HomePodcastCyber Security HeadlinesCyber Security Headlines - Week in Review – Nov 29-Dec 3, 2021

Cyber Security Headlines – Week in Review – Nov 29-Dec 3, 2021

This week’s Cyber Security Headlines – Week in Review, Nov 29-Dec 3, is hosted by Rich Stroffolino with our guest, Pat Benoit, vp, Global Cyber GRC/BISO, CBRE

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion on LinkedIn.

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

According to a Google Threat Horizons report, the state-sponsored North Korean hackers sent fake job offers to employees at South Korean security companies that sell anti-malware solutions. Google TAG researchers reported that the same group, tracked as “Zinc,” has also targeted security researchers in past campaigns. The attackers used a malformed PDF claiming to be a job description for a role at Samsung. Being intentionally malformed, the recipients, who were not able to open the PDF, contacted the sender that in turn provided him with a link to a supposed “Secure PDF Reader” app, which in turn, established a backdoor on the victims’ devices.

(Security Affairs)

U.K. government introduces PSTI bill to strengthen IoT security

The U.K. government has introduced the Product Security and Telecommunications Infrastructure (PSTI) Bill in Parliament to strengthen consumers’ Internet of Things (IoT) against rising hacker intrusions. The new legislation requires IoT manufacturers, importers, and distributors to meet certain cybersecurity standards. According to the Department for Digital, Culture, Media, and Sport (DCMS), it’s estimated that there could be up to 50 billion IoT devices across the globe by 2030, including smart baby monitors, smart bulbs, smart speakers, smart TVs, fitness trackers, smartphones and cameras.

(CISO Mag)

Dark web market shuts down after DDoS

On November 23rd, the operators of the Cannazon dark web market announced their intent to shutdown operations, with the site going fully offline on November 29th. Cannazon was one of the largest dark web markets known for marijuana products. This comes after the site was hit with a massive DDoS attack at the start of November. The operators said they attempted to reduce the number of orders and take the site partially offline to mitigate the attack. The operators apologized for the lack of transparency, but said the sudden shutdown notice was an attempt to prevent exit scams. 

(Bleeping Computer)

Waiting on quantum encryption cracking

A new report from Booz Allen Hamilton looks at the impacts that quantum computing could have on traditionally strong encryption. The report outlines the threat of “state-aligned cyber threat actors”, specifically China, stealing encrypted pharmaceutical, chemical and material science research with an eye to waiting on quantum decryption. The report asserts that quantum-assisted decryption would arrive faster than encryption solutions, providing a window for threat actors to use it. This would mainly apply to encrypted data with “intelligence longevity” like biometric markets, intelligence officers and source identities, social security numbers, and weapons’ designs. While threat actors may be collecting this data now, it’s not believed quantum computing will advance to the point to practically break the latest encryption methods until at least 2030. 

(The Guardian)

Thanks to our episode sponsor, Votiro

Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.

DNA testing firm discloses data breach affecting over 2 million people

Ohio-based DNA Diagnostics Center (DDC) has disclosed a data breach that occurred from May through July which impacted more than 2,100,000 individuals. Hackers were able to access full names, credit and debit card numbers with CVV code, financial account numbers, and account passwords. The compromised database contained older backups dating between 2004 and 2012 which are not linked to the active DDC systems and databases. While DDC does store highly sensitive data related to paternity, DNA relationship, fertility, COVID-19, ancestry, and testing for immigration purposes, nothing relevant to these services has been compromised according to the company’s notice. DDC is notifying impacted individuals with instructions for enrolling in one year of free credit monitoring through Experian.

(Bleeping Computer)

Dell offers air-gapped AWS solution for ransomware

Dell launched Dell EMC PowerProtect Cyber Recovery for AWS on the AWS Marketplace. This provides an air-gapped vault to physically and logically isolate data in the event of a ransomware attack, providing a rapid recovery path. In an attack, Dell would provide an untouched duplicate of customer data behind a secured interface, protected by multi-factor authentication before establishing a physical connection to any user data. This is designed to integrate with existing AWS assets and automatically deployed through the Marketplace. 


Palo Alto Networks looks at speed of compromise in the cloud

Researchers at the security company set up a could honeypot made up of 320 nodes around the world, each with multiple misconfigured instances of cloud service stalwarts, things like RDP, SSH, SMB, etc. Accounts were also configured to have default or weak passwords. The researchers found 80% on the instances were compromised within 24 hours, while all had been compromised within a week. Some only lasted minutes before being found and exploited. SSH was the most commonly targeted, with each honeypot compromised 26 times a day on average. One attacker compromised 96% of Palo Alto’s Postgres honeypots with a single 90-second window. 


Double extortion ransomware victims soar 935%

Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021. During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed. In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered. Group-IB warned that, even if victim organizations pay the ransom, their data often end up on these sites.

(InfoSecurity Magazine)


Most Popular