Turbulent Times: Investor Lawsuit Shakes Security Firm, Satellite Hacking and Cloud Attacks on the Rise

Cybercrime in Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

Introduction

In this weekly cybersecurity news roundup, we highlight noteworthy stories from the week of July 10, 2023, that may have slipped under the radar. From vulnerabilities in satellite systems to Microsoft’s expansion of their Security Service Edge, these stories shed light on important developments in the cybersecurity landscape.

Satellite Security Vulnerabilities

Researchers in Germany have conducted an analysis of several satellites and have discovered various vulnerabilities in their systems. These vulnerabilities include a lack of protection mechanisms such as encryption and authentication, making it possible for attackers to disrupt communications with ground control and even take control of the satellites themselves. Manufacturers have relied on security through obscurity, but this may not be enough to prevent cyber attacks in the future. The collaboration between researchers, the European Space Agency, satellite development universities, and a commercial company highlights the importance of addressing these vulnerabilities and improving satellite security.

Microsoft’s Security Service Edge Expansion

Microsoft has recently announced the addition of two new identity-centric capabilities to its Security Service Edge (SSE) solution. The Entra Internet Access and Entra Private Access features aim to secure access to internet, SaaS, and Microsoft 365 applications, as well as private apps and resources. This expansion is part of Microsoft’s ongoing efforts to enhance their security offerings and protect users’ access to various online platforms. Additionally, Microsoft has decided to rename Azure Active Directory (AD) to Entra ID, a simple name change that does not impact API, capabilities, licensing, or sign-in URLs.

Passwordless Authentication on GitHub.com

GitHub, the popular code hosting platform, has announced the public beta availability of passkey authentication on GitHub.com. This new feature allows users to sign in using biometric credentials, eliminating the need to enter a password. Users can enable passkey authentication from the Settings menu by accessing the “feature preview” tab. This move towards passwordless authentication aligns with the industry’s ongoing efforts to enhance security and streamline user authentication processes.

Patching Two-Factor Authentication Vulnerability in Drupal

A vulnerability affecting a two-factor authentication module in the Drupal CMS has recently been patched. This module enables developers to allow or require a second authentication method, but it was discovered that the requirement was not always being enforced. The patch aims to fix this vulnerability, ensuring that two-factor authentication functions as intended and adds an extra layer of security to Drupal-based websites.

Expanding Cryptojacking Campaign

A cryptojacking campaign, believed to be carried out by a cybercrime group named TeamTNT, has expanded its targeting from Amazon Web Services (AWS) to Azure and Google Cloud environments. Aqua Security and SentinelOne have analyzed recent attacks and identified the expansion of this campaign into other major cloud platforms. This highlights the importance of robust cloud security measures and the need for organizations to proactively protect their cloud workloads from such attacks.

Python-Based Fileless Malware Targeting Cloud Workloads

Cloud security startup Wiz has warned about PyLoose, a new fileless attack targeting cloud workloads. PyLoose relies on Python code to load an XMRig miner into memory. The script contains a compressed and encoded fileless payload, which is then decoded, decompressed, and written to the memfd buffer, a Linux feature for creating anonymous memory-backed file objects. This is the first publicly documented Python-based fileless attack targeting cloud workloads, underscoring the need for advanced detection and prevention measures in cloud environments.

WormGPT and Business Email Compromise Attacks

Security firm SlashNext has detailed how WormGPT, a blackhat alternative to GPT models, can be used to set up Business Email Compromise (BEC) attacks. WormGPT’s AI module can generate persuasive, well-written email messages to pressure employees into paying fraudulent invoices. This highlights the evolving sophistication of cybercriminal tactics and the need for organizations to educate their employees about the risks of BEC attacks and implement robust email security measures.

Ransomware Profits on the Rise

An analysis conducted by Chainalysis reveals that ransomware-related cryptocurrency transactions have been on the rise in 2023, with cybercriminals extorting at least $450 million through June. This underscores the profitability of ransomware attacks and the need for organizations to prioritize cybersecurity measures, including robust backup and recovery protocols, to mitigate the risks of falling victim to such attacks.

Conclusion

The stories highlighted in this weekly cybersecurity news roundup shed light on various developments in the cybersecurity landscape. From satellite security vulnerabilities to the expansion of cryptojacking campaigns and the rise of ransomware profits, these stories underscore the constantly evolving nature of cyber threats. It is crucial for individuals and organizations to stay informed about emerging threats and proactively adopt security measures to protect themselves from cybercrime.

Disclaimer: This article is for informational purposes only and does not constitute legal or financial advice.