Tevora Cybersecurity News

Curated by Anir Desai and Hai-Trang Nguyen

?? CISA and FBI Update Software Security Recommendations

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have updated their published guidance on insecure software security practices, incorporating feedback gathered during a month-and-a-half-long public comment period. The updated guidance addresses insecure practices such as hardcoded credentials, outdated cryptographic functions, insufficient product support, and weak implementation of multi-factor authentication (MFA). Software developers and manufacturers are encouraged to review the updated guidance to avoid poor security practices and promote secure-by-design principles.

More information regarding CISA and the FBI's updated guidance on software security can be found here.

?? Default Teams Configurations Used in Ransomware Attacks

Several ransomware groups have been observed exploiting Microsoft Teams' default configurations to pose as IT support and execute social engineering campaigns. These campaigns operate by spamming victim inboxes and then sending the target an inbound Teams message from an external domain, impersonating internal IT teams addressing an alleged incident. Threat actors then convince targets to install Microsoft Quick Assist or a legitimate Microsoft updater, which either establishes a remote connection or includes a malicious side-loading library, leading to malware installation. Organizations are encouraged to restrict Teams calls and messages from external organizations or allow external communication only from trusted business partners.

More information regarding ransomware attacks using Teams default configurations can be found here.

?? Conduent Confirms Cybersecurity Incident

American business services organization and government contractor Conduent has confirmed experiencing a cybersecurity incident that impacted customer operations across various U.S. states. Following its disclosure, Conduent stated that the incident has been contained and all systems have been securely restored. However, no information has yet been released regarding the scope of affected customers, the level of data impact, or whether a ransom demand was issued.

More information regarding Conduent's recent cybersecurity incident can be found here.

?? FTC Orders General Motors to Halt Driver Data Collection

The FTC has ordered General Motors (GM) and its subsidiary, OnStar, to stop collecting and selling driver geolocation data without clear consent. An investigation revealed the companies sold driving data to third parties without proper driver authorization. Under the proposed settlement, GM and OnStar must cease such practices for five years and improve transparency in user consent processes. The two organizations have been issued a 180 period to comply with the FTC's provisions or face potential penalties up to $51,744 per violation.

More information regarding the FTC's order against GM and OnStar can be found here.

Stay vigilant, stay alert, and please reach out if you have any questions!