August 8, 2023
- CYBERSECURITY HEADLINES TODAY -
Frequently Exploited Vulnerabilities in 2022
North Korean Hackers Versus Russian Missile Makers
Volt Typhoon creeps into Texas
Regulation China FR
In this Episode:
Edwin Kwan: A number of cybersecurity agencies have co-authored a joint Cybersecurity Advisory (CSA) on frequently exploited vulnerabilities in 2022. The advisory provides details on CVEs routinely and frequently exploited by cyber criminals.
Ian Garrett: North Korean hackers and Russian missile makers sound like an excellent start to a movie. The North Korean Hacking Group known as ScarCruft has made headlines once again- this time for breaching the IT infrastructure and email server of a prominent Russian space rocket designer and intercontinental ballistic missile engineering organization.
Katy Craig: Brace yourselves for a grave cybersecurity threat lurking right at our doorstep. A notorious Chinese advanced persistent threat known as Volt Typhoon, has plans to sabotage the utilities and communication systems powering US military bases. And they’ve got their eyes on Texas.
Hillary Coover: China responds to mounting privacy concerns by drafting stringent rules for facial recognition technology, demanding purpose, necessity, and consent in its use while curbing its application in sensitive spaces.
From Sourced Network Productions in Washington, DC, it’s 5:05. I’m Hillary Coover. Today is Monday, August 8th, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.
Edwin Kwan: Frequently Exploited Vulnerabilities in 2022
This is Edwin Kwan from Sydney, Australia.
A number of cybersecurity agencies have co-authored a joint Cybersecurity Advisory (CSA) on frequently exploited vulnerabilities in 2022. The advisory provides details on CVEs routinely and frequently exploited by cyber criminals. The agencies included:
– the CISA, NSA, and FBI from the United States,
– the ACSC from Australia,
– the CCCS from Canada,
– the NCSC-NZ from New Zealand,
– the NSCS-UK from the United Kingdom.
The advisory stated that cyber criminals tend to exploit older software vulnerabilities that are less than two years old and they targeted unpatched internet-facing systems. They favor vulnerabilities with publicly available proof of concept code and likely prioritize developing exploits for severe and globally prevalent CVEs.
The top five vulnerabilities affect Fortinet SSL VPNs, Microsoft Exchange email servers, Zoho ManageEngine AdSelfService Plus, Atlassian Confluence servers and Apache Log4j. The advisory strongly encourages vendors, designers, developers, and end user organizations to implement the recommendations to reduce the risk of compromise.
Resources
– 2022 Top Routinely Exploited Vulnerabilities | Cyber.gov.au
Ian Garrett: North Korean Hackers Versus Russian Missile Makers
North Korean hackers and Russian missile makers sound like an excellent start to a movie. The North Korean Hacking Group known as ScarCruft has made headlines once again- this time for breaching the IT infrastructure and email server of a prominent Russian space rocket designer and intercontinental ballistic missile engineering organization.
Hey folks, this is Ian Garrett in Arlington, Virginia.
The prominent Russian missile maker responsible for designing and manufacturing spacecraft, orbital vehicles, and tactical defense missiles found itself targeted by ScarCruft, a cyber espionage group recognized for its surveillance and data theft techniques.
The breach was discovered after SentinelLabs analyzed leaked emails from the Russian organization, revealing a much larger intrusion than initially suspected. The attackers left behind a Windows backdoor named ‘OpenCarrot’, granting them remote access to the missile maker’s network. The advanced malware has been previously associated with another North Korean hacking group, Lazarus Group, raising questions about potential collaboration or shared tactics.
The breach highlights the possibility of a deliberate strategy by the North Korean state, deploying multiple hacking groups to infiltrate high profile targets. This is a good warning that any organizations that deal with key infrastructure or are a part of the defense industrial base should stay vigilant of North Korean hacking activity.
Resources
– North Korean hackers ‘ScarCruft’ breached Russian missile maker
Katy Craig: Volt Typhoon creeps into Texas
Brace yourselves for a grave cybersecurity threat lurking right at our doorstep. A notorious Chinese advanced persistent threat known as Volt Typhoon, has plans to sabotage the utilities and communication systems powering US military bases. And they’ve got their eyes on Texas.
This is Katy Craig in San Diego, California.
US officials have uncovered a chilling plot where Volt Typhoon has surreptitiously implanted malware deep within water and electric utilities serving military installations. The sinister aim: potentially delaying a US military response in case of a Chinese invasion of Taiwan, something President Joe Biden has unequivocally vowed to counter.
The largest municipally-owned utility in the US, CPS Energy, with its 930,000 electric and 381,000 gas customers, could be a potential target. Likewise, the San Antonio Water System (SAWS), providing water and wastewater services to half a million customers is under scrutiny. The malicious code is on the prowl and the region’s safety is at stake.
But fear not! The authorities are on high alert. CPS and SAWS are working tirelessly to thwart the hackers. The Department of Homeland Security is providing crucial support, hunting for the malicious computer code, and assisting in fortifying defenses.
This is Katy Craig. Stay safe out there.
Resources
– U.S. Hunts Chinese Malware That Could Disrupt American Military Operations – The New York Times
– China’s Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure
Hillary Coover: Regulation China FR
China responds to mounting privacy concerns by drafting stringent rules for facial recognition technology, demanding purpose, necessity, and consent in its use while curbing its application in sensitive spaces.
Hi, this is Hillary Coover in Washington, DC.
China’s Cyberspace Administration (CAC) has released draft rules aimed at regulating the use of facial recognition technology in response to concerns about its excessive and potentially and invasive use.
The CAC emphasized that facial recognition should only be employed when there is a specific purpose, necessity and strict protective measures consent from individuals will also be required for its use. The regulator recommended prioritizing non-biometric identification solutions when they are equally effective.
Facial recognition has gained widespread adoption in China with instances like using it to activate public toilet roll dispensers and to enforce quarantines during the pandemic. But these concerns about overuse have led Chinese courts and local governments to penalize companies for excessive facial recognition application.
The rules set boundaries on the deployment of image-capturing and personal identification devices. These devices are prohibited in spaces like hotel rooms, public bathrooms, changing rooms, and toilets where privacy infringement is likely. In public areas, these devices are only supposed to be installed for public safety purposes.
This move by the CAC aligns with their broader stated efforts in Beijing to enhance data regulation. China’s introduction of the personal information protection law in 2021 marked a significant step toward curbing companys’ misuse of user data.
Resources
–https://apple.news/ApJluZbXOTWayygfO2wA6VQ
Hillary Coover
That’s our update for today, August 8th, 2023. I’m Hillary Coover. We’ll be back tomorrow… at 5:05.