Google offers details on Chinese hacking group that targeted Biden campaign

Google on Friday offered new details on tactics used by alleged Chinese government-linked hacker group APT31 that has been targeting Joe Biden’s campaign using malicious code hosted on GitHub. The group’s use of services like Dropbox, have made these attacks even more difficult to detect. The advisory follows a June announcement from Google that Chinese and Iranian hackers had tried unsuccessfully to breach staffers at the Biden and Trump campaigns with phishing emails and emails that contained tracking links.


Hackers use BaseCamp to host and distribute malware

The web-based project management solution BaseCamp is being used by hackers to manage phishing campaigns that distribute malware and steal login credentials. Security researchers have found evidence that threat actors are distributing TrickBot’s backdoor trojan BazarLoader executable through public BaseCamp download links. One of their reasons for exploiting BaseCamp is its use of intermediary pages, allowing the threat actors to resurface even when their phishing pages are removed.

(Bleeping Computer)

China quietly opens up to the real internet – temporarily

For two weeks in September, China allowed its 904 million internet users access to forbidden websites including YouTube, Google, and Instagram. Although still censored, an app called The Tuber, backed by a government-linked security company and made available on Huawei’s app store, appeared without fanfare, allowing people to access these sites without using a VPN. The app was pulled without explanation on Saturday.

(Bloomberg via Baltimore Sun)

The numbers behind GDPR fines 

Analysis from data discovery firm Exonar shows that organizations across Europe have suffered over $404 million in GDPR fines for failing to protect the private data of customers and employees, and not having appropriate cybersecurity in place. 39% of the fines were due to insufficient security measures while 26% was for storing unsecured data. In addition, illicit use of personally identifiable information (PII) and failing to comply with Data Subject Access Requests (DSAR) were responsible for 19% of fines with the remaining 16% comprising various issues like Uber’s failure to report their breach quickly enough.

(CISO Mag)

Thanks to our episode sponsor, SecureLayer7

Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots.
SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net

Hackers claim to have access to 50,000 home security cameras

A hacking group is selling access to more than 50,000 hacked home security cameras, including footage of children. The group, which has over 1000 global members, has been using messaging platform Discord to advertise its wares, according to a report on AsiaOne. As well as existing video clips, the group is apparently claiming to have a list of over 50,000 cameras on its files which VIP members can “explore, watch live, and even record.” Security experts state that these internet-connected home cameras often use inadequate security controls.

(InfoSecurity Magazine)

Three npm packages found opening shells on Linux, Windows systems

Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries, plutov-slack-client, nodetest199, and nodetest1010 opened shells on the computers of developers who imported the packages into their projects in Windows and Linux environments. The team states, “Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.”


Windows Bad Neighbor poses nightmare scenario for enterprises 

Among the Windows 10 vulnerabilities Microsoft recently announced, the “Bad Neighbor” vulnerability stands out, posting a severity score of 9.8 out of 10. It is a remote code execution (RCE) vulnerability would allow an attacker to run malware or launch a denial of service (DoS) attack, with the potential of hitting one billion PCs — or 80% of all PCs in use — that will be running Windows 10 this year. Jeff Costlow, CISO at ExtraHop, points out that it is extremely difficult to detect through security solutions and up-to-date patches should be deployed immediately.

(Security Magazine)

Cloudflare wants to run your web browser in the cloud

Cloudflare has announced that its new “browser isolation” service, runs web browsers in the cloud, is now available in beta. With computing being increasingly done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn’t actually run on a user’s computer. The Cloudflare solution runs on a virtual machine inside a cloud provider’s data center, meaning that any threats from the browser will stay in that virtual machine and won’t be able to infect a corporate laptop or move laterally across an organization’s network.