From The Blog

Google has pushed out a new patch for Chrome to deal with a zero-day vulnerability tracked as CVE-2023-3079. In the patch release Google is clear that this vulnerability is actively being exploited in the wild and that users of both Chrome and Edge should update to the latest version as soon as possible. The report of the flaw was from Google’s own threat research team making this an even more urgent event.

After the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for any device that was compromised is a full replacement regardless of the firmware version. It seems that once an attacker gets their malware into the device, it is done. There is not a clean way to remove it and simply patching it does not disable the control that the attacker has on the device. It also seems that at factory resent does not clear it out.

As we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the popular game, Minecraft. It seems that attackers are leveraging popular Modding platforms to push out information stealing malware (Fractureiser). They are accomplishing this by injecting malicious code into modifications that are then uploaded to different platforms. These are then downloaded and installed by unwary gamers.

As if the internet needed something else bad floating around it seems that groups that engage in extortion schemes involving the threat of releasing images of a sexual nature are now getting help from AI image creation tools. Sextortion emails are nothing new, in many cases the blackmail is little more than an effort to get a target to click on a malicious file (disguised as an image or video file) in order to get ransomware on a system if the original blackmail is not good enough.

It is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to do its dirty work. Primarily a post-exploitation tool, PowerDrop is leveraged after access is obtained by other means. According to researchers at Adlumin, the tool also seems to focus on information gathering/theft. The attack also used WMI (Windows Management instrumentation) to execute the PowerShell commands which could be a move to living off the land.

Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing, special tools, access to customization tools and now we hear that the Cyclops group is even offering an information stealer as something of a value add if you use their services.

Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is one for a later (and much longer) article the overall tone of the EO is one that highlights a desire to centralize control over cybersecurity at the federal level, but not a lot of direct regulatory changes. Everything is recommendations, or guidelines. There is nothing in EO14038 that makes any real changes. Now that is both a good thing and a bad thing. On the one hand it means that organizations have time to adapt to the tone and general message of the EO and new cybersecurity requirements, and on the other hand, as we are already in an election cycle, many companies are likely to adopt a wait and see attitude towards any changes. One area is around SBOM, or Software Build of Materials.

So, there you are, you have found the one thing in all the internet that will make your object drive life complete. You put the fabulous object into your cart, giddily fumble out your credit card and enter those embossed numbers into the checkout screen and click to start the journey of your newfound treasure. Unbeknownst to you, attackers had previously injected skimming scripts into the site and captured all your card data for use later, or to sell in bulk on a dark web marketplace later.

Spring, the time of renewal, the time when nature wakes up. It is also a time when Zero-Day flaws hit the web. This year has been no different with many Zero-Day flaws identified in April and May 2023. The reasons for this are varied, but commonly we see Zero-Day flaws identified after everyone comes back from their Holiday vacations and after budgets are done, the money is available and initiatives for thew new year start. One of the more interesting zero-days for 2023 was a flaw found in MOVEit Transfer software.

The news that a feature in Gmail that shows a verification check mark for a sender is being abused by attackers should come as a surprise to no one. After all attackers have coopted, code singing certificates, legitimate web sites, and more as part of their attack processes, why wouldn’t a simple blue check mark be difficult? The new feature was introduced last month and, on the surface, looks like a great idea. Show that the sender of an email is who they say they are.