Cyber Risk Update 8 SEP 2023

Exclusive

• Credentials, the Keys to the Kingdom https://www.learnsecurity.org/single-post/credentials-the-keys-to-the-kingdom

This is a selection of this week's events. For more news and advisories check out our discord server.

Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Incidents

• The Seattle Times: Breach of Microsoft engineer’s account likely led to hack of U.S. officials (09/06) https://www.seattletimes.com/business/microsoft/breach-of-microsoft-engineers-account-likely-led-to-hack-of-u-s-officials/

• Bleeping Computer: W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA (09/06) https://www.bleepingcomputer.com/news/security/w3ll-phishing-kit-hijacks-thousands-of-microsoft-365-accounts-bypasses-mfa/

• Authentication Outage Underscores Why 'Fail Safe' Is Key. Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes. https://www.darkreading.com/dr-tech/authentication-outage-highlights-why-fail-safe-is-key

Governance, Risk, and Compliance

• The Record: Easterly: CISA wrapping up cyber incident reporting rule (09/06) https://therecord.media/cyber-incident-reporting-regulation-cisa

K-12

• The Cybersecurity and Infrastructure Agency (CISA) has announced on Sept. 5 a “voluntary pledge” for K-12 education technology software developers and manufacturers to commit to creating products with a greater emphasis on cybersecurity built in. Since Sept. 1, CISA has received six commitments from large software developers, including PowerSchool, Classlink, Clever, GG4L, Instructure, and D2L. “We need to address K-12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box,” said CISA Director Jen Easterly. https://www.meritalk.com/articles/cisa-announces-k-12-cybersecurity-voluntary-pledge/

OT Security

• Info Security Magazine: MITRE and CISA Release OT Attack Emulation Tool (09/06) https://www.infosecurity-magazine.com/news/mitre-cisa-ot-attack-emulation-tool/

Nation States

• The Hacker News: Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure (09/06) https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html

• Spying made easier: China demands tech firms reveal weak spots https://cybernews.com/news/china-spying-software-vulnerabilities/

• The Hill: Chinese hackers stole signing key used to breach US officials’ emails from Microsoft engineer, company says (09/07) https://thehill.com/policy/technology/4192468-chinese-hackers-stole-microsoft-signing-key-used-to-breach-us-officials-emails/

• Cyber Scoop: Multiple nation-state hackers infiltrate single aviation organization (09/07) https://cyberscoop.com/cisa-state-hackers-aviation/

• Reuters: North Korea hackers going after Russian targets, Microsoft says (09/07) https://www.reuters.com/technology/north-korea-hackers-going-after-russian-targets-microsoft-says-2023-09-07/

• Russia-linked attackers hit UK Ministry of Defence, leak stolen data. Report claims the LockBit ransomware group has published vast amounts of stolen information on the dark web. https://www.csoonline.com/article/650994/russia-linked-attackers-hit-uk-ministry-of-defence-leak-security-data.html

Cyber Criminals

• NBC News: U.S., U.K. accuse 11 Russians of running cybercrime ring that attacked hospitals around the world (09/07) https://www.nbcnews.com/news/world/us-uk-accuse-11-russians-running-cybercrime-ring-attacked-hospitals-wo-rcna103736

Vulnerability

• Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html

• Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform https://thehackernews.com/2023/09/cisco-issues-urgent-fix-for.html

Supply Chain, Third Party Risks

• Silicon Angle: Software supply chain attacks are multiplying, but so are strategies to avoid them (09/07) https://siliconangle.com/2023/09/07/software-supply-chain-attacks-multiplying-strategies-avoid/

• Google: State hackers attack security researchers with new zero-day https://www.bleepingcomputer.com/news/security/google-state-hackers-attack-security-researchers-with-new-zero-day/

• How to improve the identity security of contract workers. Here are three reasons why companies must make managing identity security for gig economy workers a top priority. https://www.scmagazine.com/perspective/three-ways-to-improve-the-identity-security-of-contract-workers

Critical Infrastructure

• Cybersecurity Builds Trust in Critical Infrastructure. Improving an energy company's resistance to cyberattack does more than protect vital resources — it enhances trust from customers and investors. https://www.darkreading.com/edge-articles/cybersecurity-builds-trust-in-critical-infrastructure

AI

• Microsoft to Defend Customers on AI Copyright Challenges. Microsoft will pay legal damages on behalf of customers using its artificial intelligence (AI) products if they are sued for copyright... https://www.insurancejournal.com/news/national/2023/09/08/739636.htm