Australia Considers Banning Ransomware Payments
We’ve been covering the details and fallout from the latest high-profile hack to hit Australia, affecting insurance provider Medibank. Combined with the Optus breach, the personal data of a large percentage of Australians was exposed this year. Now Australia’s Home Affairs Minister, Clare O’Neil, has proposed outlawing the payment of ransomware, with the aim of reducing the profitability of such breaches. Critics of the proposal say it would move ransom payments underground, using third parties in other jurisdictions. The government also announced the formation of a new cyber policing model between the AFP and the Australian Signals Directorate to create a permanent joint operation against cyber attacks.
Thousands of sites used for brand impersonation
It turns out that mass branding isn’t just a problem for Twitter these days. According to a report by Cyjax researchers, China-based threat actors known as Fangxiao operate a massive network of more than 42,000 domains, intended to impersonate popular brands. The group is not new to the game, having first detected counterfeiting companies since 2017. It uses the sites to redirect users to adware, dating sites and fraudulent giveaways, generating revenue from customers who pay for traffic. The sites try to look convincing, and the researchers observe a wide range of location options. The group appears to register approximately 300 new brand domains each day.
GitHub gets private reports
The code hosting provider announced that it now offers a direct channel for security researchers to report vulnerabilities found in public repositories. Previously, GitHub’s defaults required researchers to report issues using the issues functionality or via a git request. Outside of these approaches, researchers could turn to posting vulnerabilities on blogs or social networks. Such public means of reporting could alert a potential attacker. Administrators of public repositories must enable the setting to receive private reports.
SEO campaign comes to WordPress sites
Security researchers at Sucuri report that since September 2022, they began tracking an increase in WordPress malware. This malware redirected site visitors to a fake Q&A site. It seems that the organizers hope to increase search engine optimization with the campaign. Sucuri’s own SiteCheck scanner detected more than 2,500 affected sites, while PublicWWW’s results show nearly 15,000. The malware does not take a subtle approach, modifying an average of more than 100 files per site. Typically, this type of malware seeks to limit file modifications to avoid detection. It is not clear which initial vector infects the sites.
Thanks to today’s episode sponsor, AppOmni
Can you name all the third-party applications connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, a compromised third-party application could put your entire SaaS ecosystem at risk.
with AppOmni, gain visibility into all third-party applications, including which end users have enabled them and the level of data access they’ve been granted. visit AppOmni.com to request a free risk assessment.
The Binance fund hopes to stabilize the crypto industry
With FTX filing for Chapter 11 bankruptcy, it’s an understatement to say that the cryptocurrency industry is going through a tough time. Last week, other exchanges withdrew more than $8 billion in cryptocurrency assets. Now, Binance CEO Changpeng Zhao announced that the exchange would launch an “industry recovery fund, to help projects that are otherwise strong, but in a liquidity crunch.” More details will be announced in the coming days and Binance will open the fund to co-investors. Right now it is unclear how much money Binance will invest. Last month, the company opened Binance Pool, a $500 million loan pool to help struggling bitcoin miners.
(CoinDesk)
Google agrees to the largest consumer privacy agreement
The search giant agreed to pay $391.5 million as part of a settlement with attorneys general in 40 states over its location-tracking behavior. Google also agreed to improve its location tracking disclosure starting in 2023. The AGs allege that Google’s settings misled consumers into thinking they had opted out of proximity-based data collection. Google said it informed users that turning off location history would still allow Google to collect location data to improve the user experience. The Associated Press first reported on these tracking practices in 2018.
(CNET)
Let’s assume that Zimbra is committed
This comes from a new alter of the Cybersecurity and Infrastructure Security Agency. It flagged a number of vulnerabilities in Zumbra’s collaboration suites that are being actively exploited by threat actors, leading to remote code execution and full access to the platform. Zimbra offers a suite of business services that include email servers and a web messaging client. Suspected attacks come from government and private networks. CISA issued guidance to help protect organizations against these malicious attacks, but the overall message remains.
Patch Tuesday breaks authentication
Some of the updates delivered in Microsoft’s most recent Patch Tuesday caused problems with enterprise domain controllers, resulting in Kerberos login failures on both client and server versions. Bleeping Computer readers report that the issues occur in situations where accounts are configured to support Kerberos AES 256-bit and 128-bit encryption in Account Options or Active Directory accounts. Microsoft acknowledged the problem and is working on a fix, saying it is not a result of its previously announced security hardening for Kerberos, which is scheduled for November.
[ad_2]
Source link
