Weekly security newsletter - 5th February 2024
Was posting these, thought I'd post them as they come in
Weekly security newsletter - 5th February 2024
*****************************************************************
FBI confirms it issued remote kill command to blow out Volt Typhoon's
botnet
Disinfects Cisco and Netgear routers to thwart Chinese critters
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bse?utm_source=security&utm_medium=newsletter&utm_content=top-article
*****************************************************************
*** CSO News ***
Blackbaud settles with FTC after that IT breach exposed millions of
people's info
Cloud software slinger admits no guilt, promises better basic security
hygiene
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bv2
Cloudflare sheds more light on Thanksgiving security breach in which
tokens, source code accessed by suspected spies
Atlassian systen compromised via October Okta intrusion
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4btg
Rise of deepfake threats means biometric security measures won't be
enough
Defenses need a rethink in face of increasing sophistication
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bt8
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim
blaming
18,000 customers, including the Pentagon and Microsoft, may have other
thoughts
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bqm
*** Whitepaper ***
2023 ThreatLabz State of Ransomware Report
Ransomware attacks increased by over 37% in 2023, with the average enterprise ransom payment exceeding $100,000 with a $5.3 million average demand.
Read the 2023 ThreatLabz …
https://whitepapers.theregister.com/d/5923/18dcb5/1511/2eafc833?td=week-sec-e&utm_source=security&utm_medium=newsletter&utm_content=whitepaper
*** Whitepaper ***
2023 ThreatLabz State of Ransomware Report
Ransomware attacks increased by over 37% in 2023, with the average enterprise ransom payment exceeding $100,000 with a $5.3 million average demand. Read the 2023 ThreatLabz …
https://whitepapers.theregister.com/d/5c2b/18dcb5/1511/2cda812d?td=week-sec-e&utm_source=security&utm_medium=newsletter&utm_content=whitepaper
*** Cyber-crime News ***
Interpol's latest cybercrime intervention dismantles ransomware,
banking malware servers
Efforts part of internationally coordinated operations carried out in
recent months
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4btG
Wikileaks source and former CIA worker Joshua Schulte sentenced to 40
years jail
'Vault 7' leak detailed cyber-ops including forged digital certs
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4btp
LockBit shows no remorse for ransomware attack on children's hospital
It even had the gall to set the ransom demand at $800K … for a
nonprofit
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bsW
*** Patches News ***
Ivanti releases patches for VPN zero-days, discloses two more
high-severity vulns
Many versions still without fixes while sophisticated attackers bypass
mitigations
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bs0
Reg story prompts fresh security bulletin, review of Juniper Networks'
CVE process
Vendor gets tangled in its own web of undisclosed vulnerabilities
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4br2
*** Research News ***
Researchers remotely exploit devices used to manage safe aircraft
landings and takeoffs
The closest thing we may ever get to a real-life Die Hard 2 scenario
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bv8
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Evidence mounts of an exploit gatekept within Russia's borders
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bs6
*** Security News ***
SBF likely off the hook for misplaced FTX funds after cops bust SIM
swap ring
PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a
hefty dose of critical vulnerabilities
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bvg
Critical vulnerability in Mastodon is pounced upon by fast-acting
admins
Danger of remote account takeovers leaves lead devs scared of releasing
many details
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4btY
Biden will veto attempts to kill off SEC's security breach reporting
rules
Senate, House can try but won't make it past the Prez, says White House
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bt4
Congress told how Chinese goons plan to incite 'societal chaos' in the
US
American public is way ahead of them
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bst
FBI confirms it issued remote kill command to blow out Volt Typhoon's
botnet
Disinfects Cisco and Netgear routers to thwart Chinese critters
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bse
Ransomware payment rates drop to new low – now 'only 29% of victims'
fork over cash
It's almost like years of false assurances have made people realize
payments are pointless
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bsc
We know nations are going after critical systems, but what happens when
crims join in?
This isn't going to end well
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bs4
US shorts China's Volt Typhoon crew targeting America's criticals
Invaders inveigle infrastructure
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bra
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after
patch released
Multiple publicly available exploits have since been published for the
critical flaw
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4br8
UK biometrics boss bows out, bemoaning bureaucratic blunders
Questionable institutional change and myriad IT issues pervade the
governance landscape
https://go.reg.cx/seml/18dcb5/65e9037f/fb738c55/4bqJ
*** Whitepaper ***
2023 ThreatLabz State of Ransomware Report
Ransomware attacks increased by over 37% in 2023, with the average enterprise ransom payment exceeding $100,000 with a $5.3 million average demand. Read the 2023 ThreatLabz …
https://whitepapers.theregister.com/d/5c1c/18dcb5/1511/e7d2af4d?td=week-sec-e&utm_source=security&utm_medium=newsletter&utm_content=whitepaper
*** Whitepaper ***
2023 ThreatLabz State of Ransomware Report
Ransomware attacks increased by over 37% in 2023, with the average enterprise ransom payment exceeding $100,000 with a $5.3 million average demand. Read the 2023 ThreatLabz …
https://whitepapers.theregister.com/d/5c0d/18dcb5/1511/553441da?td=week-sec-e&utm_source=security&utm_medium=newsletter&utm_content=whitepaper