Security News > 2022 > February

The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.The 49ers confirmed the attack in a statement to BleepingComputer and said it caused a temporary disruption to portions of their IT network.

Contextualizing supply chain risks in a SaaS environmentIn the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. The four types of remote workers your security awareness program must addressNo matter how much technology you acquire or how many specific technical controls you install, when it comes to your information security awareness program, the most important control to tune within your environment is your people.

Let's take a look at the number of droppers we observed in our MDR data and correlate it with other data we have regarding the intensity of COVID lockdown restrictions over time, Droppers are a good overall indicator of malicious activity, as they often indicate an early stage of an attack. We observe a distinctive decrease in confirmed downloader activity in the months of November and December 2020 after the Trickbot botnet was taken down by law enforcement, and in January and February 2021, directly after Emotet was taken down.

A malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher Zach Edwards describes as "God mode." The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.

The oceans are warmer, which means more squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Apple on Thursday patched a zero-day security vulnerability in its WebKit browser engine, issuing updates for iOS, iPadOS, and macOS. Its Safari browser, based on WebKit, received the security update separately for instances where it is being used with an older version of macOS, like Big Sur. The Apple patch is relevant not just to users of Safari, which relies on WebKit, but to users of any iOS browser, because Apple requires that all iOS browsers use WebKit - a situation currently being considered by antitrust regulators in the US and UK. Alex Russell, a program manager for Microsoft's Edge browser who formerly worked at Google and has long evangelized web technology, echoed past frustration with Apple's insistence that only WebKit is fit for iOS. "Imagine, if you can, a world where installing an alternative browser as your default actually had a chance of protecting you from Apple's shocking underinvestment in security," he lamented via Twitter.

We saw the Maze ransomware developers reemerge briefly this week as they shared the master decryption keys for the Egregor, Maze, and Sekhmet ransomware operations. After the Maze ransomware operation began shutting down in October 2020, it always hoped that they would publicly release the decryptions to allow remaining victims to recover their files.

The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests. Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.

Threat actors are hijacking the devices of India's human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn. Arsenal Consulting's digital analysis shows that the file - one of the more incriminating pieces of data seized by police - was one of many files delivered via a NetWire RAT remote session associated with ModifiedElephant.

Croatian phone carrier 'A1 Hrvatska' has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information.