Daily Brief

A new variant of the Mirai malware botnet has been found infecting inexpensive Android TV set-top boxes for DDoS attacks The malware is a version of the 'Pandora' backdoor that first appeared in 2015 Low-cost Android TV boxes with quad-core processors are the primary targets for this campaign The malware arrives on the devices through malicious firmware updates or pirated content apps Persistence is achieved through a background service that runs on device boot The malware can perform various DDoS attacks over TCP and UDP protocols Budget-friendly Android TV boxes have a higher risk of containing preloaded malware It is recommended to use streaming devices from trusted brands like Google, Apple, NVIDIA, Amazon, or Roku.

Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump The attackers used the stolen key to breach Exchange Online and Azure Active Directory accounts of government agencies in the United States The key was leaked into a crash dump after a consumer signing system crashed in April 2021 The threat actors found the key after compromising a Microsoft engineer's corporate account The compromised key provided the hackers widespread access to Microsoft cloud services Microsoft revoked all valid signing keys and relocated recently generated access tokens to prevent unauthorized access Microsoft agreed to expand access to cloud logging data for free to help network defenders detect similar breach attempts Redmond faced criticism for impeding organizations from promptly detecting the attacks

The Flipper Zero portable wireless pen-testing and hacking tool can be used to aggressively spam Bluetooth connection messages at Apple iOS devices. The tool allows for the spoofing of Bluetooth advertising packets, leading to confusion and disruption of workflows for iOS users. The attack can be used to send bogus connection requests, making it difficult to discern legitimate devices among a large number of fakes, or to mimic trusted devices for phishing attacks. The Flipper Zero firmware needs to be updated to enable Bluetooth functionality, and specific code needs to be generated to create fake notifications. The attack can work even if the target device is in airplane mode, as Apple has no mitigations or safeguards in place to prevent this abuse scenario.

University of Michigan (UMICH) warns staff and students of a recent cyberattack and mandates password resets Failure to change password by September 12 will result in inability to sign into accounts Notifications sent by UMICH CISO and CIO to community members All UMICH community members on various campuses must change their passwords Users advised to consult guidelines on changing to a secure password An issue with the self-service password tool has been addressed Internet connectivity and WiFi restored across all UMICH campuses University does not disclose details regarding the investigation or the reason for the mandatory password resets

Three critical-severity remote code execution vulnerabilities discovered in ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers Vulnerabilities can be exploited remotely and without authentication, potentially allowing threat actors to hijack devices Flaws can lead to remote code execution, service interruptions, and performing arbitrary operations on the device ASUS has released firmware updates to address the vulnerabilities, but users who haven't applied the updates remain vulnerable It is advised to turn off the remote administration feature to prevent unauthorized access to the routers.

Freecycle, a charity aimed at recycling unwanted items, has suffered a data breach. The breach, which exposed usernames, email addresses, and hashed passwords, was discovered on August 30. Freecycle has urged all members to change their passwords and be vigilant for phishing emails. The data breach has been closed and regulatory authorities have been notified. It is unclear how many of Freecycle's 9 million members were affected by the breach. Users are advised not to reuse passwords and to avoid clicking on suspicious links or downloading unknown attachments.

An updated version of the malware loader BLISTER is being used to distribute the Mythic command-and-control framework. BLISTER is embedded within a legitimate VLC Media Player library to bypass security software. BLISTER has been used in tandem with SocGholish to distribute Cobalt Strike and LockBit ransomware. The malware is actively maintained and used to load various types of malware, including clipbankers, information stealers, trojans, ransomware, and shellcode.

Penetration Testing as a Service (PTaaS) offers a comprehensive solution for continuous security monitoring in web applications Traditional pen testing is labor-intensive, time-consuming, and does not offer continuous monitoring PTaaS provides comprehensive coverage, frequent testing, automated processes, and integration with development processes Benefits of PTaaS include continuous security, holistic view of AppSec, and effective protection against cyber-attacks PTaaS is more scalable and effective compared to traditional pen testing PTaaS is suitable for organizations with a large number of applications and frequent release updates.

DDoS attacks are on the rise, with the volume growing by up to 300 percent in 2023. These attacks use compromised computer systems to generate attack traffic, resulting in loss of service, revenue, reputation, and control of network defenses. Being able to detect and mitigate DDoS attacks is crucial in preventing damage. A webinar hosted by The Register and Cloudflare will discuss the scale of DDoS attacks in 2023 and identify the perpetrators. The webinar will provide guidance on how to defend against DDoS attacks and offer best practices for mitigation. Participants will learn how to effectively protect their businesses and build strong defenses against DDoS attacks. The webinar is scheduled for 6th September and registration is available.

The Police Service of Northern Ireland (PSNI) mistakenly published data on 10,000 employees on their website Two men have been released on bail after being arrested under the Terrorism Act in relation to the data breach The breach included details of every serving Northern Ireland police officer, potentially endangering their safety Recent poster attempts to intimidate police officers, but the information contained was incorrect The PSNI has made four arrests in relation to the data breach so far Other police forces in the UK have also experienced data breaches recently, including Cumbria Police and the Metropolitan Police in London

Attackers gained access to data from a UK supplier of high-security fencing for military bases The initial entry point was a Windows 7 PC, highlighting the risks of running obsolete code and hardware The LockBit Ransom group conducted the attack and may have exfiltrated 10GB of data The breach could potentially provide access to sensitive military and research sites in the UK The company stated that no classified information was stored on the compromised system Zaun has notified the National Cyber Security Centre and the UK's Information Commissioner's Office regarding the breach The attack serves as a reminder for enterprises and organizations to be vigilant about security in their supply chains The targeted nature of the attack on a third-party supplier raises concerns about national security and critical infrastructure

Microsoft is disabling TLS 1.0 and 1.1 by default in Windows, potentially causing issues for enterprise administrators. SQL Server 2012, 2014, and 2016 editions may require updates to be compatible. Other applications expected to be broken include Apple's Safari browser for Windows and several security applications. Microsoft has been tracking TLS protocol usage and believes usage of TLS 1.0 and 1.1 is low enough to act. Windows Insiders will be the first to have TLS 1.0 and 1.1 disabled by default from September, followed by future Windows releases. The option to re-enable the protocols will still be available but should only be done as a temporary solution. Microsoft's goal aligns with industry efforts to eliminate deprecated versions of TLS, with the US National Security Agency (NSA) and major tech companies advocating for the move. Microsoft's progress in disabling TLS 1.0 and 1.1 has been delayed but is now planned to be implemented in its flagship operating system.

Simon Byrne, Chief Constable of the Police Service Northern Ireland (PSNI), has resigned amid a data breach and disciplinary controversy The PSNI mistakenly published spreadsheet data containing details of every single serving Northern Ireland police officer following a Freedom of Information request The sensitive information included personal details of officers and staff, making them vulnerable to potential targeting by dissident republican groups An independent review is currently underway to investigate the data breach In addition to the data breach, Byrne was facing backlash over a court ruling related to disciplinary actions taken against two junior officers The court ruled that the officers had been unlawfully disciplined to appease Sinn Féin's support for policing in Northern Ireland The ruling undermined Byrne's credibility and authority, contributing to his decision to resign Deputy Chief Constable Mark Hamilton is expected to temporarily lead the PSNI while a new leader is sought.

Organizations heavily depend on digital assets in today's digital age The real battleground in cybersecurity has shifted to user identities Many organizations are unaware of security gaps and vulnerabilities Silverfort commissioned a comprehensive study on the Identity Attack Surface The webinar aims to provide insights and actionable steps to improve cybersecurity The digital landscape is evolving with new threats, and organizations need to stay ahead Attendees will discover ways to transform their perception of cybersecurity Registration is open for the webinar to fortify organizations' cybersecurity.

The average cost of a data breach rose to $4.45 million, a 15% increase over the last three years. Healthcare organizations suffered the highest average loss of $10.93 million, followed by the finance industry at $5.9 million. Organizations with fewer than 500 employees experienced higher average data breach costs in 2023 ($3.31 million) compared to previous years. Phishing and stolen credentials are still the most common initial attack vectors, with phishing costing an average of $4.76 million and stolen credentials costing an average of $4.62 million. Integrating a third-party tool into the Active Directory can provide added control and visibility over compromised passwords. Rapid incident response is crucial to mitigating the financial impact of a data breach, as companies that detected compromises within 200 days lost $3.93 million compared to those that identified the issue later. Understanding and securing the cloud is essential, as 82% of breached data was stored in the cloud. Misconfigured cloud configurations and supply chain attacks were prevalent in the surveyed organizations. External Attack Surface Management (EASM) and risk-based vulnerability management can significantly reduce the time to identify and contain a data breach and lower breach costs.