Clop leaks on clearweb, EU pushes back on CSA centralization, rising data breach costs
Clop moves leaked data to clearweb sites
Like many threat groups, typically the Clop ransomware organization publishes leak data on their own dedicated sites on the Tor network. This data is technically public, but isn’t listed on a search index and only accessible with a Tor browser with slower download speeds. Now the Clop group began publishing leaked data from the MOVEit attacks directly on Internet-accessible sites. This isn’t an original move, the ALPHV ransomware group started doing this last year. These sites are specific for each victim, designed to ratchet up pressure on the firms to pay a ransom. These do show less sophistication compared to ALPHV’s sites, which included a search functionality. So far, Clop just provides links to download data dumps.??
EU governments push back on centralized cyber reporting
The draft of the Cyber Resilience Act under consideration by the European Council initially called for requiring manufacturers to report actively exploited vulnerabilities to the European Union Agency for Cybersecurity, or ENISA. However after pushback on this requirement, the EC amended the bill to now call on reporting these to a EU member country’s Computer Security Incident Response Team, or CSIRT. This body would then send warnings of the vulnerabilities to other national authorities under an intelligence sharing platform operated by ENISA. Some critics of the first draft of the CSA said having ENISA stockpile all vulnerability disclosures made them a more likely target for cyber attacks.?
Cost of data breaches up 15%
That finding comes from IBM Security’s Cost of a Data Breach Report, which looked at global organizations from March 2022 through March 2023. The overall cost of a data breach jumped 15% over the last three years to an average of $4.45 million. Within that costs, detection and escalation costs increased 42% in that period, showing a shift to more sophisticated breach investigations. Organizations not disclosing ransomware-related data breaches to law enforcement saw breach lifecycles take up 33 more days than average, with an additional $470,000 cost. 57% of organizations that experienced a data breach planned to pass this cost off to consumers, while 51% planned to increase security investments.?
Flipper tool gets an app store
The Flipper Zero is a wireless tool, offering NFC, RFID, Bluetooth, and sub-GHz wireless radios. It’s open hardware, so developers already wrote many custom apps for the platform. However this required downloading code from repositories like GitHub and loading with a microSD card. Now Flipper Devices released a mobile app, which lets users browse and install apps from their phone over Bluetooth. Company spokesperson Yury Molodtsov told The Verge the app store already offers almost 100 applications.
And now a word from our sponsor, AppOmni
MS shares mitigation for Outlook link issues
After the most recent Microsoft Outlook security update, the desktop app started blocking attempts to open IP addresses or fully qualified domain name hyperlinks. The company confirmed the issue, saying users could see warnings about an unsafe location, a random error message, or no explanation at all. The company didn’t patch the issue, but issued a temporary workaround. Microsoft said users can add these URLs to Outlook’s Trusted Sites, although warned this may make a machine more vulnerable to malicious activity.?
OpenSSH vulnerability exposes Linux systems
Security researchers at Qualys disclosed details on a now-patched OpenSSH bug that opened the door for remote code execution. The researchers developed a proof-of-concept exploit against default Ubuntu installations, suspecting many other Linux distributions of being susceptible. The exploit allows an attacker that obtained access to the remote server of an connected ssh-agent to immediately load any shared library to the agent’s workstation. There’s no evidence of exploitation in the wild.?
Lazarus targeting GitHub devs
The popular code repository wrote up new findings that the pernicious North Korean-backed APT began impersonating as recruiters and developers on its platform. This appears part of a “low-volume social engineering campaign” across LinkedIn, Slack, Telegram, and GitHub. The group posed with legitimate accounts they’ve taken over, attempting to get other users to clone and execute a GitHub library to further spread a two-stage malware. The company claims none of its systems or npm systems became compromised in the campaign.?
Twitter is now X
The platform formally known as Twitter changed its branding to X, with X.com now redirecting to twitter.com. Chairman Elon Musk described the current logo as “interim.” The site no longer features its iconic baby blue in favor of black. Musk already changed the legal name of Twitter Inc to X Corp back in April. He has kind of a thing for the branding, he founded X.com in 1997, which eventually transitioned to PayPal.?(TechCrunch)