Cyber Security Headlines: Pentagon cloud deal, Apple now encrypts iCloud backups, CloudSEK hacked by cybersecurity firm?

Pentagon awards cloud deal to four major providers

The Pentagon said Wednesday that Amazon, Google, Microsoft and Oracle received a cloud-computing contract that could total as high as $9 billion through 2028. The approach aligns to the US Defense Department’s strategy of relying on multiple remote technology infrastructure providers to improve resiliency. Back in 2019, the Pentagon awarded a cloud deal to Microsoft, but upon a series of challenges (including from AWS and Oracle), the agency expanded its requests for bids to include the four tech giants. 

(CNBC)

Apple finally adds encryption to iCloud backups

On Wednesday, Apple unveiled its “Advanced Data Protection” features including end-to-end encryption for iCloud backups as well as iMessage Contact Key Verification, which allows users to verify who they’re communicating with. Apple also now allows users to use a hardware Security Key such as a USB drive or near-field communication (NFC) dongles for two-factor authentication to protect their Apple ID account. In addition to iCloud backups, Apple’s encryption also now covers Contacts, Notes, Photos, Voice Memos and Wallet Passes. The only data still not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar due to compatibility reasons. Advanced Data Protection is currently in beta in the US and will be made available to all US users by the end of the year. The feature will start rolling out globally in early 2023.

(Computerworld and WSJ)

CloudSEK claims it was hacked by another cybersecurity firm

India-based security firm CloudSEK says a threat actor gained access to its Confluence server using credentials stolen from one of its employee’s Jira accounts. While some internal info was exfiltrated from its Confluence wiki, CloudSEK says the attackers did not compromise its databases. A threat actor named ‘sedut’ has leaked some of CloudSEK’s internal data and is trying to sell what they claim is CloudSEK’s database, codebase, and product docs on various hacking forums. CloudSEK’s CEO, Rahul Sasi, stated he believes that a “notorious Cyber Security company that is into Dark web monitoring” is responsible for the attack. CloudSEK refused to provide the name of the firm they believe is behind the attack.

(Bleeping Computer)

Microsoft’s November patches continue to break things

According to Microsoft, ODBC connections to some apps may fail after installing the November 2022 Patch Tuesday Windows updates. Microsoft clarified that the issue is associated with connections using SQL Server Driver (sqlsrv32.dll). Microsoft published instructions for customers to diagnose the issue and says it is still working on a fix. In mid-November, Microsoft  addressed domain controller sign-in failures and the company continues to investigate ongoing domain controller freezes and restarts. These issues were also triggered by last month’s Patch Tuesday Windows Server updates.

(Bleeping Computer)

Thanks to today’s episode sponsor, PlexTrac

The Plextrac platform is your offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” 

Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.

Watchdog reveals UK agency use of unsupported applications

The UK’s National Audit Office (NAO) has revealed that nearly one third (30%) of applications used by the Department for Environment, Food and Rural Affairs (Defra) are unsupported. The issue, which is commonly referred to as “tech debt”, means that apps can no longer receive security or software updates. Defra provides critical services related to disease prevention, flood protection and air quality and a major cyber incident could have severe consequences. The NAO concluded that while Defra is taking steps to address urgent system risks and vulnerabilities, it lacks an adequate digital transformation plan. The government has provided Defra with £366m ($445m) to make IT investments over the next three years.

(Infosecurity Magazine)

FFT and Ransomware account for bulk of cyber insurance claims

According to figures from Corvus, fraudulent funds transfer (FFT) and ransomware caused the most financial damage in 2022, accounting for more than 50% of insurance claims. FFT accounted for an all-time high 36% of all claims this year. There were fewer ransomware claims in H1 2022 compared to H2 2021, however the rate of data exfiltration increased by 25% over the same period. The prevalence of FFT highlights the growing effectiveness of business email compromise (BEC) scams with FFT representing 70% of all BEC-related claims. The average FFT claim was significantly lower than ransomware due to the fact that such incidents typically don’t include costs of data restoration, system recovery, business interruption or breach response efforts.

(Infosecurity Magazine)

New Zerobot malware leverages an array of exploits

A new Go-based malware named ‘Zerobot’, was first spotted in mid-November, and exploits 21 vulnerabilities across numerous devices including F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.  Zerobot scans networks and self-propagates to adjacent devices with the goal of adding compromised devices to a distributed denial-of-service (DDoS) botnet. Researchers indicate that since November a new version of Zerobot has emerged with improved obfuscation and exploit capabilities signaling that the malware is under active development.

(Bleeping Computer)

San Francisco makes U-turn on ‘killer robots’ plan

We reported last week that San Francisco’s city legislators passed a proposal to authorize police to kill suspects using robots equipped with lethal weapons. Protesters and several dissenting board members gathered on the steps of city hall to call for the city to reverse its decision. On Tuesday, the board did just that, in a secondary vote which normally serves to rubber-stamp board decisions. The original proposal will now be refined or entirely scrapped. This type of lethal robot is already in use in other parts of the US.

(BBC)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.