SolarWinds CISOs blamed, ThirdEye Windows malware, Government extends canary
SEC notice to SolarWinds CISO and CFO shakes up cybersecurity industry
US SEC staff have recommended legal action against individual SolarWinds employees, in an unusual move that is causing a stir among cybersecurity professionals. Current and former employees and officers of the company including the CFO and CISO have received so-called Wells notices from the SEC staff, in connection with the investigation of the 2020 cyberattack, the company said in an SEC filing. The notices allege that the company violated federal securities law by not having internal cybersecurity controls in place to prevent the attack. A SolarWinds spokesperson defended the company’s response to the fiasco but said its executives may face charges related to their handling of the situation.
(The Record ?and?CSO Online )
Newly uncovered ThirdEye Windows-based malware steals sensitive data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name that translates to “CMK Rules for issuing sick leaves.pdf.exe.” The stealer is equipped to gather information such as system metadata, register usernames and volume information, which is then transmitted to a C2 server, using the string “3rd_eye” to beacon its presence to the C2 server.
Cyber Command to expand ‘canary in the coal mine’ unit working with private sector
U.S. Cyber Command is doubling the size of a little-known program that serves as one of the military’s chief links to private industry in order to bolster the country’s defenses against cyberthreats. The team of tech-savvy military and civilian experts will grow from one dozen to two dozen people by this time next year, according to Army Lt. Col. Jason Seales, the command’s chief of private sector partnerships. Cyber Command and companies use tools like Slack and Microsoft Teams to communicate daily about digital threats. During a recent interview at the NSA’s Cybersecurity Collaboration Center (CCC), he said, “We need to make sure that we have additional resources and capabilities available … and not put the burden so much on the small handful of folks that we have now.”
(The Record )
Microsoft Sysmon now detects when executables files are created
Microsoft has released Sysmon 15, converting it into a protected process and adding the new ‘FileExecutableDetected’ option to log when executable files are created. As Sysmon is commonly used to detect malicious behavior, it is in threat actors’ best interest to tamper with or disable the software. With this release, Microsoft converted the Sysmon.exe executable into a protected process to prevent malicious code from being injected.
领英推荐
Thanks to this week’s episode sponsor, AppOmni
Lawsuit says OpenAI violated US authors’ copyrights to train AI chatbot
Two U.S. authors sued OpenAI in San Francisco federal court on Wednesday, claiming in a proposed class action that the company misused their works and that of other authors to “train” ChatGPT, by mining data copied from thousands of books without permission, infringing the authors’ copyrights. This is not the first lawsuit of its kind. Several legal challenges have been filed over material used to train AI systems, including source-code owners against OpenAI and Microsoft’s GitHub, and visual artists against Stability AI, Midjourney, and DeviantArt.
(Reuters )
Android spy app LetMeSpy suffers data breach
Android-based phone monitoring app LetMeSpy has disclosed a security breach that occurred on June 21, allowing an unauthorized third-party to steal sensitive data associated with thousands of Android users. LetMeSpy is a subscription based app that allows its customers to snoop on others by installing the software on their devices. It is billed as a tool for parental or employee control. It can collect call logs, SMS messages, and geolocations, and its icon can be hidden from the device’s home screen launcher. The stolen data is email addresses, messages, and victims’ locations going back to 2013.
Flutter-based Android malware targets credit cards and 2FA codes
Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware “represents a significant shift as it incorporates the malicious components directly within the Flutter code,” said Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week. Fluhorse was first documented by Check Point in early May 2023. The initial intrusion vector for the malware is phishing, and its ultimate goal is stealing credentials, credit card details, and two-factor authentication (2FA) codes received as SMS to a remote server under the control of the threat actors.
Sony’s confidential PlayStation secrets spilled because of a Sharpie
Sony highly confidential information about its PlayStation business has just been revealed by mistake. As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. However the redactions word done with a black Sharpie which means the text remains visible when placed on a scanner. Sony’s competition quickly downloaded the documents before they were taken down. They reveal details such as the cost of development of some of its games, the costs and dangers of Microsoft making Call of Duty exclusive to Xbox, and the true value of Call of Duty to PlayStation.
(The Verge )