My Shared Links — Week 50/2022
Collection of the resources and links I have found insightful and shared during week #50 of 2022.
Google introduces end-to-end encryption for Gmail on the web
Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email’s body and attachments can not be decrypted by Google servers.
Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
The company says the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.
The feature will be off by default and can be enabled at the domain, organizational unit, and Group levels by going to Admin console > Security > Access and data control > Client-side encryption.
IBM to work with nonprofit on cloud security framework for financial services
IBM on Thursday announced it will work with the Cloud Security Alliance (CSA) to strengthen a cloud security framework for financial services.
IBM’s Cloud Framework for Financial Services has been mapped to the CSA’s cloud control matrix (CCM) so that companies that have adopted CSA’s controls can now use services or transact with SaaS providers on IBM’s platform.
Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet
On Dec. 15th, 2022, Microsoft flagged a cross-platform botnet that’s primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers.
Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.
Security Flaw in Atlassian Products (Jira, Confluence,Trello, BitBucket) Affecting Multiple Companies
Security flaw in Atlassian products (Jira, Confluence, and BitBucket) where cookies are not invalidated, even if the password is changed, with #2FA (Two-factor Authentication) enabled, as the cookie validity is 30 days. They only expire when the user logs out, or after 30 days.
Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022–37958).
On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely execute code.
California’s finance department confirms breach as LockBit claims data theft
California’s Department of Finance has confirmed it’s investigating a “cybersecurity incident” after the prolific LockBit ransomware group claims to have stolen confidential data from the agency.
Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited.
The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.”
Uber suffers new data breach after attack on vendor, info leaked online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor [Teqtivity] in a cybersecurity incident.
Signed driver malware moves up the software trust chain
The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate Microsoft Windows Hardware Compatibility Publisher (WHCP) certificate.
Critical security update now available for Citrix ADC, Citrix Gateway
Patching time!
Today Citrix released builds to fix CVE-2022–27518, which affects the following Citrix ADC and Citrix Gateway versions:
- 12.1 (including FIPS and NDcPP)
- 13.0 before 13.0–58.32 of Citrix ADC and Citrix Gateway, both of which must be configured with an SAML SP or IdP configuration to be affected
Cyberattack on the City of Antwerp’s Servers Triggered via PLAY Ransomware
Cyberattack on the Belgian City of Antwerp’s servers triggered via PLAY ransomware.
The PLAY group has warned that on December 19, it will start disclosing data that was stolen from Antwerp. The information that was stolen remains unknown.
The IT, email, and phone services in Antwerp were interrupted last week as a result of a ransomware attack on Digipolis, the IT firm in charge of overseeing the city’s IT infrastructure.
Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers.
The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths.
Ransomware: Which Industries Are Most Likely to Pay
A recent study by Cybereason, revealed that 73% of respondents had experienced a ransomware attack in the last 24 months. Of those respondents, 28% said their organizations paid the ransom.
Clop ransomware uses TrueBot malware for access to networks
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence.
The threat actor is also using a new custom data exfiltration tool called Teleport. Analysis of Silence’s attacks over the past months revealed that the gang delivered Clop ransomware typically deployed by TA505 hackers, which are associated with the FIN11 group.