Security News > 2023 > February

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments' cybersecurity investment, according to Network Assured. While expectedly, California, with its high concentration of businesses in technology and healthcare recorded the highest number of data breaches at 1,338, the relatively small state of Maryland ranked 5th worst in the nation with 343 breaches.

LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.

SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. "Attackers have realized this, and that it's easy to hide in and attack all those gaps, those third-party components as they get transferred around and reused by other vendors," Dan Lorenc, CEO and co-founder of security specialists Chainguard, told The Register.

The U.S. Marshals Service is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as "a stand-alone USMS system." Spokesperson Drew Wade said the USMS discovered the "Ransomware and data exfiltration event affecting a stand-alone USMS system" on February 17.

Microsoft is now force-installing the Microsoft Defender for Individuals application when installing or updating the Microsoft 365 apps."Starting in late February of 2023, the Microsoft Defender app will be included in the Microsoft 365 installer," the company says in a support document updated last week.

On Android, Google offers its own authenticator app, unsurprisingly called Google Authenticator, that you can get from Google Play. Google's add-on app does the job of generating the needed one-time login code sequences, just like Apple's Settings > Passwords utility on iOS. But we're going to assume that at least some people, and possibly many, will perfectly reasonably have asked themselves, "What other authenticator apps are out there, so I don't have to put all my cybersecurity eggs into Apple's basket?".

In an email to The Register on Monday morning, a Dish spokesperson said the satellite TV company is working to restore all of its systems "As quickly as possible," but declined to answer questions about whether the outage was due to a ransomware infection, as has been widely speculated on social media. "We experienced a systems issue with our corporate network on February 23 that is affecting our internal servers and telephone systems, and the issue is being investigated," the Dish spokesperson said.

Threat actors are promoting a new 'Exfiltrator-22' post-exploitation framework designed to spread ransomware in corporate networks while evading detection. Threat analysts at CYFIRMA claim that this new framework was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution in exchange for a subscription fee.

Dutch police announced late last week that they'd arrested three young men, aged between 18 and 21, suspected of cybercrimes involving breaking in, stealing data, and then demanding hush money. Late last year, for example, we wrote about a trick that the Dutch police used for some time against the DEADBOLT ransomware gang, who scramble unpatched QNAP network storage devices over the internet, and demand payment in Bitcoins to decrypt the ruined files.

Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites. The Houzez theme is a premium plugin that costs $69, offering easy listing management and a smooth customer experience.