News Items

A Howard County hospital is the latest Arkansas healthcare provider to announce a data security breach that could put patients and employees at risk. Howard Memorial Hospital, located in the city of Nashville, became aware of suspicious network activity on Dec. 4. An investigation discovered the potential for files to be stolen by an "unknown actor" between Nov. 14 and Dec. 4. The hospital employs 250 employees and sees about 10,000 emergency department visits annually. The healthcare system, which includes outpatient clinics, had a gross revenue of $76 million during the 2021 fiscal year. Hospital Administrative Director Sandy Webb said the breach originated outside the hospital. Details on how the data theft was discovered, the number of files affected, and the potential financial impact was not immediately available. Information potentially stolen could include the patient's name, contact information, date of birth, social security number, health insurance information, medical record number, medical history, diagnosis, treatment, and physician name. Employee's records stolen could include name, contact information, date of birth, social security number, and bank account information. The U.S. Department of Health and Human Services Office for Civil Rights is required by law to post a public list of breaches of unsecured protected health information affecting 500 or more individuals. In 2022, the department reported four previous hacking or information technology incidents for healthcare providers in Arkansas. The four breaches accounted for 490,868 individuals affected this year. The breaches happened at Mena Regional Health Care System, Independent Case Management, Magie Mabrey Hughes Eye Clinic, and ARcare. ARcare saw the largest breach, with 345,353 individuals affected. Nationally, there have been 22 million individuals affected by hackers hacking healthcare providers' networks during 2022.

Arkansas Democrat Gazette reports: "Nashville Hospital Hit by Data Breach"

A paper from the Carnegie Endowment for International Peace (CEIP) 'Cyber Conflict in the Russia-Ukraine War' series examines the military effectiveness of Russia's wartime cyber operations in Ukraine, the reasons why these operations have not had a greater strategic impact, and the lessons that can be applied to other nations' military cyber efforts. It expands upon prior research by adopting a more systematic and comprehensive approach and including a broader range of publicly available data. Each Carnegie expert examined a different aspect of the cyber conflict. This study seeks to bridge the gap between cyber-specific and general military assessments of the Russia-Ukraine conflict. Most analyses of Russian cyber activities in Ukraine have been released by cyber specialists writing for their own field, with limited incorporation of non-cyber military sources and concepts. In contrast, leading narratives of the war make little mention of cyber activities. The paper fills the void by situating Russian cyber operations in Ukraine within the context of Moscow's larger military objectives, campaigns, and kinetic activities. According to the paper, Russia's disruptive or damaging cyberattacks may have contributed to Moscow's initial invasion, but they have caused negligible harm to Ukrainian targets since then. Another point raised is that such cyberattacks have not significantly enhanced Russia's kinetic capabilities. This article continues to discuss some key points made in a new paper on Russia's wartime cyber operations in Ukraine.

HSToday reports "Russia's Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications"

Taiwan-based networking and storage solutions provider Synology has recently informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest. The company published two new critical advisories in late December. One of the advisories describes an internally discovered vulnerability affecting Synology VPN Plus Server, which turns routers into an advanced VPN server. The company noted that the security hole, tracked as CVE-2022-43931, is an out-of-bounds write issue in the remote desktop functionality of VPN Plus Server. It can allow a remote attacker to execute arbitrary commands. The second advisory describes multiple vulnerabilities impacting the Synology Router Manager (SRM), the operating system that powers the firm's routers. The company noted that the flaws can be exploited for arbitrary command execution, denial-of-service (DoS) attacks, and reading arbitrary files. The SRM advisory credits several people and companies for reporting the vulnerabilities. The issues were disclosed through Trend Micro's Zero Day Initiative (ZDI). This suggests that the vulnerabilities were demonstrated at the Pwn2Own Toronto 2022 hacking contest, which took place December 6-9.

SecurityWeek reports: "Critical Vulnerabilities Patched in Synology Routers"

Future electronic products may incorporate enhanced security mechanisms into their circuitry to fight against malicious attacks. Researchers from King Abdullah University of Science and Technology (KAUST) have revealed how protective "logic locks" based on the field of spintronics might be placed into the integrated circuits of electronic chips to protect chip security. KAUST's Yehia Massoud notes that the requirement for hardware-based security features reflects the nature of today's electronics production. Electronics businesses typically use big, external, specialized foundries to manufacture their chips, which reduces costs but raises the possibility of supply chain vulnerabilities. An untrusted foundry could unlawfully copy the circuit design for the production of counterfeit chips, or the design could be maliciously modified by the incorporation of "hardware Trojans" that alter its behavior in some way. According to Divyanshu Divyanshu, a Ph.D. student at Massoud's labs, security methods such as logic locking are now widely employed to build confidence in the globalized integrated circuit manufacturing chain. To protect chip security, the group developed an integrated circuit logic lock based on a Magnetic Tunnel Junction (MTJ). Logic locking functions like a combination lock, explains Divyanshu. Unless the lock receives the correct "key" combination signal, the circuit's operation is scrambled. The lock's keys are stored in memory that cannot be altered, ensuring hardware security against several threat scenarios. This article continues to discuss the integrated circuit logic lock designed by the KAUST researchers aimed at protecting electronic devices from cyberattacks.

SciTechDaily reports "The Security System of the Future - Electronic Devices Could Use 'Logic Locks' To Fend Off Malicious Attacks"

Recent research by Cyble Research and Intelligence Labs reveals that fraudsters monitor user complaints on Twitter in order to target Indian citizens. The team witnessed scammers looking at Twitter for potential complaints in order to obtain information from victims. The Indian Railway Catering and Tourism Corporation (IRCTC) is involved in a similar scheme. Similarly, threat actors search Twitter for complaints about the IRCTC to collect user contact information and then make direct contact with potential victims. After extracting information, the fraudsters act as IRCTC customer service agents and request sensitive information, such as the Train PNR number, order number, refund amount, and payment method. Even if the victim is unable to provide the requested information, fraudsters could still employ a variety of techniques to steal money. The scammers were spotted sending SMS messages with an activation code and requesting that victims forward it to a certain number. Additionally, they would want personal information, such as the UPI payment app used. According to the researchers, criminals can then link the victim's mobile number or account to their own device using UPI. This article continues to discuss the phishing scheme involving the monitoring of Twitter complaints that is targeting Indian citizens.

Cybernews reports "Crooks Monitor Twitter Complaints to Target Users via Phishing"

According to the cybersecurity firm Emisoft, ransomware attacks affected more than 200 larger organizations in the US public sector in the government, educational, and healthcare verticals in 2022. Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence suggest that hackers stole data in nearly half of these ransomware attacks. According to available data, the ransomware threat impacted 105 counties, 44 universities and colleges, 45 school districts, and 24 healthcare providers in the US. Emisoft presented these statistics to emphasize that not all victims disclose such events, and some may have gone unnoticed by the researchers. Therefore, the figures in the year-end report on the condition of ransomware in the US should be regarded as conservative, as they cannot be used to accurately build a trend. Incidents involving the public sector are more likely to be disclosed, allowing for more consistent data. As a result, the researchers believe that this information could point to ransomware activities in the private sector. This article continues to discuss key findings from Emisoft's report on the state of ransomware in the US.

Bleeping Computer reports "Ransomware Impacts Over 200 Government, Education, Healthcare Orgs in 2022"

A team of University of Waterloo researchers developed a drone-powered device that can see through walls using Wi-Fi networks. Wi-Peep is a device that can fly close to a building and then use the inhabitants' Wi-Fi network to identify and locate Wi-Fi-enabled devices inside. The Wi-Peep device exploits a vulnerability referred to as polite Wi-Fi. Smart devices will automatically respond to contact attempts from any device within range, even if the network is password protected. According to the team, Wi-Peep sends several signals to a device as it flies and then measures the response time to determine the device's location within one meter. Dr. Ali Abedi, an adjunct professor of computer science at Waterloo, compares the Wi-Peep device to lights in the visible spectrum and the walls to glass. One might follow security guards' movements inside a bank by tracking the location of their phones or smartwatches, using similar technology. A criminal could also determine the position and type of smart devices in a home, such as security cameras, laptops, and smart TVs, to find a suitable candidate for a home invasion. Furthermore, because the device is operated via a drone, it can be used quickly and remotely without the user being detected. Although Wi-Fi security vulnerabilities have been explored before using large, expensive devices, the Wi-Peep stands out due to its accessibility and mobility. Abedi's team built the Wi-Peep device with a store-bought drone and $20 worth of hardware. This article continues to discuss the research and testing behind the Wi-Peep device that brings further attention to Wi-Fi vulnerabilities.

SciTechDaily reports "Researchers Develop a Device That Can Use Wi-Fi To See Through Walls"

The Government Accountability Office (GAO) released a report identifying government challenges to standardized security evaluations for Internet of Things (IoT) devices and Operational Technology (OT) devices. However, according to Joel Bagnal, director at the security company SpyCloud, state and local governments are required not to wait for federal guidance, as they can gain the upper hand by establishing more cyber ranges. In recent years, cyber ranges have risen in importance, with state-level ones opening in Louisiana, Virginia, and more. They primarily train cybersecurity professionals through hands-on labs and realistic exercises. Bagnal stated that increasing the number of ranges available to state and local governments would help officials in understanding the vulnerabilities of IoT and OT devices and learning to control the risk. He emphasized that a cyber range allows security staff to observe vulnerabilities being exploited and then learn how to apply this firsthand knowledge to their own network. Bagnal pointed out that the Idaho National Laboratory (INL) has a section devoted to critical infrastructure protection and IoT device security research, and is beginning to give recommendations for reducing vulnerabilities. The National Initiative for Cybersecurity Education (NICE) also published a guide on how cyber ranges can be used for education and training, stating that they are a crucial tool for closing the skills gap and securing society. This article continues to discuss the importance of setting up more cyber ranges to bolster cybersecurity for IoT and OT devices.

GCN reports "Cyber Ranges Bolster IoT Security"

The skills gap in cybersecurity that has plagued the security community for several years will not close soon. Eighty percent of firms suffered at least one data breach in the past year due to a lack of cybersecurity talent or awareness, according to research. As of July 2022, there are more than 700,000 unfilled cybersecurity posts in the public sector. The inability to recruit and retain sufficient talent to fight against a large volume of attacks would leave the public sector extremely vulnerable in 2023. In order to address the expanding cyber skills gap, the public sector must boost compensation packages to minimize talent loss to well-paid professions in the private sector and increase worker diversity. According to Cathy Grossi, vice president of product management at Accela, governments will leverage technology to overcome workforce shortages in 2023. Smart agencies will rely on data exchange to maximize their use of available resources. Governments can automate end-to-end procedures that span many departments or agencies, as well as leverage digital technologies such as chatbots, Machine Learning (ML), smart algorithms, and natural language processing to create processes that free up personnel for other duties. This article continues to discuss experts' insights and predictions regarding the cybersecurity workforce for 2023.

SC Media reports "2023 Workforce Predictions: Lack of Talent Will Haunt Firms as Leadership Comes Under Scrutiny"

A previously undiscovered strain of Linux malware is targeting WordPress sites by exploiting vulnerabilities in over two dozen plugins and themes to infiltrate vulnerable systems. New research from Doctor Web finds that malicious JavaScript code is injected into targeted web pages if the sites employ outdated versions of add-ons. Therefore, when consumers click on any part of an infected page, they are redirected to other websites. The attacks entail weaponizing known security flaws in 19 plugins and themes that are likely installed on a WordPress website, and deploying an implant that can target a specific website in order to grow the network. It can also inject JavaScript code received from a remote server in order to redirect site users to a website of the attacker's choosing. Doctor Web reported discovering a second variant of the backdoor, which employs a new command-and-control (C2) domain and an updated list of vulnerabilities affecting 11 additional plugins, bringing the total to 30. Both variants are believed to have an unimplemented technique for brute-forcing WordPress administrator credentials. However, it is unclear whether this is a remnant from an earlier version or a future feature. WordPress users are advised to keep all platform components, including third-party plugins and themes, up-to-date. In order to secure their accounts, it is also recommended that they use strong, unique login passwords. This article continues to discuss the latest findings regarding the new Linux backdoor malware targeting WordPress websites.

THN reports "WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws"

The LockBit ransomware group has issued an official apology for its attack on the Hospital for Sick Children (SickKids) and released a free decryptor for the hospital. The group is known to prohibit its affiliates from attacking healthcare organizations. Its policy prohibits encrypting the systems of companies whose failure could result in the deaths of humans. The gang claimed that one of its affiliates violated its rules by attacking SickKids, so it has blocked them. According the gang, the decryptor it has published is a Linux/VMware ESXi decryptor. The attack on the Hospital for Sick Children in Toronto, Canada occurred on December 18, 2022. The hospital is the largest pediatric healthcare facility in Canada and is located on University Avenue in Toronto, Ontario. Multiple network systems at the hospital were affected by the incident, but according to the healthcare organization, patient care was unaffected. This article continues to discuss the ransomware attack on the pediatric health center and the LockBit ransomware group releasing a decryptor to the hospital for free.

Security Affairs reports "LockBit Apologized for the Attack on the SickKids Pediatric Hospital and Releases a Free Decryptor"

GreyNoise Intelligence has released new research that examines the past 12 months' most notable threat detection events in depth. Bob Rudis, vice president of research and data science at GreyNoise Intelligence, stated that when it comes to cybersecurity, not all vulnerabilities are created equal, and many that gain public attention often turn out not to be significant. Researchers have provided insights into the celebrity vulnerability hype cycle for its 2022 report, with a breakdown of CVE-2022-1388, an F5 Big-IP iControl REST Authentication Bypass, how hard attackers will work to never let a critical vulnerability go to waste by looking at the depth and breadth of CVE-2022-26134, a critical weakness in Atlassian Confluence, and the impact of the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog releases on defenders. According to the report, there will be an increase in daily, persistent Internet-facing exploit attempts, post-initial access internal attacks, and headline-grabbing Log4j-centric attacks. This article continues to discuss key findings and insights from GreyNoise Intelligence's new research report.

Help Net Security reports "Attackers Never Let a Critical Vulnerability Go to Waste"

Mohamed "Aly" El-Hadedy, assistant professor of electrical and computer engineering at California State Polytechnic University, Pomona, was a member of a team whose innovative cybersecurity solution won Best Paper at the 2022 IEEE International System-on-Chip (SoC) Conference (IEEE SOCC). At the conference in Belfast, Northern Ireland, researchers from around the world presented their findings on the SoC technology. Laptops, smartphones, autonomous vehicles, and many other technologies use SoC. It is anticipated that by 2030, the number of Internet of Things (IoT) devices will exceed 25 billion, posing a significant cybersecurity threat. In response, the National Institute of Standards and Technology (NIST) launched a global competition to design a lightweight cryptographic solution for protecting IoT devices. Aly and his colleagues released "RECO-HCON: A High-Throughput Reconfigurable Compact ASCON Processor for Trusted IoT," suggesting a solution to the issue of inadequate cybersecurity in high-performance computing clusters connected to the same network or the Internet. Their proposed technique includes the secure exchange of data while drastically reducing processing power. Aly, colleagues from the University of Illinois Urbana-Champaign, and academics from Changhai Jiao Tong University developed a crypto-processor that is between 100 million and one billion times smaller than the ordinary smartphone. The processor also consumes a trivial amount of power. This article continues to discuss the inventive cybersecurity solution proposed by the team.

California State Polytechnic University, Pomona reports "ECE Faculty Develops Inventive Cybersecurity Technology, Wins Best Paper at International Conference"

Fifth-generation (5G) technology is expected to deliver the high-speed, low-latency wireless infrastructure required for the "smart" era. According to some predictions, fifty percent of all global data traffic will be created during the next five years by connected devices that do not require human participation. However, for the promise to become a reality, the connecting networks must be safe. A new report from the Brookings Institution evaluates the 5G promise, its cybersecurity problems, and the policy considerations required to realize the 5G promise. The report concludes that, as China and Europe advance their 5G initiatives, an American emphasis on network security will accelerate 5G adoption and generate a competitive edge for US enterprises abroad and at home. Such goals can be attained by applying well-known cybersecurity approaches, a federal oversight program that eschews regulatory micromanagement in favor of a light-but-frequent evaluation of 5G cyber risk mitigation operations, and adequate government funding. 5G wireless networks improve the efficiency and capabilities of the communications infrastructure to make room for a new generation of services, but they also open up new security holes that put the networks and the people who use them at risk. The first 5G vulnerability is that network tasks previously performed by purpose-built hardware are now virtualized in hackable software. Using software running on general-purpose computers to construct a network boosts capabilities and reduces costs, but introduces new vulnerabilities. Previously, networks ran on proprietary hardware and software that provided targeted security against threats. Moving additional functions to hackable software disaggregated from a purpose-built network appliance has opened up new attack vectors for 5G networks. This article continues to discuss key points made in the new Brookings report on 5G security.

The Brookings Institution reports "The Digital Future Requires Making 5G Secure"

The Cornell Policy Review has provided an analysis of how Secure Access Service Edge (SASE) can promote DevSecOps adoption. DevSecOps is a software development approach that integrates development, security, and operations throughout the development lifecycle. It eases communication among previously separate teams in order to break down silos and ensure security is emphasized throughout all phases. This methodology allows teams to shift security to the left. The goal is to detect security problems before they enter production, so that teams may collaborate to remedy them while they are still simple and inexpensive to fix. DevOps teams generally transition to DevSecOps by including security throughout all pipeline phases. SASE is a network architectural framework that centralizes cloud-native security technologies as well as Wide Area Network (WAN) capabilities. It delivers an end-to-end solution for securely connecting endpoints, systems, and users to services and applications in any place. SASE is a framework, not a specific technology. It can be used to consolidate a number of technologies, such as Secure Web Gateways (SWGs), Cloud Access Security Brokers (CASBs), Firewall-as-a-Service (FWaaS), and Zero Trust Network Access (ZTNA). The concept is to use the technology required to support agile operations from a single location. This article continues to discuss DevSecOps, SASE, and how SASE promotes DevSecOps adoption.

Cornell University reports "How SASE Promotes DevSecOps Adoption"

According to research conducted by the Cyber Threat Intelligence team at Accenture, infostealer malware grew in underground criminal networks in 2022, while multi-factor authentication (MFA) fatigue attacks increased. Infostealers are malicious software packages aimed at stealing sensitive information, including passwords, from victims. In an MFA fatigue attack, an attacker bombards a user's MFA device, generally a smartphone, with login approval requests. The goal is to exhaust the user so that they finally accept a login request to stop the notifications. Researchers have discovered that cybercriminals have expanded their infostealer malware variants to capitalize on demand, citing an increase in compromised credential marketplaces and a move toward private sales for quality logs. Timothy Morris, the chief security advisor at Tanium, believes that infostealer malware is booming because extortion is thriving. Extortion is more profitable and easier than ransomware. He explained that most people associate extortion with holding company data hostage or threatening to release stolen data during or after a ransomware attack, which is typical of second-level extortion. The third level consists of threats to release the data of individuals or entities contained inside the exfiltrated data. He noted that the third level of extortion can be reached by simply taking information, which infostealer software excels at. Morris stated that the same abilities and infrastructure used to create and operate a banking Trojan may be repurposed for use in an infostealer malware campaign. This article continues to discuss infostealer malware and MFA fatigue attacks.

Security Boulevard reports "Infostealer Malware Threat Grows as MFA Fatigue Attacks Spread"

Lookout's 2022 Government Threat Report shows that mobile phishing and device vulnerability risk is rising among US government agencies. In 2021, nearly half of all phishing attacks against government personnel would target employee credentials, up from 30 percent in 2020. Government agencies store and send various types of sensitive data, the protection of which is critical to the welfare of hundreds of millions of people. A breach of a government institution that results in the disclosure of sensitive information, the theft of credentials, or the forced disruption of activities due to ransomware can have a disproportionately large impact compared to a usual cybersecurity incident. In order to accommodate a bigger remote workforce, the federal, state, and local governments have increased their reliance on unmanaged mobile devices by 55 percent between 2020 and 2021, signaling a shift toward a Bring Your Own Device (BYOD) model. One out of every eight government employees was exposed to phishing attacks. With over two million federal government employees alone, this constitutes a substantial potential attack surface, as a single successful phishing attempt is sufficient to infect an entire agency. From 2020 to 2021, mobile phishing encounter rates for state and local governments on both managed and unmanaged devices increased by 48 percent and 25 percent, respectively. Through the first half of 2022, this steady ascent persisted. The sophistication of threat actors is increasing, with 16 percent of phishing attacks seeking to deliver malware. Nearly 50 percent of state and local government employees use outdated Android operating systems, leaving them vulnerable to many device vulnerabilities, but this is an improvement from 99.9 percent in 2021. This article continues to discuss key findings from Lookout's 2022 Government Threat Report.

VB reports "Nearly 50% Of Phishing Attacks in 2021 Aimed at Government Employees Were Attempted Credential Theft"

Security researchers at Acronis have claimed that data breaches could be even more expensive next year. The researchers collected data from more than 750,000 unique endpoints, distributed worldwide, and now estimate that the average cost of a data breach will hit $5 million by next year. To make matters even worse, the researchers expect the number of breaches to increase significantly. The researchers stated that threats from malicious and phishing emails rose by 60% year-on-year. Social engineering attacks rose in the last four months of the year and now account for roughly 3% of all attacks. The researchers also found that leaked or stolen passwords and other credentials were the triggers for almost half of all reported cybersecurity incidents in H1 2022. In the third quarter of the year, the proportion of phishing attacks against malware attacks increased by 1.3 times, and now make up more than three-quarters (76%) of all email attacks (up from 58% in the first half of the year). The researchers stated that the majority of the victims of phishing attacks were located in the United States, but businesses in Germany and Brazil were also heavily targeted. Endpoints in South Korea, Jordan, and China, were the biggest malware targets.

TechRadar reports: "Data Breaches Could be Even More Expensive in 2023"

According to a new study, software developers that employ code-generating Artificial Intelligence (AI) systems are more likely to introduce security flaws into the applications they write. The report from Stanford University-affiliated researchers exposes the potential risks of code-generating systems as vendors such as GitHub begin pushing them. Neil Perry, a Ph.D. candidate at Stanford and co-author of the paper, emphasized that code-generating systems are not a replacement for human coders. Developers who use them to complete assignments outside of their area of expertise should be concerned, and those who use them to speed up tasks for which they are already proficient should double-check the outputs and context. The Stanford study focused on Codex, the AI code-generation system created by the San Francisco-based research lab OpenAI. The researchers recruited 47 developers, ranging from undergraduate students to industry experts with years of programming experience, to use Codex to solve security-related challenges in programming languages such as Python, JavaScript, and C. Compared to a control group, study participants who had access to Codex were more likely to create inaccurate and "insecure" programming solutions when using Codex. Furthermore, they were more likely than the control group to claim that their insecure solutions were secure. Megha Srivastava, a Stanford graduate student and the study's second co-author, emphasized that the findings do not completely condemn Codex and other code-generating systems. For one, the study participants lacked the security skills that would have enabled them to properly identify code vulnerabilities. Srivastava believes that code-generating systems are dependable for low-risk activities, such as exploratory research code, and that their coding suggestions could be enhanced through fine-tuning. This article continues to discuss the research on the possibility of code-generating AI introducing security vulnerabilities into applications.

TechCrunch reports "Code-Generating AI Can Introduce Security Vulnerabilities, Study Finds"

In November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities Catalog to help federal agencies and critical infrastructure organizations identify and remediate vulnerabilities that are actively being exploited. CISA, between January to the end of November 2022, added 548 new vulnerabilities to the catalog across 58 updates. Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalog's existence. Security researchers at Grey Noise discovered that actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalog in 2022. A little over three-quarters, or 77%, of the updates to the KEV catalog, were older vulnerabilities dating back to before 2022. The researchers noted that many were published in the previous two decades. CISA updates the KEV catalog only if the vulnerability is under active exploitation, has an assigned CVE, and there is clear guidance on how to remediate the issue. In 2022, the researchers noted that enterprise defenders had to deal with an update to the KEV catalog on an almost weekly basis, as a new alert was typically issued every four to seven days.

Dark Reading reports: "Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog"

Ireland's privacy regulator has declared that it will investigate a recently discovered data leak that could affect over 400 million Twitter users. The Data Protection Commission (DPC) is already probing the company for an earlier data breach. In the latter incident, which occurred in November, hackers leaked the personal information of 5.4 million Twitter users. Earlier this month, there were reports that the personal information of more than 400 million Twitter users had been made available on a hacker forum. The hacked data reportedly includes the names, phone numbers, usernames, follower counts, and account creation dates of the impacted users. The hacker responsible for the attack requested $200,000 in exchange and deletion of the data. Additionally, the hacker made the data of over 1,000 users public. According to reports, the users include politicians, celebrities, and other public figures. Reportedly, a vulnerability in one of Twitter's Application Programming Interfaces (APIs) was exploited to steal the data. The bug in the API was caused by a flaw in software released in 2021, which allowed hackers to discover the phone numbers and email addresses associated with certain Twitter accounts. This article continues to discuss Ireland launching an investigation of the recent Twitter data breach.

SiliconANGLE reports "Ireland to Examine Twitter Data Breach That May Affect 400M+ Users"

Although the complete replacement of passwords has been prophesied for many years, earlier identity-verification methods continue to persist. However, this is changing, namely due to the exponential development of machine IDs. Some industry professionals have provided their forecasts for the identification industry in 2023. Shira Shamban, co-founder and CEO of Solvo, expects an identity-centric security model. In tandem with the emergence of a data-centric approach to security, an identity-centric paradigm will develop. When infrastructures were completely on-premises in the past, the network served as the security perimeter. In the cloud-native era of today and with the proliferation of Application Programming Interfaces (APIs), it is necessary to have strong Identity and Access Management (IAM) practices throughout the entire organization, creating a unique identity not only for each employee but also for the specific cloud components, such as containers, serverless functions, and data resources. Maintaining a state with the least privileges on a large scale will become increasingly important. Michael Mumcuoglu, CEO and co-Founder of CardinalOps, believes that identity providers will be the target of an increasing number of attacks. In addition to SolarWinds-style attacks on software vendors and attacks on Managed Security Service Providers (MSSPs) aimed at downstream consumers, identity providers such as Okta, OneLogin, and Microsoft Active Directory will be targeted by other attacks. Once an attacker has gained access to these systems, they may effortlessly impersonate employees, boost their privileges, and remain practically undetectable. Consequently, it is essential for enterprises to ensure that they are continually checking logs for unexpected actions, such as the creation of new user accounts, particularly from strange regions, as well as password changes and multi-factor authentication (MFA) resets. This article continues to discuss industry experts' identity management predictions for 2023.

BetaNews reports "More Machine IDs, Attacks on Providers and AI Verification -- Identity Management Predictions for 2023"

Thousands of victims were tricked by impostors working out of a Ukrainian call center who pretended to be Information Technology (IT) security employees at their banks. The scheme has now been shut down. The scammers called the victims, informed them that their bank accounts had been compromised by attackers, and asked for financial information. The bank accounts of the victims were drained by the criminals. The scheme was discovered by the Cyber Police Department of Ukraine, the Main Investigative Department of the National Police, the Prosecutor General's Office, and Kazakhstan's law enforcement officers. Investigators discovered that 37 operators from a call center formed by three Dnipro residents called Kazakhstan residents while posing as IT security personnel at their banks. The criminals alerted the citizens to strange transactions and persuaded them that threat actors had accessed their accounts. Under the guise of reversing the transactions, individuals were convinced to hand over financial information. In order to collect the funds, offshore bank accounts and cryptocurrency wallets were used. It is expected that over 18,000 Kazakh citizens have fallen victim to the scam. It is unknown at this time how much money was lost. In addition to searching the call center and the suspects' homes, law enforcement agents have seized 45 pieces of computer equipment, mobile phones, SIM cards, and draft records. Furthermore, it is now evident that the criminals were in possession of databases containing the personal information of Kazakhstani citizens. This article continues to discuss the takedown of a Ukrainian call center that defrauded thousands of victims while pretending to be bank IT security employees.

Cybernews reports "Ukraine Closes Fraudulent Call Center That Ripped off Thousands"

The US Department of Energy (DOE) funded research that brings further attention to cybersecurity for Electric Vehicle (EV) charging infrastructure. Researchers from Sandia National Laboratories have been examining vulnerabilities in charging infrastructure alongside other federal institutions for the past four years and recently released a report on their findings. According to the publication, EV charging infrastructure has multiple vulnerabilities, such as skimming credit card information, leveraging cloud servers to take over a network of EV chargers, and more. The researchers analyzed multiple interfaces, including vehicle-to-charger connections, wireless communications, cloud services, and charger maintenance ports for both AC and DC chargers. They discovered flaws in each interface type, including hackers' ability to eavesdrop on vehicle-to-charger connections from more than 50 yards away. Researchers at Argonne National Laboratory discovered that not all chargers had appropriate firewalls to prevent intrusions, while Idaho National Laboratory discovered that some systems were vulnerable to malicious firmware updates. Charger maintenance ports may also enable system reconfiguration, giving hackers access to a charging network from a single unit. This article continues to discuss some findings from the research on EV charging infrastructure vulnerabilities.

GCR reports "DOE Research Looks at EV Charging Infrastructure Vulnerability"