This Week in Security News - January 14, 2022
This week, read about how crucial it is for security teams to adopt an integrated approach to threat detection, such as remote control, and Congress’s plan to update the Federal Information Security Management Act (FISMA) for the first time in eight years.
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about how crucial it is for security teams to adopt an integrated approach to threat detection, such as remote control. Also, read on Congress’s plan to update the Federal Information Security Management Act (FISMA) for the first time in eight years.
As organisations brace themselves for the year ahead, now is an opportune time to take stock of how they can strengthen their security posture and shore up their defences. While organisations may have the power of leading-edge cybersecurity solutions on their side, malicious actors continue to work diligently to refine their methods and take advantage of vulnerabilities every chance they get.
Congress is preparing to overhaul federal cybersecurity rules roughly a year after an attack in which Kremlin-backed hackers wormed their way in through the IT supplier SolarWinds and captured reams of data from federal agencies. The attack highlighted the massive growth in the sophistication and danger of cyber threats since the Federal Information Security Management Act was last updated eight years ago.
This report is the fourth part of Trend Micro’s LoRaWAN security series and highlights an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. The stack is the root of LoRaWAN implementation and security. Trend Micro hopes to help users secure it and make LoRaWAN communication resistant to critical bugs.
A prolific Eastern European cybercriminal group has tried to hack US companies in the transportation, defence and insurance sectors by mailing those organisations malicious USB drives. The unnamed companies received a series of fake letters via the US Postal Service and UPS from August to November impersonating the Department of Health and Human Services in some cases, and Amazon in others, according to the FBI.
U.S. Cyber Command posted more than a dozen malware samples to a public repository, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers. The samples represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement.
Nanocore, Netwire, and AsyncRAT payloads are being deployed from public cloud systems in what Cisco Talos suggests is a way for cyberattackers to avoid having to own or manage their own private, paid infrastructure -- such as through 'bulletproof' hosting which may eventually capture the interest of law enforcement. This abuse allows cybercriminals to leverage the resources of cloud services managed by vendors including Microsoft Azure and Amazon Web Services (AWS) for malicious purposes.
In June 2020, OpenAI released version 3 of its Generative Pre-trained Transformer (GPT-3), a natural language transformer that took the tech world by storm with its uncanny ability to generate text that could fool readers into thinking it was written by humans. However, GPT-3 was also trained on computer code, and recently OpenAI released a specialised version of its engine, named Codex, tailored to help — or even replace — computer programmers. The blog is the first in a series of blogs examining the security risks of Codex, a code generator powered by the GPT-3 engine.
The pandemic fuelled a surge in the use of QR codes. Seeking to cut down on possible transmission, restaurants replaced physical menus available to all customers with online versions accessible on your own personal phone. Hackers may like using QR codes in phishing emails because they often aren't picked up by security software, giving them a better chance to reach their intended targets than attachments or bad links, says Aaron Ansari, vice president for cloud security at the antivirus company Trend Micro.
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.
Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the U.S. and Europe. It is estimated that the total losses resulting from the attacks is in excess of one million U.S. dollars. A 36-year-old resident of Ukraine's capital Kiev was identified as the leader of the group, which included his wife and three other acquaintances, the police states.
What do you think about January’s Patch Tuesday updates? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.