10/20/23: RagnarLocker, Cisco, Open Source & more!

Here are this week's security highlights:

RagnarLocker taken down!

International law enforcement authorities are actively working to take down a ransomware gang known for targeting critical infrastructure. Early Thursday, the dark-web site for the RagnarLocker was replaced with a notice saying the website has been "seized as part of a coordinated international law enforcement action."

Europol deputy spokesperson Claire Georges confirmed to Axios that Europol is "part of an ongoing action against this ransomware group" and that a more detailed announcement is planned for Friday "when all the actions have been finalized."

微软 may face FTC investigation over Chinese email hack

The Federal Trade Commission may investigate whether Microsoft violated a 20-year-old cybersecurity promise to the commission by failing to prevent a May hack into its customers’ email accounts that it only disclosed recently, according to a letter obtained exclusively by The Messenger .

“The Commission will ‘shift resources to order compliance and enforcement, especially against the largest respondents,’” FTC Chair Lina Khan said in an Oct. 18 letter to Sen. Ron Wyden (D-Ore.), quoting from language included in a 2021 FTC report to Congress.

A warning to founders developing apps with lean teams and open-source code

Open source code has exploded in popularity and become an essential building block for modern software (as it can dramatically increase the speed and efficiency of software builds). The accessibility and convenience of proven code means that software developers don’t have to waste time and limited resources reinventing the wheel. However, according to a study my company conducted, open source code isn’t without risk. In fact, the report found higher open-source security risks than ever before. Consider this: Most businesses don’t know what’s in their own code.

Phishing guidance from CISA, NSA & FBI

Cybersecurity and Infrastructure Security Agency , in coordination with the National Security Agency , Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center, published guidance to assist organizations with preventing phishing attacks. The joint document, titled "Phishing Guidance: Stopping the Attack Cycle at Phase One," outlines common phishing techniques used by threat actors and instructs organizations at all levels on how to protect themselves. CISA covered two primary phishing objectives: obtaining login credentials and installing malware.

More than 40,000 Cisco switches and routers could be infected

An unknown attacker has infected perhaps more than 40,000 思科 switches and routers, researchers say, with back doors that could allow them to take over the devices and get into other networks. Physical and virtual devices that run Cisco iOS XE software have a critical vulnerability that leaves them open to the installation of the implant, and there’s no patch yet — although users can take steps to close off the line of attack.

Subscribe for more weekly security highlights!

PS: if you're attending #Kubecon in Chicago, find us at booth Q12!