Optus Breach Turmoil Continues, PM Demands Telco Foot the Bill for Replacing Passports
Hackers are seemingly helping protestors in Iran, EFF asks FTC to review daycare and early education apps, New bill would include cryptocurrency firms in cybersecurity info sharing, much more
Check out my latest CSO column that looks at insider cybersecurity threats, how to spot them and how to protect against them.
Embattled Australian telco Optus has not responded to the prime minister’s request to foot the bill for replacing millions of Australians’ passports in the wake of its data breach.
Almost 10 million Australians were impacted by the hack, with personal details ranging from their full name and address to their passport, driver’s license, and Medicare numbers accessed by the hackers. Foreign Minister Penny Wong asked Optus’ chief executive for confirmation that the company would cover the costs of new passports, which are $193 each (around $125US).
Attorney-General Mark Dreyfus said Optus’ response had been a “mess” and a “debacle,” and the government is planning to introduce new laws to address the situation before year-end. (Ellen Ransley and Courtney Gould / News.com)
Related: News.com.au, SC Magazine, Sydney Morning Herald, PerthNow, Sydney Morning Herald, ZDNet, PerthNow, The Age, The Guardian, Canberra Times, Canberra Weekly, The New Daily, The Mandarin, News.com.au, ABC.net.au, Startup Daily, Techaeris, The Register - Security, OpIndia, ARN, PerthNow, McAfee, Security News | Tech Times, Teiss, Daily Mail
Researchers at Check Point say they have seen hackers helping the protestors in Iran to bypass the restrictions and censorship currently in place by the ruling regime to deal with the protest.
The hacker groups congregate in Telegram chatrooms with thousands of members. Lately, some have been sharing information about Virtual Private Networks (VPNs) or proxy services for use by those in Iran. Among the groups are cybercriminal operations, including Arvin Club and Atlas Intelligence Group.
Atlas Intelligence Group also advertised alleged Iranian data for sale. A.I.G. uses an outsourcing approach to its hacking efforts, almost as a fixer service between customers and hackers. The veracity of the documents and the safety of the help provided by these hackers is unclear, Check Point says. (Andrea Peterson / The Record)
Related: Check Point, Infosecurity Magazine
The Electronic Frontier Foundation urged the Federal Trade Commission to review privacy and security concerns with daycare and early education apps.
The letter builds on EFF research, which uncovered various security concerns, including the insecure cloud storage of photos of children. In one instance, the daycare app Tadpoles for Parents was sending children’s data to Facebook with no mention in its privacy policy. The company never responded to EFF’s concerns.
Moreover, EFF found that many of the apps they researched had been warned previously by a different group of security researchers about the vulnerabilities. (Tonya Riley / Cyberscoop)
Related: EFF
Researchers at Zscaler detected a campaign using Quantum Builder (also known as Quantum LNK Builder) pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.
Quantum Builder is sold on the dark web and allows cybercriminals to build malicious shortcuts for delivering malware. It has been linked to the advanced persistent threat (APT) gang Lazarus Group, based on shared tactics, techniques, and procedures (TTPs) and overlaps in source code. Still, researchers can’t quite attribute the current campaign to Lazarus or any particular threat group. (Jeff Burt / The Register)
Related: Security Affairs, The Hacker News, Zscaler
U.S. senators Marsha Blackburn (R-TN) and Cynthia Lummis (R-WY) introduced the Cryptocurrency Cybersecurity Information Sharing Act, which would amend the Cybersecurity Information Sharing Act of 2015 to include cryptocurrency firms.
The bill aims to mitigate losses from several cyber-related incidents, including data breaches, ransomware attacks, business interruption, and network damage. (Jacquelyn Melinek / TechCrunch)
Related: The Block, Blackburn.senate.gov, Cointelegraph, Investing.com
Lindy Cameron, head of the UK’s National Cyber Security Centre, said that Russia might launch more aggressive cyberattacks given that President Vladimir Putin was already reacting in “unpredictable ways” to the near rout suffered by Russian forces in a lightning Ukrainian counteroffensive this month, such as threatening the use of nuclear weapons.
She added, however, that the worst of Russia’s cyber attacks had been kept at bay thanks to strong Ukrainian cyber defenses, “incredible” private sector support, and close collaboration between western governments.” (John Paul Rathbone / Financial Times)
Related: ZDNet
Black Lotus Labs, the research arm of security firm Lumen, revealed a never-before-seen piece of cross-platform malware it calls Chaos that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers.
Chaos has various capabilities, including enumerating all devices connected to an infected network, running remote shells that allow attackers to execute commands, and loading additional modules. Combined with the ability to run on such a wide range of devices, these capabilities have led Black Lotus Labs to suspect Chaos "is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,"
Chaos emerged no later than April 16, when the first cluster of control servers went live in the wild. Researchers found hundreds of unique IP addresses representing compromised Chaos devices from June through mid-July. Staging servers used to infect new devices have mushroomed in recent months, growing from 39 in May to 93 in August. As of Tuesday, the number reached 111. (Dan Goodin / Ars Technica)
Related: The Record by Recorded Future, The Hacker News, Decipher, Black Lotus Labs, Security Week
The Georgia State Elections Board said that it had asked the FBI to participate in an ongoing criminal investigation into the voting system breach in Coffee County because of similarities between what happened there and incidents in other states.
“The conduct in Coffee County is similar to conduct in Antrim County, Michigan, and Clark County, Nevada,” elections board Chairman William Duffey Jr. said, citing two other places where pro-Trump operatives gained access to voting systems with the help of sympathetic local elections officials after the 2020 election.
The board is also investigating communications between local election officials in a second Georgia county and SullivanStrickler, the same cybersecurity firm hired by attorneys working for former President Donald Trump to access voting systems in Coffee County in January 2021. Duffey said that the board discovered an “unexecuted engagement agreement” for SullivanStrickler to image voting systems in Spalding County, Georgia, forensically. (Zachary Cohen / CNN)
Related: The Independent, Washington Examiner, Raw Story
Cloudflare is testing out a new CAPTCHA tool, Turnstile, that may do away with the usual frustrating visual puzzles with a simple code snippet.
Turnstile tests the browser instead of the person by shifting through a set of challenges that look for proof that the visitor is a human by poking at the software being used. The starting challenges are simple but behind the scenes is a machine learning model that works to detect “nonhuman” behavior that increases the challenges if the visitor behaves strangely.
The technology behind Turnstile is an adaptation that powers the company’s “Managed Challenge,” which Cloudflare used to reduce the number of CAPTCHAs it displays to visitors to its customers’ web pages. (Kyt Dotson / Silicon Angle)
Related: The Register, Business Wire Technology News, MacRumors, Technology | International Business Times, Cult of Mac, Slashdot, Ars Technica, Cloudflare
The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks.
The tax agency has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers but said that in recent months, smishing has increased exponentially. The Federal Communications Commission (FCC) issued a similar warning in July, alerting Americans of an increasing wave of SMS phishing attacks targeting their money and personal info. (Sergiu Gatlan / Bleeping Computer)
Related: Detroit Free Press, Washington Post, IRS
Content delivery and security company Akamai says that in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious, which works out to 13 million malicious domains per month and 20% of all successfully resolving NODs.
Akamai defines a NOD as any domain that has been queried for the very first time in the past 60 days. And by malicious, it means a domain name that resolves to a destination that's intended to phish, spread or control malware, or cause some other online harm. (Brandon Vigliarolo / The Register)
Related: SC Magazine, Akamai
Researchers at Kaspersky Lab observed three new versions of Prilex PoS-targeting malware this year, indicating that its authors and operators are back in action.
Prilex started as ATM-focused malware in 2014, pivoting to PoS (point of sale) devices in 2016 but disappeared in 2021. Kaspersky analysts say that last year's operational hiatus appears to have been a break to focus on developing a more sophisticated and potent version capable of generating EMV (Europay, MasterCard, and Visa) cryptograms, introduced in 2019 by VISA as a transaction validation system to help detect and block payment fraud. (Sergiu Gatlan / Bleeping Computer)
Related: Securelist
Banking giants, including Goldman Sachs Group, Citigroup, Bank of America, Morgan Stanley, and twelve other firms, agreed to pay the Securities and Exchange Commission $1.1 billion in penalties for failing to monitor employees using unauthorized messaging apps.
Finance firms are required to closely monitor staffers’ communications to limit improper conduct. (Jennifer Surane / Bloomberg)
Related: Computerworld, Insider, The Register, Marketwatch, Forbes
The Treasury Department’s Federal Insurance Office and the Cybersecurity and Infrastructure Security Agency issued a request for comment about whether a national cyber insurance program should require policyholders to implement basic cybersecurity measures to avoid creating a moral hazard.
Comments are due within 45 days of the notice being published. Those interested in weighing in on the issue can also participate in a meeting of the Treasury’s Federal Advisory Committee on Insurance Thursday afternoon. (Mariam Baksh / NextGov)
Related: Federal Register, InsideCyberSecurity.com, DataBreachToday.com
Israeli technology company The Avnon Group is poised to sell software for mapping and tracking social media activities to Hungary, a senior official told The Times of Israel’s Hebrew sister site Zman Yisrael.
The senior official said that the company would provide Budapest with technology allowing the government to track online discourse and analyze and understand public opinion. The official assumed that the Hungarian government’s interest in the technology stems from the growing social and political tensions in Hungary over Russia’s invasion of Ukraine and the entrance of tens of thousands of Ukrainian refugees into the country, some of them illegally. (Tani Goldstein / The Times of Israel)
Russia is seeking to install its candidate as the head of the International Telecommunication Union (ITU) to take over the top position from a Chinese official.
Russia is looking to take the secretary-general post of the ITU with its nominee, Rashid Ismailov. He has worked in the Russian government and Russian and international telecommunications companies. Running against him is Doreen Bogdan-Martin, an American who is a career ITU official.
Russia is notorious for its opposition to free speech and for regulations that violate privacy and tighten control over online content. The power wielded by whoever is elected this week at the ITU’s Plenipotentiary Conference in Budapest will have a global impact. If the United States and its allies do not stand by principles of transparency now, defending them later will only prove more difficult. (Mark Montgomery and Ivana Stradner / Just Security)
Cybersecurity vendor Malwarebytes secured a $100 million cash injection from Vector Capital, a private equity firm that invests in established technology businesses.
Vector’s minority investment in Malwarebytes, the exact specifics of which were not disclosed, comes just weeks after the cybersecurity firm laid off 125 employees or about 14% of its global workforce. (Carly Page / TechCrunch)
Related: MSSP Alert, Silicon Angle, Bank Info Security, SC Magazine, CRN
Allurity has acquired Spanish multinational Aiuken Cybersecurity in a move that positions Allurity as one of Europe’s top cybersecurity vendors.
Aiuken brings an entire SOC platform spanning three continents, as well as its Cloud Security and SOC-as-a-Service platforms. (FinExtra)
Related: Dark Reading, Crowdfund Insider
Image Department of Foreign Affairs and Trade website – www.dfat.gov.au, CC BY 3.0 AU via Wikimedia Commons