Cyber Security Headlines: Ransomware impacts 1,000 ships, Crypto influencer victimized by malware, Microsoft patches Azure flaws

Ransomware attack impacts 1,000 ships

Norwegian maritime company, DNV, said they suffered a ransomware attack on January 7, forcing them to shut down servers connected to their ShipManager system. In total, the attack impacted roughly 1000 vessels belonging to 70 customers. DNV noted that ShipManager customers can still use offline functionality, and that no other DNV services were affected. The company is working with Norwegian police and cyber experts to respond to the incident. 

(The Record)

Crypto influencer victimized by malware pushed by ads on Google

Over the weekend, a crypto influencer known as “NFT God”, was hacked after launching a fake executable from a site promoted by Google search ads. After clicking an executable for the Open Broadcaster Software (OBS) video and live streaming software, nothing seemed to happen. NFT God then quickly discovered that their Twitter, Substack, Gmail, and Discord accounts were all hacked. In addition, all of NFT God’s crypto and NFTs had been stolen from their OpenSea NFT marketplace wallet. The hack was likely the work of info-stealing malware, which allowed a remote attacker to swipe saved browser passwords, cookies, tokens, and crypto wallets.

(Bleeping Computer)

Microsoft patches flaws in Azure cloud services

Microsoft has fixed vulnerabilities in four separate Azure cloud platform services. Two of the bugs could lead to server-side request forgery (SSRF) attacks, potentially allowing unauthenticated attackers to execute remote code. Affected Microsoft services include, Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins. Researchers noted they could not exploit Cloud Instance Metadata Service (IMDS) endpoints thanks to various SSRF mitigations already implemented by Microsoft. At this time no further action is required by Azure customers.

(Dark Reading)

UK and US taking measures to better protect children online

On Tuesday, the UK House of Commons reached an agreement with Parliament to modify the Online Safety Bill to ensure its passage. The bill stipulates that tech company execs found “deliberately” exposing children to harmful content could risk steep fines and jail time of up to two years. The bill will now move on to the House of Lords for a potentially lengthy review.

Meanwhile in the US, after a year of stalled efforts in Congress to expand children’s privacy legislation, at least five states are plowing ahead with bills to address how tech companies collect and use children’s data. The state’s include New Jersey, Oregon, Texas, Virginia and West Virginia. Experts warn that state bills will need to address compliance and enforcement concerns in order to be effective.

(Cyberscoop and Slashdot)

And now a word from our sponsor, Cerby

 

Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help.

Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.

Microsoft locks door on guest authentication in Windows Pro

Windows Pro builds with Windows 10 version 1709 or later and Windows Server 2019, SMB2, and SMB3 will no longer allow guest account access to a remote server by default. Microsoft said that guest logons don’t require passwords and don’t support basic security features like signing and encryption. Therefore guest users are more vulnerable to a variety of attacks like phishing and other malicious server scenarios. The move brings Windows Pro editions in line with the stronger security in Enterprise and Education editions, which stopped allowing guest access by default since Windows 10.

(The Register)

GitHub codespaces can be used to deliver malware

GitHub Codespaces is a cloud-based development environment that allows codebase management from a web browser or via an integration in Visual Studio Code. Researchers showed that a threat actor could create a codespace and download malware from an attacker-controlled domain, and set the visibility of the forwarded port to public to proliferate rogue payload downloads. While the technique is yet to be observed in the wild, the findings are a reminder as to how threat actors could weaponize cloud platforms to their benefit and carry out an array of illicit activities.

(The Hacker News)

GDPR fines surge 168% in a year

According to a new report, the cost of GDPR fines surged to over €2.9 billion (USD 3.1 billion) over the past year, although the average number of reported breaches per day fell slightly. The report included penalties levied by national data protection regulators across the EU as well as the UK, Norway, Iceland and Liechtenstein. Meta received the year’s largest fine, a €405 million (USD 429 million), levied by the Irish Data Protection Commissioner (DPC) for failing to protect children’s data on Instagram. Meta then racked up another fine from the DPC for €390 million (USD 413 million), for other user data processing issues.

(Infosecurity Magazine)

Bridgestone Arena enhances NHL fan safety

Nashville’s Bridgestone Arena, which is home to the Nashville Predators and hosts events such as the Country Music Association (CMA) Awards, recently installed 14 Evolv Express security screening systems at the venue’s various ingress points. The system uses a combination of artificial intelligence (AI) and sensor technology to provide threat detection at high volumes and speeds. An arena spokesperson notes that the system has produced operational efficiencies and, “most importantly, happier and safer guests.” Nearby Nissan Stadium installed the same systems and detected 254 prohibited items in a three-game period and freed up 66% of gate security personnel to perform other security-related duties.

(Security Magazine)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.