CISOs’ cybersecurity confidence, Healthcare cyberbreach report, Duo outage
CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents
Cybersecurity company AppOmni has released its new?State of SaaS Security Posture Management Report, which surveyed more than “600 IT, cybersecurity, and business leaders at companies between 500-2,500 employees.” 71% agreed “that their organizations’ SaaS cybersecurity maturity has achieved either a mid-high level (43%) or the highest level (28%), but only 21% claimed zero SaaS incidents in the last 12 months. A link to the full report is available in the show notes to this episode.
Cyber Health Report: Hacker entry point shifts from email to network
We have been covering a growing number of stories on breaches and attacks on hospitals and healthcare systems on Cyber Security Headlines, and yesterday, Critical Insight released its?H1 2023 Healthcare Data Cyber Breach Report. Chief among its findings is that “the first six months of the year saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels.” The report predicts that 2023 is “on pace to break the record for individuals affected by breaches.” Hacking/IT incidents were the primary cause of breaches, with network server breaches accounting for 97% of records affected, with only 2% due to email breaches. The full report is available at Critical Insight, and a link is available in the show notes to this episode.
Duo outage causes Azure Auth authentication errors
Duo Security, a multi-factor authentication provider owned by Cisco, had to deal with an outage on Monday that had been causing authentication failures and errors, with some customers reporting problems with authentication slowness and logins. According to Bleeping Computer, “the outage also led to core authentication service issues across multiple Duo servers, triggering Azure Auth authentication errors for Azure Conditional Access integrations in a systemwide outage.” The issue was resolved by Duo as of 6:00 p.m. ET that same day.
New Variant of XLoader comes disguised as OfficeNote productivity app
A productivity app called OfficeNote is actually a new variant of an Apple macOS malware called XLoader, and according to SentinelOne security researchers Dinesh Devadoss and Phil Stoke, it comes “bundled inside a standard Apple disk image with the name OfficeNote.dmg.” This variant solves a problem that XLoader faced in requiring a Java Runtime environment by instead using programming languages such as C and objective C, using a disk image signed on July 17 of this year. According to The Hacker News, Apple has since revoked the signature. “Once executed, OfficeNote throws an error message saying it “can’t be opened because the original item can’t be found,” but, in reality, it installs a launch agent in the background for persistence.”
领英推荐
Thanks to this week’s episode sponsor, Hyperproof
Deep Instinct study finds significant increase in Generative AI fueled cyber attacks
Cybersecurity company Deep Instinct today releases its fourth edition of its?Voice of SecOps Report, based on research conducted by Sapio Research which surveyed over 650 senior security operations professionals in the US, including CISOs and CIOs. Chief among its findings: “70% of security professionals say generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale. However, 75% of security professionals witnessed an increase in attacks over the past 12 months, with 85% attributing this rise to bad actors using generative AI. Nearly half (46%) agree that ransomware is the greatest threat to their organization’s data security and 62% admit that ransomware is the number one C-suite concern, up from 44% in 2022.” The full report is available at Deep Instinct, and a link is available in the show notes to this episode.
Carderbee hacking group in Hong Kong supply chain attack
Carderbee is a new APT hacking group that has been hitting organizations in Hong Kong and other regions nearby using a legitimate encryption and decryption software called Cobra DocGuard to infect targets with PlugX malware. According to Bleeping Computer, “the fact that Carderbee uses PlugX, a malware family widely shared among Chinese state-backed threat groups, indicates that this novel group is likely linked to the Chinese threat ecosystem.” Bleeping Computer points out that “the downloader for PlugX malware is digitally signed using a certificate from Microsoft,” recalling a December 2022 event in which Microsoft disclosed that hackers had abused Microsoft hardware developer accounts to sign malicious Windows drivers and post-compromise rootkits.
Australian Utility Energy One suffers cyberattack
Australia’s Energy One Limited is a global supplier of software and services to the wholesale energy market. The company confirmed, in a statement published on the website of the Australian Securities and Exchange, that on Friday, August 18, it “established that certain corporate systems in Australia and the United Kingdom had been affected by a cyber-attack.” They have deployed the appropriate teams and resources for mitigation
TP-Link Smart Bulb vulnerabilities expose households to potential attacks
Researchers in Italy and the UK are warning that the TP-Link Tapo L530E smart bulb and its mobile application could be exploited in order to reveal local Wi-Fi network passwords. Tapo is a European smart device company, and this brand of smart bulb is a best seller in Italy. Of four issues identified in a research paper, the most severe is a “lack of authentication of the smart bulb with the Tapo app, which allows an attacker to impersonate a smart bulb and authenticate to the application.” Consequently, the issue has a CVSS score of 8.8. According to Security Week, “the academics conducted their research using the IoT penetration testing tool PETIoT” which stands for PEnetration Testing the Internet of Things.