Cyber Security Headlines: TSA cybersecurity regulations, Lazarus Group zero-day, a video ransom note

TSA issues cybersecurity regulations

The US Transportation Security Administration announced new regulations meant to improve cyberthreat defenses for aircraft owners and operators. Aviation operators under the TSA’s purview must now develop approved implementation plans describing measure to improve its cyber security posture. These plans need to outline how operations can safely proceed even in the event of a compromise of IT or operational technology. The plan must also outline how it will prevent unauthorized access to critical system, implement continuous monitoring, and keep up with system patching. This follows the Biden administrations release of its National Cybersecurity Strategy. We’ve seen other agencies, like the EPA, already release similar plans to comply with it. 


Lazarus Group deploys zero-day

Security researchers at Asec report that the pernicious North Korean threat group targeted an unnamed South Korean finance firm twice last year, in May and October. Both seemingly relied on the same zero-day vulnerability on “a certificate program that was commonly used by public institutions and universities.” This appears to have impacted the most up-to-date version of the software, as after the first attack, the organization updated all their software. Asec disclosed the zero-day to Korea Internet & Security Agency but it remains under verification and unpatched. 

(InfoSecurity Magazine)

Ransomware gang uses video ransom note

The MedusaLocker ransomware group posted a demand for a $1 million ransom from the Minneapolis Public Schools district. The group published a 51-minute video showing data allegedly stolen in its attacks. It claims it will delete this data if paid in a typical ransomware-extortion scheme. The school district disclosed the attack on March 1st, saying it suffered an “encryption event” on February 21st. The district says it plans to restore from internal backups and didn’t find evidence of unauthorized access to personal information. 

(Bleeping Computer)

TikTok announced security initiatives for Europe

The popular Chinese-owned social network recently announced security initiatives to allay concerns about how it uses data from its users. In the US, this came wrapped up as Project Texas. Now TikTok revealed a new set of security measures for Europe called Project Clover. This will see a third-party security company audit its data controls and practices, and setting up “security gateways” that determine which employees can access Europea user data. The company also announced plans for two new data centers in Ireland, along with a previously announced one in Norway. TikTok will migrate European user data to these servers, aiming for completion in 2024. This initiative comes as the US and Canada banned use of TikTok on government devices. 


And now a word from our sponsor, Packetlabs

Reduce cyber insurance premiums and minimize risk. Learn how a thorough penetration test can benefit your business. Download our Penetration Testing Buyers Guide at Packetlabs is an ethical hacking firm that will simulate real-world, covert attacks to get answers to your “what if” scenarios. Protect your business from cyber attacks and get the most out of your penetration testing investment with Packetlabs, your friendly neighborhood ethical hackers.

End-of-life DrayTek routers under attack

Researchers at Black Lotus Labs report the Hiatus malware group began hijacking DrayTek Vigor routers, specifically models 2960 and 3900. Despite reaching end-of-life status in December 2021, over 4,000 of these routers remain exposed on the internet. Researchers found at least 100 routers compromised by the attackers so far. It’s not clear how the attackers compromised these devices. DrayTek did patch a remote-code injection vulnerability in these models in 2021, so it may be an instance of the routers running old firmware. The researchers say Hiatus appears to target midsize businesses running their own mail servers. They found pharmaceutical companies, IT services, and local governments included in the campaign. 

(The Register)

The impact of AI-tools on email attacks

The security firm Darktrace reports its seen an increase of threat actors using artificial intelligence tools to operate sophisticated scams and operations since the general release of OpenAI’s ChatGPT. While the number of email attacks against its clients remained consistent since then, it say a decrease in emails attempting to get users to click on malicious link, while linguistic complexity of malicious messages increasing. Darktrace did not see these tools lowering the bar of entry for new threat actors. Rather it seems to be existing actors shifting tactics to use them. 

(The Guardian)

Coinbase launches wallet service

The popular cryptocurrency exchange introduced a new Wallet-as-a-Service offering, which will support companies creating customized web3 wallets in their own apps. The idea is companies can integrate web3 wallets without sending users to another site to set up a wallet. The service uses a cryptography technique called Multi-Party Computation, which effectively splits wallet keys between the user and Coinbase. This means no one party controls the keys to the wallet. But it also makes wallet access recovery much simpler for end-users, more akin to resetting a typical account password.

(The Block)

Google expands VPN availability

The search giant previously bundled its Google One VPN, but limited access to users on its $9.99 a month and higher tiers. The company announced it will start rolling out VPN access to all paying Google One subscribers over the next few weeks. Google also announced it will roll out a new “dark web report” feature for Google One, which will scan for personal information on dark web site. Users need to set up a “monitoring profile” on their Google account, and can add and remove information for scanning purposes. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.