Top news stories this week
- Off track. Prison vehicle tracking technology disrupted after cyber attack on Microlise.
- Snowball. Canadian law enforcement arrests Snowflake hacker following US request.
- Zero-day. Google uses AI to identify new unknown software vulnerability in the wild.
- Rotten apple. North Korean hackers targeting macOS users in new phishing campaign.
- Error 522. DDoS attacks disrupt UK councils and German authorities seize a DDoS for hire platform.
- Bugged out. Okta fixes security bug that allowed logins without a correct password.
1. Cyber attack on Microlise disrupts prison vehicle tracking technology
A cyber attack on UK-based tracking technology manufacturer Microlise caused the tracking devices and panic alarms in prison escort vehicles operated by Serco to go offline for a number of days. Drivers were forced to revert to pen and paper and check in with prison bases every 30 minutes. The attack also caused widespread disruption to delivery company DHL.
So What?
Cyber attacks have real world consequences. It is important to communicate any knock on effects which might impact the safety of customers or employees.
[Researcher: David Broome]
2. Canadian law enforcement arrests Snowflake hacker following US request
Canadian law enforcement has arrested Alexander Moucka over his alleged involvement in the Snowflake data breach earlier this year, which resulted in over one billion records being stolen from 165 companies. The arrest was reportedly made at the request of US authorities, who are seeking his extradition.
So what?
The arrest of a suspect allegedly involved in one of the largest data breaches is significant and highlights the concerted effort by law enforcement to tackle cyber crime.
[Researcher: Waithera Junghae]
3. Google AI tool identifies zero-day software vulnerability
Security researchers at Google’s Project Zero and DeepMind have reportedly used a specially designed large language model called Big Sleep to identify a previously unknown zero-day vulnerability. The researchers have claimed this represents the first time AI has successfully identified exploitable flaws in real-world software. The specific vulnerability was a stack buffer underflow in the widely used open-source SQLite database engine.
So what?
Software vulnerabilities are one of the main ways hackers gain access to networks. This development highlights the potential of AI to enhance vulnerability detection and remediation.
[Researcher: James Tytler]
4. North Korean hackers bypass macOS security measures in phishing campaign
A North Korea-linked hacking campaign is targeting macOS users with malware that utilizes phishing emails containing fake PDF applications to bypass Apple's security measures. The hackers allegedly aim to target decentralized finance and cryptocurrency businesses, continuing a strategy of using cyber crime to support the North Korean regime.
SO WHAT?
There are now a wide range of malicious software exploits available for macOS, which was once considered safer than Windows. Phishing awareness and training is essential regardless of the operating system your business might use.
[Researcher: James Tytler]
5. UK councils hit by DDoS attacks and German police arrest DDoS platform operators
The Russian hacktivist group, dubbed as ‘NoName057’, has claimed responsibility for multiple DDoS attacks on UK councils and attributed their motive to the UK’s support of Ukraine. The impacted councils include Portsmouth, Middlesborough, Salford, and Trafford.
Separately, German law enforcement has arrested two individuals and shut down a DDoS for hire platform called Dstat.cc.
SO WHAT?
DDoS attacks remain a popular attack vector for less sophisticated cyber criminals and can have a significant impact on business operations.
[Researcher: Adelaide Parker]
6. Okta fixes security bug which allowed for logon without a correct password
US IT company Okta has fixed a security bug that allowed password authentication to be bypassed on accounts with usernames with 52 characters or longer. This exploit was only possible if the account had a stored record of a previous successful login, including the cache key generated by the algorithm.
So what?
Organizations with affected products should follow Okta’s advice and implement multifactor authentication (MFA). In addition to reducing the risk of traditional brute force and credential stuffing attacks, MFA can in some cases provide protection against security bugs.
[Researcher: Lena Krummeich]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
