Cyber Security Headlines – Week in Review – July 26-30, 2021

This week’s Cyber Security Headlines – Week in Review, July 26-30, 2021, is hosted by Rich Stroffolino with our guest, Robb Reck (@robbreck), founder and host, Colorado = Cybersecurity

Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.

French president pushes for Israeli inquiry into NSO spyware concerns

Emmanuel Macron has reportedly spoken to the Israeli prime minister, Naftali Bennett, to ensure that the Israeli government is properly investigating allegations that the French president could have been targeted with Israeli-made spyware by Morocco’s security services. In a phone call, Macron expressed concern that his phone and those of most of his cabinet could have been infected with the Pegasus hacking software developed by the Israeli surveillance firm NSO Group, which enables operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones from infected devices. NSO has said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using Pegasus.

(CyberScoop)

Kaseya gets universal decryptor to help REvil ransomware victims/demands NDA

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. The company said in a statement that it had obtained the tool from a third-party and have no reports of any problem or issues associated with it. It’s still not clear if Kaseya paid any ransom, but it is worth noting that REvil affiliates had initially demanded $70 million — which was subsequently lowered to $50 million, after which REvil itself disappeared. 

(The Hacker News)

Programming languages used to obscure malware

A new report by the BlackBerry Research and Intelligence Team found that threat actors are increasingly using Go, Rust, Nim and DLang to create new malware tools or rewrite existing ones. While Rust and Go are increasingly popular languages overall, the researchers found they were still effective at hindering analysis. While most malware monitored is still written in C, the report found APT28 and APT29 increasingly using Go for malware, which have used malware rewritten in the language since 2018. The initial stager for Cobalt Strike malware was also seen written in Go and Nim. The report found that using more obscure languages can make reverse engineer malware slower, prevent signature-based scanning, and better target multiple platforms.   

(ThreatPost)

Google launches new Bug Hunters vulnerability rewards platform

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. In all, Google says that the researchers have been rewarded $29,357,516 since January 2010. This new site brings Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues. It has also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.

(Bleeping Computer)

Thanks to our episode sponsor,
Varonis

Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform.

(Bleeping Computer)

Microsoft Teams now automatically blocks phishing attempts

Safe Links is a feature in Defender for Office that provides URL scanning and “time-of-click verification” of URLs and links in email messages, groups, and other locations. Safe Links can help protect enterprise organizations from malicious links sent by threat actors behind phishing attempts and other attacks. The newly Safe Links protection is now generally available to all Teams users, and it works for links in conversations, group chats, and Teams channels. However since there is no Safe Links policy enabled by default, admins will have to create one or more policies to get the protection of Safe Links in Microsoft Teams.

(Bleeping Computer)

US has new cyber security rules for pipelines

The federal government has launched new regulations requiring owners of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.” This was the second time since May that the Department of Homeland Security (DHS) issued a cyber security directive aimed at US pipeline operators. It comes in the wake of the Colonial Pipeline hack that disrupted fuel supplies across the southeastern US for days. The security directive requires critical pipelines to take defensive measures to protect themselves from ransomware attacks and other known threats to IT systems. Pipeline owners must also have a cyber security contingency and recovery plan in place.(ITPro.co.uk)

(ThreatPost)

The cost of enterprise data breaches hits record high

According to IBM Security’s “Cost of a Data Breach” report, the average data breach costs an enterprise $4.24 million dollars, up 10% from last year. The report found that “drastic operational shifts” as a result of the pandemic increased the difficulty of containing security events, resulting in higher costs. This came as 60% of organizations ramped up cloud initiatives without a corresponding increase in security controls. Compromised credentials was the most common vector, and Personally identifiable information was stolen roughly 50% of the time a network was compromised. Reaction time also suffered, with organizations taking  287 days to detect and contain a data breach on average, a 7 day increase from the year before. 

(ZDNet)

Biden: Severe cyberattacks could escalate to ‘real shooting war’

President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a “real shooting war” with another major world power. He named Russia and China as the USA’s partners and “possibly mortal competitors down the road,” stating further, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence.”

(Bleeping Computer)



Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.