A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities.

Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

The intrusions involved the exploitation of CVE-2022-1040 and CVE-2022-30190 (aka “Follina”), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively.

“This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group’s continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies,” Recorded Future said in a new technical analysis.

TA413, also known as LuckyCat, has been linked to relentlessly targeting organizations and individuals associated with the Tibetan community at least since 2020 using malware such as ExileRAT, Sepulcher, and a malicious Mozilla Firefox browser extension dubbed FriarFox.

images from Hacker News

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach.

“Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software,” researchers from Symantec said in a new report.

BlackCat, also known by the names ALPHV and Noberus, is attributed to an adversary tracked as Coreid (aka FIN7, Carbanak, or Carbon Spider) and is said to be a rebranded successor of DarkSide and BlackMatter, both of which shut shop last year following a string of high-profile attacks, including that of Colonial Pipeline.

The threat actor, like other notorious ransomware groups, is known to run a ransomware-as-a-service (RaaS) operation, which involves its core developers enlisting the help of affiliates to carry out the attacks in exchange for a cut of the illicit proceeds.

ALPHV is also one of the first ransomware strains to be programmed in Rust, a trend that has since been adopted by other families such as Hive and Luna in recent months to develop and distribute cross-platform malware.

images from Hacker News

Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT ‘network’ – all the apps and connected devices from laptops and desktops to servers and smartphones.

While traditionally, these would all live on one “corporate network,” – networks today are often just made up of the devices themselves, and how they’re connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face?

Let’s look at them in more detail.

#1 Misconfiguration

According to recent research by Verizon, misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it’s less secure. This can happen when you change a setting without fully understanding the consequences, or when an incorrect value is entered. Either can create a serious vulnerability – for example, a misconfigured firewall can allow unauthorized access to an internal network, or a wrongly configured web server could leak sensitive information.

#2 Outdated software

Software and app developers constantly release updates with patches to cover vulnerabilities that have been discovered in their code. Applying patches to fix these vulnerabilities across an organisation’s entire network of devices can be time-consuming and complex to implement – but it is essential. If you don’t update your software, firmware and operating systems to the latest versions as they’re released, you’re leaving your network exposed. A vulnerability scanner will give you a real-time inventory of all the software which needs updating, as well as detect misconfigurations that reduce your security, so you can stay as secure as possible.

images from Hacker News

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account “sometime” in 2023.

“In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account,” the Google-owned fitness devices maker said.

The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is expected to continue until at least the beginning of 2025, after which a Google account will be mandatory for using the devices.

The deeper integration also means that a Google account will be compulsory to sign up for Fitbit and activate new features, including those that incorporate Google products and services such as Google Assistant.

images from Hacker News

Ukrainian law enforcement authorities on Friday disclosed that it had “neutralized” a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests.

The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country.

“Their ‘wholesale clients’ were pro-kremlin propagandists,” the Security Service of Ukraine (SSU) said in a press release. “It was them who used the received identification data of Ukrainian and foreign citizens to spread fake ‘news’ from the front and sow panic.”

images from Hacker News