Cyber Security Headlines: Malware in search ads, Guardian hit with … – CISO Series

A new public service announcement from the law enforcement agency warned of threat actors purchasing ads in search engines that spoof legitimate businesses and services. These link back to malicious sites that prompt downloads with names that indicate the software relates to the spoofed company. Instead these act as phishing platforms, targeting financial and cryptocurrency transactions. The FBI clarified that search engine ads aren’t inherently malicious, but users should use caution when accessing sites through search ads. 
(Bleeping Computer)
The British newspaper stalwart confirmed a “serious IT incident” hit its systems over the last 24 hours, suspecting a ransomware attack. Online publishing remains unaffected, but it shifted to remote work as its experienced disruption “behind the scenes.” The paper remained confident it could produce a print edition for December 22nd. No word if any data was stolen, if there has been a ransom demand, or what group orchestrated the attack. 
The authentication service provider disclosed a malicious actor accessed its private GitHub repositories this month. According to email notifications seen by  Bleeping Computer, the incident resulted in stolen source code. Okta says the attackers did not gain access to its services or customer data, and that it does not rely on source code as a means to secure its services. The accessed repositories appear related to Okta Workforce Identity Cloud, not its Auth0 Customer Identity Cloud product. This year Okta also disclosed a breach of its administrative consoles and customer data back in January, and a leak of older Auth0 source code in September. 
(Bleeping Computer)
Researchers at Cyber News discovered that the global shoe manufacturer and retailer Ecco left a Kibana instance exposed online, holding a combined 60GB of sensitive sales and system data in ElasticSearch. Anyone with access could view, edit, copy, or delete the data. A misconfiguration error allowed anyone to access the data through its API. Historical data shows it accessible as on June 4, 2021. Cyber News contacted Ecco about the error ahead of the story, they never received a reply but the instance was taken offline ahead of publishing. 
(Cyber News)
Eufy security cameras made a name for themselves by promising that data would be stored locally with end-to-end encryption. Earlier this year, security researchers discovered that unencrypted feeds of its cameras could be accessed and that thumbnails of camera images were uploaded to its cloud. Now in a blog post, Anker’s Eufy security brand admitted it’s Security Live View Feature has a security flaw. It claimed the issue exposed no user data. The company also announced it will only allow viewing live streams through its secure Web portal while logged in. The company will also advise users they have a choice of local or cloud push notifications. Enabling cloud push notifications uploads thumbnails of camera images to eufy’s servers. 
(The Verge)
The Guardian highlighted that the Ukrainian military eavesdropped on calls made by Russian soldiers while on the front lines. These are calls made over personal cell phones by Russian soldiers. These go through a Ukrainian telecom provider, making it easy for the military to intercept. Earlier in the conflict, Russian communications often used open radio frequencies, resulting in leaked communications from military commands. Since the initial invasion, experts say Russian security has improved, but remains vulnerable due to use of consumer phones by soldiers. Some of these calls expose military intelligence, with Ukraine releasing any calls to the press that have propaganda value. 
(The Guardian)
Sophos’ Matt Wixey wrote up a look at a surprisingly coordinated scam involving the Genesis Market. Genesis lives on the Tor network, but Wixey noticed adds for it in search engines and Reddit that shows a clearnet site. Rather than being invitation-only like the real Genesis Market, these sites asked for a $100 deposit for access, pain in Monero or Bitcoin. Overall, the team discovered twenty similar sites registered between August 2021 and June 2022 that seemed to be operated by the same group, all imitating existing or defunct dark web markets. The addresses linked to across all sites received over $132,000 in cryptocurrency. 
According to a recent Kaspersky survey, reverse engineering malware took the top spots for skills InfoSec specialists wanted to advance in 2022. Looking at training session data, over 45% of participants showed interest in improving the skill. Meanwhile 28% of participants took classes on Yara rules training, while 27% signed up for courses on incident response, malware analysis, and product security assessments. Overall the report found that while the number of new cybersecurity programs grew rapidly, demand for cyber professionals still outstripped the supply of skilled workers. 
(Dark Reading)
Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We’re just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.

CISO Series: Delivering the most fun you’ll have in cybersecurity.
Contact us:
© 2021 CISO Series


Leave a Comment