Google offers details on Chinese hacking group that targeted Biden campaign
Google on Friday offered new details on tactics used by alleged Chinese government-linked hacker group APT31 that has been targeting Joe Biden’s campaign using malicious code hosted on GitHub. The group’s use of services like Dropbox, have made these attacks even more difficult to detect. The advisory follows a June announcement from Google that Chinese and Iranian hackers had tried unsuccessfully to breach staffers at the Biden and Trump campaigns with phishing emails and emails that contained tracking links.
Hackers use BaseCamp to host and distribute malware
The web-based project management solution BaseCamp is being used by hackers to manage phishing campaigns that distribute malware and steal login credentials. Security researchers have found evidence that threat actors are distributing TrickBot’s backdoor trojan BazarLoader executable through public BaseCamp download links. One of their reasons for exploiting BaseCamp is its use of intermediary pages, allowing the threat actors to resurface even when their phishing pages are removed.
China quietly opens up to the real internet – temporarily
For two weeks in September, China allowed its 904 million internet users access to forbidden websites including YouTube, Google, and Instagram. Although still censored, an app called The Tuber, backed by a government-linked security company and made available on Huawei’s app store, appeared without fanfare, allowing people to access these sites without using a VPN. The app was pulled without explanation on Saturday.
The numbers behind GDPR fines
Analysis from data discovery firm Exonar shows that organizations across Europe have suffered over $404 million in GDPR fines for failing to protect the private data of customers and employees, and not having appropriate cybersecurity in place. 39% of the fines were due to insufficient security measures while 26% was for storing unsecured data. In addition, illicit use of personally identifiable information (PII) and failing to comply with Data Subject Access Requests (DSAR) were responsible for 19% of fines with the remaining 16% comprising various issues like Uber’s failure to report their breach quickly enough.
Thanks to our episode sponsor, SecureLayer7
Hackers claim to have access to 50,000 home security cameras
A hacking group is selling access to more than 50,000 hacked home security cameras, including footage of children. The group, which has over 1000 global members, has been using messaging platform Discord to advertise its wares, according to a report on AsiaOne. As well as existing video clips, the group is apparently claiming to have a list of over 50,000 cameras on its files which VIP members can “explore, watch live, and even record.” Security experts state that these internet-connected home cameras often use inadequate security controls.
Three npm packages found opening shells on Linux, Windows systems
Windows Bad Neighbor poses nightmare scenario for enterprises
Among the Windows 10 vulnerabilities Microsoft recently announced, the “Bad Neighbor” vulnerability stands out, posting a severity score of 9.8 out of 10. It is a remote code execution (RCE) vulnerability would allow an attacker to run malware or launch a denial of service (DoS) attack, with the potential of hitting one billion PCs — or 80% of all PCs in use — that will be running Windows 10 this year. Jeff Costlow, CISO at ExtraHop, points out that it is extremely difficult to detect through security solutions and up-to-date patches should be deployed immediately.
Cloudflare wants to run your web browser in the cloud
Cloudflare has announced that its new “browser isolation” service, runs web browsers in the cloud, is now available in beta. With computing being increasingly done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn’t actually run on a user’s computer. The Cloudflare solution runs on a virtual machine inside a cloud provider’s data center, meaning that any threats from the browser will stay in that virtual machine and won’t be able to infect a corporate laptop or move laterally across an organization’s network.