rogers, who said that their discount program appeared to be the result of investigations and legal pressures, and not competition.
Morgan Stanley falls victim to third-party data breach
Investment banking firm Morgan Stanley has reported that attackers stole customer information by hacking into a server belonging to Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. The attackers hacked Guidehouse’s Accellion FTA server, swiping encrypted files and the decryption key allowing them to access personal info including names, addresses and social security numbers. A Morgan Stanley spokesperson stated, “The protection of client data is of the utmost importance and is something we take very seriously. We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients.”
Over 40 high-severity Android vulns patched in July update
Earlier this week, Google announced the availability of the July 2021 security updates for Android operating system, including patches for over 40 vulnerabilities. According to Google’s advisory, the most severe of the vulns affects the System component and could “enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” All of these vulnerabilities have a severity rating of high and most of them affect devices running Android 8.1, 9, 10, and 11.
Thanks to our episode sponsor, Viakoo
British Airways reaches settlement with data breach victims
According to IT Pro, British Airways (BA) has reached an out-of-court settlement with victims of the massive 2018 cyberattack that exposed customer information including names, addresses, email addresses and credit/debit card info of more than 420,000 customers. BA paid undisclosed amounts to the victims of the class action and was initially hit with a record-breaking GDPR fine of £183 million, that was later reduced to £20 million. A spokesperson from PGMBM, the company that led the mediation between BA and the victims, stated, “We are very pleased to have come to a resolution on this matter after constructive mediation with British Airways.”
Crypto mining scam targets Android app users
Lookout, Inc. has identified a major crypto mining scam which leverages more than 170 Android apps used to scam more than 93,000 victims interested in cryptocurrency mining. The apps advertise themselves as providing cloud cryptocurrency mining services for a fee but Lookout researchers found that no cloud crypto mining actually takes place. Instead, the scammers pocket the money spent on apps and upgrades without ever delivering the promised services. Lookout estimated that the apps stole more than $350,000 from their victims and has been in close contact with Google who has since removed the apps.
Vulnerable NuGet packages allow attacks on .NET platform
An analysis of software packages hosted on the NuGet repository, a Microsoft-supported package manager for the .NET platform, has revealed that 51 unique software components are vulnerable to actively exploited, high-severity vulnerabilities. ReversingLabs researcher Karlo Zanki indicated, “All identified precompiled software components in our research were different versions of 7Zip, WinSCP and PuTTYgen.” Zanki then highlighted the importance of transparent software development to detect and prevent software supply-chain attacks, stating, “Both the inputs and final outputs of the software development process need to be checked for tampering and code quality issues.”
SANS report highlights importance of cybersecurity culture
While organizations continue to pivot their business models to support remote working, this year has been dubbed ‘the year of security culture’ by the International Civil Aviation Organization. However, a recent study conducted by SANS revealed that nearly 75% of security awareness professionals spend less than half of their time on security awareness. The report identifies the top barriers to building a security culture as lack of time (not budget), security leaders lacking soft skills and lack of strategic alignment and support for security personnel. The study concludes that the best approach for building a strong security culture is to focus on engagement, participation and communication (as opposed to technical aspects), not letting lack of time serve as an excuse for poor security awareness and highlighting the business value of security.