Top cybersecurity stories for the week of 04-25-22 to 04-29-22

top-cybersecurity-stories-for-the-week-of-04-25-22-to-04-29-22

Firstly as we begin, let me say that camDown .

Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12: 30pm PT/3: 30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Hadas Cassorla, CISO, M1.If you want to get involved you can watch live and participate in the discussion on LinkedIn Live (register), or you can just subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are some of the stories we'll be covering:

Hackers find 122 vulnerabilities, 27 deemed critical, during first round of DHS bug bounty program

These vulnerabilities were found by more than 450 security researchers who were working through the Department of Homeland Security’s “Hack the DHS” bug bounty program, which started in December 2021. The researchers, who were vetted by the agency before participating, were eligible to receive between $500 and $5,000 for verified vulnerabilities, depending on the severity. The DHS has not disclosed the vulnerabilities that were found, nor did it share any information about fixes for the bugs. Under original plans for the DHS program, the agency would verify the flaws within 48 hours of being notified, and fix them within 15 days — or, for more complex bugs, develop a plan to address them.

(Cyberscoop)

AWS’s Log4j patches blew holes in its own security

Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation. The vulnerabilities introduced by Amazon’s Log4j hotpatch – CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 – are all high-severity bugs rated 8.8 out of 10 on the CVSS. “We recommend that customers who run Java applications in containers, and use either the hotpatch or Hotdog, update to the latest versions of the software immediately,” the cloud giant said in a security bulletin on Tuesday.

(The Register)

Mandiant finds record zero-days in 2021

According to the security firm’s annual report, disclosed zero-day vulnerabilities exploded in 2021, more than doubling the previous 2019 record with 80. Most of the zero-days tracked by Mandiant were exploited by APT groups. Since it began tracking in 2012, Mandiant reports that China exploited more zero-days than any other nation. The growth in zero-days mirrors a report from Google’s Project Zero, which also saw a record number of zero-days in 2021. However Project Zero believed this was due to better industry disclosure rather than just an increase in zero-days discovered.

(Security Affairs)

Elon Musk’s Twitter takeover could be bad for security and privacy

After this week’s announcement that Twitter has accepted Elon Musk’s $44 billion purchase offer, cybersecurity experts fear that Musk’s open source vision for the platform may make it more susceptible to malicious actors. Experts are expressing concerns about open source vulns such as Log4Shell and also the potential for “gaming” the algorithm to treat people differently based on their personal characteristics. Additional concerns are being raised by Privacy advocates regarding Musk potentially implementing real-name policies, overriding anonymity and pseudonymity which protects the identities of those whose opinions do not align with those in power.

(TechCrunch)

Stormous Ransomware targets Coca Cola

On Tuesday, Coca Cola admitted that some of its systems were potentially hit by a ransomware variant but says it is still investigating the incident. Meanwhile, Stormous Ransomware group released a statement that it has stolen about 161GB of data from Coca-Cola and is intending to sell the data if its ransom demands were ignored. Coke announced last month that it is withdrawing business from the Russian Federation because of Russia’s invasion of Ukraine which some are speculating could have precipitated the attack by the Stormous gang who have been trying to make money through supporting Russia’s political agenda.

(Cybersecurity Insiders)

State Department puts a price on NotPetya’s head

The State Department announced its offering a $10 million reward for information leading to the six Russian intelligence actors responsible for the now infamous malware. This reward comes as part of the Rewards for Justice program. While it’s explicitly focused on the NotPetya actors, the reward can also apply to  “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.” Since launching in 1984, the Rewards for Justice program has paid out over $200 million in rewards, and currently also has bounties out for the REvil and DarkSide ransomware groups.

(CyberScoop)

Two-thirds of organizations hit with ransomware

According to Sophos’ State of Ransomware 2022 report, 66% of organizations surveyed were hit with a ransomware attack last year, up from just 37% in 2020. This comes as the ransom’s paid by organizations increased nearly five-fold on the year to an average of $812,360. 11% of organizations said they paid ransoms over $1 million, up from 4% in 2020. Organizations paying less than $10,000 dropped to 21%. Overall 46% of organizations that had data encrypted paid ransoms, including 26% of organizations that were able to restore data from backups. 83% of mid-size organizations had cyber insurance policies, with 98% of incidents paying out for costs incurred, including 40% covering ransoms themselves.

(Info-Security Magazine)

French fiber optic cable attacks accentuate critical infrastructure vulnerabilities

A day after what French telecom companies are calling a large-scale coordinated attack which destroyed a large number of fiber optic cables powering the French internet, authorities there are investigating the attacks as a criminal act. The Wednesday incident disrupted Internet service throughout France, and those responsible seem to have known how to do as much damage as possible. “The cables were cut on both sides to complicate the repairs,” an ‘operator’ told newspaper Le Parisien. “The urgency is to re-solder everything, this represents tens of thousands of small, fiber-optic cables.”

(Cyberscoop)

Lastly, as we move on to the next post, may I add that camDown is the solution for securing your webcam from cyber criminals and pedophiles and that's the no joke!