Political tensions are prompting nations to re-strategize cybersecurity. Countries that once sought international cooperation and joint strategies are now prioritizing domestic cyber capacities and national interests as a result of geopolitical instabilities.
Following claims from the IntelBroker group on BreachForums of having access to large amounts of Hewlett Packard Enterprise (HPE) company data, HPE has begun its investigations.
The breach allegedly includes private GitHub repositories, Docker builds, and source codes. Arctic Wolf researchers helped HPE uncover the potential breach, and are continuing to work on validating the claim.
Microsoft is accused of failing to implement some basic security controls on its hugely popular Visual Studio Code (VSCode) extensions marketplace. An open letter from independent researchers published on Medium reports “an incredible number of security design flaws implemented by Microsoft that provide amazing ways for threat actors to gain credibility and access.”
The researchers say the biggest security design flaw with VSCode extensions is the lack of any permission model. For example, a theme extension that should only change the colors of the user’s integrated development environment (IDE) may execute code and read or write files without any visibility or explicit authorization from the user. The researchers have also published research evidencing the security flaws highlighted in the open letter.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Chinese-linked “Volt Typhoon” group, which is targeting critical infrastructure.
The CISA warning, issued in collaboration with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), confirmed the recent critical infrastructure attacks initiated by “Volt Typhoon” and the group’s tactics and motives.
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023.
The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
A Recorded Future report discloses that Microsoft-owned GitHub is a growing and lucrative platform for threat actors to effectively deliver malicious payloads by blending the payloads with legitimate traffic.
The open-source data repository platform’s legitimacy is now being leveraged cleverly by threat actors who are “living-off-trusted-sites”. However, the limitations in the site’s file size and storage stopped large-scale payloads used for data exfiltration from being delivered.
Editorial Team