Security News > 2022 > July

In this Help Net Security video, you’ll learn more about Lockdown Mode, a security capability from Apple that offers specialized additional protection to users who may be at risk of highly...

A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns. In Maui ransomware incidents the FBI has responded since May 2021, the attackers primarily encrypted servers responsible for healthcare services.

Tech companies could be fined $25 million - or ten percent of their global annual revenue - if they don't build suitable mechanisms to scan for child sex abuse material in end-to-end encrypted messages and an amended UK law is passed. The proposed update to the Online Safety bill [PDF], currently working its way through Parliament, states that British and foreign providers of a "Regulated user-to-user service" must report child sexual exploitation and abuse content to the country's National Crime Agency.

Speaking to an audience of business and academic leaders, MI5 director general Ken McCallum and FBI director Chris Wray argued that Beijing's Made in China 2025 program and other self-sufficiency tech goals can't be achieved without a boost from illicit activities. The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale.

In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services-including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities noted.

At the epicenter of this is data loss prevention, a category of tools that inspect content and contextually analyze data in any state. While there are instances of staff actively leaking data, many data leaks occur due to employees losing sensitive data in public, providing open Internet access to data, or failing to restrict access in line with organizational policies - often genuine mistakes which result from a lack of awareness and training rather than any bad intentions.

What can tens of thousands of machines tell us about illegal hacker activities? After 2 years of activity and analyzing 1 million intrusion signals daily from tens of thousands of users in 160 countries, we start having an accurate "Batman sonar" global feed of cyber threats.

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "Highly targeted cyberattacks." Lockdown Mode, when enabled, "Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement.

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server and "Could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company said in an advisory.

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites.