Cyber Security Update

In this week's cyber security update, read about the new Google Chrome feature that blocks attacks against home networks, and see more cyber security news from us here at Third Wave Innovations.?

BlackCat ransomware shuts down in exit scam, blames the "feds": The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.? Read More??

The Roundup:? At this point, it is unclear if the ransomware gang will return under a new name. However, one thing is sure: their reputation has been significantly tarnished, making it doubtful affiliates would want to work with them in the future.?

?

ScreenConnect Flaws Exploited to Drop New ToddlerShark Malware:? The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. Read More?

The Roundup:? ToddlerShark is a new variant of Kimsuky's BabyShark and ReconShark backdoors, previously seen targeting government organizations, research centers, universities, and think tanks in the United States, Europe, and Asia.?

??

NSA Shares Zero-Trust Guidance to Limit Adversaries on the Network: The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. Read More?

The Roundup:? Designing and building a zero-trust environment is a complex task that requires going through maturity stages systematically. Done properly, the result is an enterprise architecture that can resist, identify, and respond to threats attempting to exploit weaknesses.?

?

New Google Chrome Feature Blocks Attacks Against Home Networks:?Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.?Read More?

The Roundup:? The motivation behind this development is to prevent malicious websites on the internet from exploiting flaws on devices and servers in users' internal networks, which were presumed safe from internet-based threats.?

?

The Next Big Bombs to Drop in the Change Healthcare Fiasco:?Attack on Optum's IT Services Unit Could Be the Worst One to Hit Healthcare Sector.? Read More?

The Roundup:? plenty of insightful lessons will emerge in the postmortem of the attack, not only to help prevent a similar incident of such scale in the future, but also to better prepare the industry for "next time."?

?

Apple Fixes iOS Kernel Zero-Days Being Exploited in the Wild:? Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. ?Read More?

The Roundup:?The release of a fix for the latest two zero-day vulnerabilities marks the third round of patches this year of in-the-wild, exploited Apple zero-days.??

?

Human vs. Non-Human Identity in SaaS:? Service accounts, OAuth authorizations, and API keys are just a few of the non-human identities that require SaaS access. When viewed through the lens of the application, non-human accounts are similar to human accounts.? Read More?

The Roundup:? Using a SaaS Security Posture Management (SSPM) platform in concert with Identity Threat Detection & Response (ITDR) solutions, organizations can effectively manage their non-human accounts and detect when they behave anomalously.?

?

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China:? The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Read More?

The Roundup:? Ding, who joined Google as a software engineer in 2019, has been accused of siphoning proprietary information related to the company's supercomputing data center infrastructure used for running AI models, the Cluster Management System (CMS) software for managing the data centers, and the AI models and applications they supported.?

?

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware:? Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023.? Read More?

The Roundup: The spoofed sites are in Russian and are hosted on domains that closely resemble their legitimate counterparts, indicating that the attackers are using typosquatting tricks to lure prospective victims into downloading the malware.?