News Items

A new Cisco Talos Intelligence Group report reveals new tools used in Avos ransomware attacks. Avos is a ransomware group that has been active since July 2021. The group follows the Ransomware-as-a-Service (RaaS) business model, meaning they provide ransomware services such as automatic builds, data storage, negotiation assistance, automatic decryption tests, and more to various affiliates. AvosLocker currently supports Windows, Linux, and ESXi environments and offers automated configurable builds of the AvosLocker malware. Furthermore, the threat actor provides affiliates with a control panel, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers, and other contacts. Avos also offers calling services and Distributed Denial-of-Service (DDoS) attacks, which means they call victims to pressure them to pay the demanded ransom or launch DDoS attacks during the negotiation to add stress to the situation. According to the FBI, AvosLocker has already targeted critical infrastructure in the US, including financial services, manufacturing, and government facilities. Attacks on post-Soviet Union countries are not allowed by the Avos team. On a Russian forum, a user known as "Avos" was seen attempting to recruit penetration testers with experience in Active Directory networks and initial access brokers. This article continues to discuss updates made to the Avos ransomware threat actor's attack arsenal and how to protect against this ransomware.

TechRepublic reports "Avos Ransomware Threat Actor Updates Its Attack Arsenal"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning pertaining to threat actors, including state-backed hacking groups, using the Log4Shell Remote Code Execution (RCE) vulnerability to hack VMware Horizon and Unified Access Gateway (UAG) servers. Attackers can remotely exploit Log4Shell on vulnerable servers that are exposed to local or Internet access in order to move laterally across networks until they gain access to internal systems containing sensitive data. Following the disclosure of the Log4Shell flaw in December 2021, multiple threat actors, including state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as several access brokers commonly used by ransomware gangs, began scanning for and exploiting unpatched systems. This article continues to discuss CISA's warning regarding the exploitation of the Log4Shell RCE vulnerability to hack VMware servers.

Bleeping Computer reports "CISA: Log4Shell Exploits Still Being Used to Hack VMware Servers"

The Conti cybercrime group has become highly organized, running one of the most aggressive ransomware operations. As a result, affiliates were able to breach over 40 firms in a month. Security researchers dubbed the hacking operation ARMattack and described it as one of the group's most productive and effective operations. According to Group-IB analysts, one of Conti's "most productive campaigns" took place between November 17 and December 20, 2021. During incident response operations, they discovered the group's month-long hacking campaign. Conti affiliates were able to compromise more than 40 firms in diverse industries across a wide range of geographies during the operation, with an emphasis on American-based businesses. Group-IB has been investigating Conti's "working hours" using information obtained from public sources, such as leaked internal gang communications. Conti members, according to the researchers, have an average daily activity level of 14 hours, excluding the New Year's break, which explains their effectiveness. They also point out that the group operates as a real business, with people assigned to hiring, research and development, managing OSINT jobs, and providing customer support. This article continues to discuss findings surrounding the Conti cybercrime group's activities and operations.

CyberIntelMag reports "Over 40 Organizations Breached by Conti Ransomware Attacks in a Month"

According to a study by the security vendor strongDM that polled 600 IT, security, and DevOps workers, access restrictions meant to secure corporate systems may have the adverse effect of causing employees to find workarounds and share credentials with co-workers, thus creating potential security vulnerabilities. The study found that in many cases, users will find alternative methods for accessing their containers, cloud services, and other important tools when they do not have access via the managed company channels. The problem stems from a natural conflict related to the pressure that employees face when trying to meet deadlines. While executives and managers press IT administrators to update network services to the most recent versions and to implement secure and well-maintained access protocols, end-users, particularly developers and DevOps teams who rely on stored code and containers, require access to those resources. The survey discovered that end-users need about 15 minutes of access per day to get the data they need for work. Meanwhile, nearly 39 percent of administrators polled said that simply connecting new tools to their existing access management systems takes several days. While new systems are being integrated with access management controls, end-users will still need to meet deadlines and complete projects, meaning they will likely operate outside the management controls. These workarounds could include directly accessing the cloud service or system using their personal credentials or even a shared login. Of those polled, 55 percent said they had seen their teams maintain a backdoor access method, while 53 percent said they shared credentials to important services. This is where major security risks emerge as these credentials are then vulnerable to hackers through account theft, malware, or other common methods. This article continues to discuss key findings from strongDM's study regarding how access management issues can create security vulnerabilities.

TechTarget reports "Access Management Issues May Create Security Holes"

Researchers at ETH Zurich found a number of critical security vulnerabilities in the MEGA cloud storage service that could allow malicious actors to break the confidentiality and integrity of user data. The researchers explain how MEGA's system does not protect its users against a malicious server, allowing a rogue actor to fully compromise the privacy of the uploaded files. In addition, the integrity of user data is damaged to the extent that an attacker can insert malicious files that pass all authenticity checks of the client. Among the flaws is an RSA Key Recovery Attack, which allows MEGA or a resourceful nation-state adversary in control of its Application Programming Interface (API) infrastructure to recover a user's RSA private key and decrypt the stored content. The recovered RSA key can then be extended to make way for plaintext recovery attacks, framing attacks, integrity attacks, and Guess-and-Purge (GaP) Bleichenbacher attacks. The attacks demonstrate that a motivated party can find and exploit vulnerabilities in real-world cryptographic architectures with disastrous security consequences. This article continues to discuss the ETH Zurich researchers' study on ways to break MEGA's encryption.

THN reports "Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service"

A Chinese hacking group has been observed using a low-tech but effective method to steal money from Web3 wallets, which involves distributing altered versions with holes programmed into them. The hackers cloned legitimate wallet distribution sites, tricking users into downloading a compromised version. Confiant researchers discovered and tracked the threat actor's activity, which they describe as a "highly sophisticated" operation. The Chinese hackers primarily target searches for a specific group of Web3 wallets and focus on iOS and Android users. Their success with this approach is mainly due to their attention to detail in cloning the official websites of the Web3 wallets and the wallet code itself. The only difference from the legitimate download process and user experience is the addition of backdoor code that enables them to drain funds from the victim. Confiant dubbed the group "SeaFlower," but their identity remains unknown. However, numerous clues point to China, with Chinese MacOS usernames linked to the group's activity and the backdoor code containing some Chinese commentary. In addition, some frameworks used are common in the Chinese hacking community and originated from Chinese coders. Currently, the hackers are targeting four types of Web3 wallets: Coinbase Wallet, imToken, MetaMask, and Token Pocket. Both the iOS and Android versions of these wallets are targeted by the attackers. The Confiant researchers emphasize that the legitimate versions of these wallets are completely safe and do not contain any vulnerabilities, with the trick being to avoid tainted downloads when looking for them using search engines. This article continues to discuss findings regarding the targeting of Web3 wallets by the SeaFlower hacking group.

CPO Magazine reports "Web3 Wallets Targeted by Chinese Hackers; 'SeaFlower' Using Cloned Websites to Trick Crypto Traders"

In an effort to conceal their genuine espionage activities, a group of cyberattackers with probable state support adopted a new loader to disseminate five different types of ransomware. Secureworks' cybersecurity experts released new research on HUI Loader, a malicious tool that criminals have been using since 2015. Loaders are small malicious packages that are designed to remain undetected on a compromised machine. While they frequently lack functionality as standalone malware, they do perform one critical function: they load and execute additional malicious payloads. HUI Loader is a custom DLL loader that can be used by legitimate software programs that have been hijacked and are vulnerable to DLL search order hijacking. When the loader is executed, it will deploy and decrypt a file containing the main malware payload. HUI Loader has previously been used in campaigns by groups such as APT10/Bronze Riverside, which is linked to the Chinese Ministry of State Security (MSS), and Blue Termite. In previous campaigns, the groups used Remote Access Trojans (RATs) such as SodaMaster, PlugX, and QuasarRAT. It appears that the loader has now been adapted to spread ransomware. This article continues to discuss recent findings regarding the use of ransomware to hide cyber spying.

ZDNet reports "Five Ransomware Strains Have Been Linked to Bronze Starlight Activities"

Recently a US subsidiary of Nichirin, a Japanese company that makes hoses for the automotive industry, was hit by ransomware. The attack was aimed at Nirchirin-Flex USA and was discovered on June 14th. Other Nichirin subsidiaries do not appear to be affected. The full impact of the cyberattack is being investigated, including whether data has been compromised. On its website, Nichirin warned customers about fake emails apparently coming from the company. Currently, no major ransomware group has claimed responsibility for the cyberattack. The cyberattack on Nichirin comes just months after Japanese car parts giant Denso was hit by ransomware. The Pandora ransomware group took credit for that attack, claiming to have stolen 1.4 Tb of data. Darren Williams, CEO of BlackFog, stated that we continue to see threat actors targeting manufacturers in the automotive, infrastructure, and government sectors. More specifically, cybercriminals continue to target organizations with older infrastructure and organizations that lack investment in cyber security in terms of product and personnel. Williams noted that these industries continue to outpace the rest of the market regarding cyberattacks. Williams said that this cyberattack should serve as a reminder that even the smallest contributors to the supply chain must do their part to defend against cyberattacks.

SecurityWeek reports: "US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware"

An international team of researchers has created a scanning tool to reduce the vulnerability of websites to hacking and cyberattacks. The black box security assessment prototype, which was tested by engineers in Australia, Pakistan, and the UAE, outperforms existing web scanners that collectively fail to detect the top ten weaknesses in web applications. Cybercrime costs the world nearly $6 trillion in 2021, representing a 300 percent increase in online criminal activity over the previous two years. In addition, data breaches have skyrocketed as a result of cloud-based platforms, malware, and phishing scams, while the rollout of 5G and Internet of Things (IoT) devices has increased connectivity and the vulnerability to attacks. The team highlighted several security vulnerabilities contained by web applications and how these weaknesses are costing organizations. Because of the widespread use of eCommerce, iBanking, and eGovernment sites, web applications have become a prime target for cybercriminals looking to steal personal and corporate information and disrupt business operations. According to the team, they have not found a single scanner that can counter all these vulnerabilities. Their prototype tool is said to cater to all these challenges as a one-stop guide to ensuring 100 percent website security. This article continues to discuss the increase in cybercrime and data breaches and the black box security assessment prototype developed to bolster website security against attacks.

UniSA reports "A Simple Tool To Make Websites More Secure and Curb Hacking"

The number of email-borne cyber threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors. Trend Micro stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts. The company also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. These findings come just as Proofpoint warned in a new report of the continued dangers posed by social engineering and the mistaken assumptions many users make. Proofpoint noted that many users do not realize that threat actors may spend a lot of time and effort building a rapport over email with their victims, especially if they are trying to conduct a business email compromise (BEC) attack. Adversaries may also abuse legitimate services from Google, Microsoft, and other sources to host and distribute malware and credential harvesting portals. Proofpoint noted that OneDrive is the most frequently used, followed by Google Drive, Dropbox, Discord, Firebase, and SendGrid. Proofpoint also warned of a surge in "telephone-oriented attack delivery (TOAD)," which the company claimed to see at least 250,000 times daily.

Infosecurity reports: "Cloud Email Threats Soar 101% in a Year"

An international Penn State-led team has developed a new and more reliable approach to defending vulnerable data on the stack, which is a memory region responsible for storing computer program data for processes. This vulnerable data could include return addresses and other objects that can be exploited by malicious actors through memory errors to gain access to more data. Despite extensive research into defenses to protect stack objects from memory error exploitation, much stack data remains vulnerable, according to project lead Trent Jaeger, professor of computer science and engineering at the Penn State School of Electrical Engineering and Computer Science. Memory errors are classified into three types: spatial, temporal, and type. Spatial errors allow access to memory outside of the object's allotted space. Temporal errors allow access to memory before or after it was assigned, and type errors enable access by assuming a format other than the actual format of an object. In each case, an adversary may access objects other than those intended by the programmer when programming objects on the stack to access specific data. Recent stack defense methods are said to provide an incomplete view of security by failing to account for memory errors comprehensively and limiting the set of objects that can be protected. Therefore, the team has presented the DATAGUARD system, which improves security by performing a more comprehensive and accurate safety analysis that proves a greater number of stack objects are safe from memory errors while ensuring that no unsafe stack objects are mistakenly classified as safe. DATAGUARD uses static analysis and symbolic execution to validate stack objects free from spatial, type, and temporal memory errors. Jaeger explains that this process involves analyzing the safety of items that point to the objects and generating safety constraints for the objects' safety parameters before validating an object's safe or unsafe status. During tests, DATAGUARD identified and removed 6.3 percent of objects that the Safe Stack technique misclassified as safe, and proved that 65 percent of objects labeled as unsafe by Safe Stack were actually safe. DATAGUARD demonstrates that a more comprehensive and accurate but conservative analysis increases the scope of data protection to over 90 percent of stack objects on average, while also reducing overhead, or the extra run time the system uses to protect safe objects. This article continues to discuss memory errors and the new data security approach developed to protect against such errors while using less system power.

PSU reports "Researchers Develop New Approach That Protects 90 Percent Of Stack Memory Data"

Security researchers at Microsoft recently published a report. The researchers found that coinciding with unrelenting cyberattacks against Ukraine, state-backed Russian hackers have engaged in "strategic espionage" against governments, think tanks, businesses, and aid groups in 42 countries supporting Kyiv. The researchers stated that since the start of the war, the Russian targeting (of Ukraine's allies) has been successful 29 percent of the time, with data stolen in at least one-quarter of the successful network intrusions. The researchers noted that nearly two-thirds of the cyberespionage targets involved NATO members. The United States was the prime target and Poland, the main conduit for military assistance flowing to Ukraine, was number 2. In the past two months, Denmark, Norway, Finland, Sweden, and Turkey have seen stepped-up targeting. Surprisingly the researchers stated that Estonia has detected no Russian cyber intrusions since Russia invaded Ukraine on February 24th. Microsoft noted that this could be because of Estonia's adoption of cloud computing, where it's easier to detect intruders. The researchers stated that half of the 128 organizations targeted are government agencies, and 12% are nongovernmental agencies, typically think tanks or humanitarian groups. Other targets include telecommunications, energy, and defense companies. The researchers also assessed Russian disinformation and propaganda aimed at "undermining Western unity and deflecting criticism of Russian military war crimes" and wooing people in nonaligned countries. Using artificial intelligence tools, the researchers said, they estimated that "Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States."

Associated Press reports: "Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies"

Security researchers at the CERT Coordination Center (CERT/CC) at Carnegie Mellon University have discovered a critical vulnerability in the SMA Technologies OpCon UNIX agent resulting in the same SSH key being deployed with all installations. OpCON is aimed at financial institutions and insurance firms and is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations. Tracked as CVE-2022-2154, the issue results in the same SSH key being delivered on every installation and subsequent updates. The researchers stated that the SSH public key is added to the root account's authorized_keys file during the agent's installation, and the entry remains there even after the OpCon software has been removed. The researchers noted that the installation files also include a corresponding, unencrypted private key named "sma_id_rsa." An attacker with access to the private key included with the OpCon UNIX agent installation files can gain SSH access as root on affected systems. The researchers stated that the bug impacts version 21.2 and earlier of the OpCon UNIX agent. SMA Technologies, which was informed of the security issue in March, told the researchers that it has already updated the version 21.2 package to remove the vulnerability.

SecurityWeek reports: "SMA Technologies Patches Critical Security Issue in Workload Automation Solution"

Over the last decade, distributed ledger technology, such as blockchains, has become more prevalent in various contexts. The idea is that blockchains operate securely without centralized control and are unsusceptible to change. The Defense Advanced Research Projects Agency's (DARPA) mission is to create and prevent technological surprises, so it set out to understand those security assumptions and determine how decentralized blockchains are. Therefore, the agency commissioned cybersecurity research and consulting firm Trail of Bits to investigate the fundamental properties of blockchains and the cybersecurity risks they pose. The study resulted in a report that provides a holistic analysis available to anyone considering blockchains for critical matters to gain further insight into the potential vulnerabilities within these systems. This article continues to discuss the DARPA-funded study aimed at providing a better understanding of blockchain vulnerabilities.

DARPA reports "DARPA-Funded Study Provides Insights into Blockchain Vulnerabilities"

According to new research conducted by the non-profit Identity Defined Security Alliance (IDSA), the number of security breaches stemming from stolen or compromised identities has reached epidemic proportions. The IDSA polled 500 US identity and security professionals to compile its 2022 Trends in Securing Digital Identities report. The researchers found that 84% of participants had experienced an identity-related breach in the past year, with the vast majority (78%) claiming it had a direct business impact. The researchers stated that part of the problem is the high volumes of identities created daily in the corporate world. Almost all respondents (98%) reported that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships, and machine identities, including bots and IoT devices. The researchers noted that poor security practice is often to blame for incidents. According to the researchers, although half (51%) of respondents said they typically remove access for a former employee within a day, only 26% always do. The researchers stated that employees are often the weakest link in the security chain, even those that should know better. Some 60% of IT/security respondents claimed they engage in risky security behavior. The researchers stated that, fortunately, organizations seem to be getting the message. Nearly all respondents (97%) claimed they're planning to invest in "identity-focused security outcomes," and 94% said identity investments are part of strategic initiatives, including cloud adoption (62%), Zero Trust implementation (51%), and digital transformation initiatives (42%).

Infosecurity reports: "Identity-Related Breaches Hit 84% of US Firms in 2021"

Europol recently announced that police have dismantled a cybercrime group that made millions of euros through phishing and other types of schemes. The operation was conducted by police in Belgium and the Netherlands, with support from Europol. The Dutch police arrested nine individuals, eight men and one woman, aged between 25 and 36, and searched 24 houses in the country. The police seized the suspects' firearms, electronics, jewelry, cash, and cryptocurrency. Belgian authorities initiated the investigation, and the individuals arrested in the Netherlands will be handed over to Belgium. The police stated that the suspects were involved in phishing and other internet scams that helped them make millions of euros. The cybercriminals allegedly sent emails, text messages, and WhatsApp messages to targeted individuals. Europol noted that the messages contained a link that pointed to a fake bank website designed to harvest the victim's credentials, giving the cybercriminals access to their online banking account. Europol also stated that the cybercriminals used money mules to transfer these funds from the victim's accounts and to cash out the fraudulently obtained money. Members of the group have also been connected with cases of drug trafficking and possible firearms trafficking.

SecurityWeek reports: "Belgian, Dutch Police Dismantle Cybercrime Group"

According to the Ukrainian Computer Emergency Response Team (CERT-UA), Russian hacker gangs have been using the Follina code execution vulnerability in recent phishing attempts to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is suspected of sending emails containing the attachment "Nuclear Terrorism A Very Real Threat.rtf." The threat actors chose the subject of this email to entice users to open it, capitalizing on Ukrainians' widespread fear of a nuclear attack. Threat actors used a similar strategy in May 2022, when CERT-UA discovered the spread of fraudulent papers warning about a chemical attack. The RTF document attempts to use Follina to download and run the CredoMap malware on a target's machine. This vulnerability in the Microsoft Diagnostic Tool has been exploited in the wild since at least April 2022, allowing malicious downloads to be initiated simply by opening a document file or, in the case of RTFs, by viewing it in the Windows preview window. CredoMap malware attempts to steal information such as account passwords and cookies from Chrome, Edge, and Firefox. It uses the IMAP email protocol to transfer the stolen data to the command-and-control (C2) address, which is hosted on an abandoned Dubai-based website. This article continues to discuss APT28's exploitation of the Follina code execution vulnerability in recent phishing attempts to install CredoMap malware and Cobalt Strike beacons.

CyberIntelMag reports "Cobalt Strike And CredoMap Malware Used by Russian Government Hackers to Attack Ukraine"

Gartner has unveiled the top 8 cybersecurity predictions for 2022 through 2023. Richard Addiscott, Senior Director Analyst, and Rob McMillan, Managing Vice President at Gartner, discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era. Gartner's list of predictions includes an increase in government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and the prediction that by 2025, threat actors will have figured out how to weaponize Operational Technology (OT) environments successfully to cause human casualties. This article continues to discuss the top cybersecurity predictions for 2022 through 2023.

Dark Reading reports "Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead"

According to a survey conducted by Hornetsecurity, organizations activated more Microsoft 365 security features in the last year as cyberattacks increasingly targeted them. The global IT security and compliance survey of over 800 IT professionals discovered that the use of Microsoft 365 security features increases the rate of IT security incidents. Organizations using Microsoft 365 and 1 or 2 of its stock security features reported attacks 24.4 percent and 28.2 percent of the time, respectively, while those using 6 or 7 features reported attacks 55.6 percent and 40.8 percent of the time. Overall, 3 in 10 organizations (29.2 percent) using Microsoft 365 reported a known security incident in the previous 12 months. The survey suggests that while additional security features are necessary, it is more practical to use tried and tested, user-friendly solutions, preferably carried out by dedicated security professionals. Hornetsecurity experts say these findings could be due to a variety of factors. They suggest that organizations with a high number of implemented security features did so as a result of sustained cyber-attacks over time in an effort to mitigate security threats. They also claim that the more security features IT teams try to implement, the more complicated the security system becomes. Misconfigured features can lead to vulnerabilities. Over 60 percent of respondents stated that the main obstacle to implementing security features within their organization is a lack of 'time or resources.' This article continues to discuss key findings from Hornetsecurity's survey regarding roadblocks faced by IT professionals in implementing security features, the most common security features used within organizations, and more.

PRN reports "Using More Complex IT Security Strategies Does Not Necessarily Increase Security, Survey Finds"

Security researchers at Kaspersky have discovered a new advanced persistent threat (APT) targeting Microsoft's Exchange servers in Europe and Asia. Dubbed ToddyCat, the APT actor utilizes two formerly unknown tools Kaspersky called 'Samurai backdoor' and 'Ninja Trojan,' respectively. The researchers stated that ToddyCat first started its activities in December 2020, compromising selected Exchange servers in Taiwan and Vietnam via an unknown exploit that ultimately led to the final execution of the passive backdoor Samurai. The researchers stated that during the first period, between December 2020 and February 2021, the group targeted a very limited number of servers in Taiwan and Vietnam related to three organizations. From February 26 until early March, the researchers observed a quick escalation and the attacker abusing the ProxyLogon vulnerability to compromise multiple organizations across Europe and Asia. Telemetry collected by Kaspersky seems to hint that affected organizations, both governmental and military, show that ToddyCat is "focused on very high-profile targets and is probably used to achieve critical goals, likely related to geopolitical interests." The researchers noted that while the first wave of attacks exclusively targeted Microsoft Exchange Servers via the Samurai backdoor, some of these attacks witnessed the deployment of another sophisticated malicious program: Ninja. The researchers stated that this tool is probably a component of an unknown post-exploitation toolkit exclusively used by ToddyCat. Ninja appears to be a collaborative tool allowing multiple operators to work on the same machine simultaneously. The researchers noted that Ninja provides a large set of commands, allowing attackers to control remote systems, avoid detection and penetrate deep inside a targeted network. The researchers stated that some of them, akin to those provided in other notorious post-exploitation toolkits, include the ability to control the HTTP indicators and camouflage malicious traffic in HTTP requests. The researchers noted that ToddyCat is a sophisticated APT group that uses multiple techniques to avoid detection and thereby keeps a low profile.

Infosecurity reports: "New ToddyCat APT targets MS Exchange servers in Europe, Asia"

Several major companies, including IBM and Google, are currently working on quantum computing projects. Amazon is also in the mix. Amazon opened the AWS Center for Quantum Computing last year and has offered quantum computing via Amazon Web Services since 2019. The company is expanding that work to what it says is an essential aspect of helping quantum tech reach its full potential: quantum networking. The company has announced the AWS Center for Quantum Networking (CQN). Amazon notes that quantum networks will be able to connect quantum devices using single photons rather than laser beams (which are utilized in modern optical communications). However, along with enabling certain capabilities of quantum networks, there are some hurdles to overcome when it comes to using a single photon. Researchers at the center will work on new technologies, such as quantum repeaters and transducers, to allow for the creation of global quantum networks. The researchers will also develop hardware, software, and apps for quantum networks. Amazon stated that quantum networking will enable global communications to be protected by quantum key distribution with privacy and security levels not achievable using conventional encryption techniques. Amazon also noted that quantum networks will provide powerful and secure cloud quantum servers by connecting together and amplifying the capabilities of individual quantum processors.

Engadget reports: "Amazon is Opening a Center For Quantum Networking Research"

Air raid sirens sounded in the Israeli cities of Jerusalem and Eilat on Sunday evening, and it appears that they were triggered by a cyberattack, possibly conducted by Iranian hackers. The sirens used to warn the population about rocket attacks sounded for an hour. The Israeli military conducted an investigation and found that the alarms were likely triggered by a cyberattack that appears to have targeted municipal public address systems rather than the military's systems. While it has yet to be confirmed, the main suspect is Iran, whose hackers often target Israeli organizations and systems. Ilan Barda, CEO of Radiflow, stated that whether this siren attack by Iran was a false flag or accidental triggering remains to be seen, but the lack of municipal cybersecurity is clear. Barda noted that it is possible that the sirens were triggered while hackers were still exploring for vulnerabilities within the municipality's security system or that it was a false flag, being used as a distraction as another not yet published cyberattack was carried out.

SecurityWeek reports: "False Air Raid Sirens in Israel Possibly Triggered by Iranian Cyberattack"

According to a survey recently published by the software-security firm Snyk and the Linux foundation, companies with an open-source software (OSS) security policy perform significantly better in self-assessed readiness measures. They also tend to have dedicated teams responsible for driving software security. Seven out of ten companies with an OSS security policy believe their application development is highly or somewhat secure. In comparison, only 45 percent of companies that did not implement such a policy believe they are at least somewhat secure. Only about half of firms have an open-source security policy in place to guide developers in using components and frameworks, with a higher proportion of small businesses (60 percent) either having no policies or not knowing if they have one. The report highlights that the economics of security tend to reduce the priority of developing a formal policy for startups and smaller firms. Small organizations tend to have a small IT staff and budget. In addition, the functional requirements of the business often take precedence in order for the business to remain competitive. The main reasons firms did not handle OSS security best practices were a lack of resources and time. The survey also found that different programming languages brought different security considerations. The average time to fix flaws in applications written in .NET, for example, is 148 days, followed by JavaScript. On the other hand, those written in Go had the fastest time-to-patch and were usually corrected in a third of that period. This article continues to discuss key findings from the report on addressing cybersecurity challenges in OSS.

Dark Reading reports "Open Source Software Security Begins to Mature"

Flagstar Bank is notifying 1.5 million customers of a data breach in which hackers gained access to personal information during a December cyberattack. Flagstar is a financial services company based in Michigan that is one of the country's largest banks, with more than $30 billion in assets. Following an investigation of the incident, the bank discovered that the threat actors had obtained sensitive client information, including full names and Social Security numbers. Upon learning of the incident, Flagstar activated its incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the breach to federal law enforcement. Flagstar will provide affected individuals with two years of free identity monitoring and protection services. The data breach affected 1,547,169 people across the country, according to information filed to the Maine Attorney General's Office. This article continues to discuss the impact of and response to the data breach faced by Flagstar Bank, and other significant security incidents experienced by the bank and its victims.

CyberIntelMag reports "Flagstar Bank Reveals Data Breach Affecting 1.5 Million Clients"