Newsletters

Written content from the Risky Business Media team

Risky Biz News: Tech companies and security firms rally against EU vulnerability disclosure rules

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A group of more than 50 tech experts and organizations have signed an open letter asking EU officials to rethink Article 11 of the upcoming EU Cyber Resilience Act.

The article introduces a mandatory requirement for all software vendors to disclose vulnerabilities to the ENISA, the EU's cybersecurity agency, within 24 hours of becoming aware of in-the-wild exploitation. ENISA will then relay this information to national CSIRT teams and stock market watchdogs across its member states.

The open letter's signatories argue that the CRA's Article 11—in its current form, at least—greatly expands the number of organizations that will have first-hand and real-time immediate knowledge of actively exploited vulnerabilities, which, in turn, increases the risks to product vendors, their customers, and the general public.

NSA Wants to Protect America's AI Edge

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The US National Security Agency (NSA) is creating a new Artificial Intelligence Security Center to develop secure AI for use in defence and national security. The Center will also work to maintain the US's AI advantage by protecting against intellectual property (IP) theft.

The Director of NSA and US Cyber Command, General Paul Nakasone, announced the creation of the new centre in a speech at the National Press Club in Washington DC.

In his speech Nakasone pithily described AI security as "about protecting AI systems from learning, doing and revealing the wrong thing", before listing some goals of the new centre:

Risky Biz News: Ransomware gangs hit TeamCity and WS_FTP servers

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Ransomware groups are exploiting recently disclosed vulnerabilities in TeamCity and WS_FTP servers to breach corporate networks and ransom organizations.

The attacks are exploiting CVE-2023-42793 and CVE-2023-40044.

The first is an authentication bypass and RCE vulnerability that can allow threat actors to take full control of JetBrains TeamCity CI/CD servers. Once on the development pipeline, threat actors can pivot to other resources on a company's internal or cloud network, from where ransomware gangs can do extensive damage.

Risky Biz News: Disclosure snafu delays critical Exim patch more than a year

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A critical vulnerability impacting more than 3.5 million Exim email servers has remained unpatched for more than 15 months in one of the most egregious instances of vulnerability disclosure snafus in recent history.

Tracked as CVE-2023-42115, the vulnerability is a no-authentication remote code execution with a severity rating of 9.8/10.

It is one of six vulnerabilities that were disclosed by Trend Micro's Zero-Day Initiative (ZDI) to the Exim project in June 2022.

Risky Biz News: Chinese APT hacks subsidiaries, pivots to corporate headquarters

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Cybersecurity agencies from Japan and the US have issued a joint security  advisory about a Chinese APT group that is hacking the overseas subsidiaries of US and Japanese companies and then pivoting to their corporate headquarters.

Known as BlackTech (Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), the group targets internet-facing routers as their entry point into victim networks.

To maintain access, the group hot-patches the router firmware with a modified version that bypasses security features and contains a built-in SSH backdoor to maintain future access.

Lapsus$: From Flash in the Pan to Raging Fire

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Teenage hackers have breached systems at Caesars Entertainment and MGM Resorts International, two large US resort, entertainment and gaming companies. These incidents showcase how hacking groups comprising young people using Lapsus$-style techniques are becoming one of the greatest cyber security threats to organisations.

Both hacks had significant impact.

Caesars Entertainment reportedly paid a ransom of USD$15m after the group stole personal information from its loyalty program database, including driver licence and social security numbers. The organisation’s SEC filing uses a form of words that we suspect will become standard when paying a data extortion ransom:

Risky Biz News: CISA releases HBOM framework

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The US Cybersecurity and Infrastructure Security Agency released on Monday the first version of the Hardware Bill of Materials (HBOM), a framework meant to mitigate supply chain risks for hardware/physical products.

The framework is inspired and is meant to be a complement to SBOM, a similar framework that CISA has been pushing to software vendors since the Log4Shell incident in late 2021.

Under the new HBOM framework, hardware vendors are expected to produce an HBOM file that will contain information on all physical components used in a product.

Risky Biz News: China admits NSA hacked Huawei

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

China's Ministry of State Security (MSS) published an extremely rare official statement on its WeChat account last week formally accusing the US National Security Agency of hacking and maintaining access to servers at Huawei's headquarters since 2009.

The statement is the first time the Chinese government has confirmed the NSA's Huawei hack—first reported by the New York Times and Der Spiegel back in 2014.

Based on documents from the Snowden leaks, the two reports cover Shotgiant, an NSA operation to compromise Huawei's network.

Risky Biz News: Lazarus steals $54 million from CoinEx crypto-exchange

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

North Korean hackers known as the Lazarus Group have stolen $54 million from the CoinEx cryptocurrency exchange.

The hack took place on Tuesday, September 12. In a statement, CoinEx said the hackers identified a leak of some of its private keys and used them to steal Ether, Tron, and Matic assets from some of the company's hot wallets.

The company didn't formally link the hack to North Korea, but a blockchain investigator named ZachXBT found that some of CoinEx's stolen funds were sent to the same address that is storing funds stolen from the recent hack of the Stake.com crypto-gambling site.

Microsoft's Security Culture Just Isn't up to Scratch

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Last week, Microsoft released its latest report into how its services were compromised by a China-based actor it called Storm-0558. It's an eye opening document that raises some red flags about Microsoft's security culture.

To summarise the incident briefly, Storm-0558 used a Microsoft Account (MSA) signing key to gain access to the email accounts of individuals in businesses and in government departments including the US Department of State and the US Department of Commerce. For several reasons this hack should not have worked, yet Storm-0558 was able to take advantage of multiple flaws in Microsoft processes to achieve its objectives.

From the perspective of someone who has worked in high-security environments, some of these flaws are absolutely bewildering.