In Other News: Assessing the Landscape of macOS Security, Keyboards, and VPNs

Weekly Cybersecurity Roundup: August 7, 2023

Stealing Data by Listening to the Sound of Keystrokes

Researchers have recently demonstrated how an AI model can accurately determine the key being pressed on a keyboard based on the sound it makes. By recording the sound of keystrokes using a phone or Zoom, an attacker could potentially steal sensitive information with an accuracy of over 90%. This discovery highlights yet another method that cybercriminals can use to exploit vulnerabilities in our digital systems.

DHS Announces Additional Cybersecurity Funding

The Department of Homeland Security (DHS) has announced an additional $374 million in grant funding for state and local governments to enhance their cyber resilience. This funding is being offered through the State and Local Cybersecurity Grant Program (SLCGP) for the fiscal year 2023. The DHS’s initiative is a much-needed step in providing support to the government entities that are at the forefront of protecting critical infrastructure and sensitive data.

Interpol Shuts Down Phishing Platform

Interpol recently announced the successful shutdown of a notorious phishing-as-a-service platform called 16shop. This operation led to the arrests of several individuals in Indonesia and Japan who were believed to be involved in this cybercrime scheme. Interpol’s efforts demonstrate the importance of international cooperation in combating cyber threats and the commitment to disrupting criminal networks involved in phishing attacks.

Department of Health and Human Services Issues Alert on Rhysida Ransomware

The US Department of Health and Human Services (HHS) has issued an alert warning healthcare organizations about a new ransomware-as-a-service (RaaS) group known as Rhysida. This group has been observed targeting victims in the Americas, western Europe, and Australia across a range of sectors. The HHS’s alert serves as a reminder of the constant evolving nature of ransomware threats and the need for robust security measures in the healthcare industry.

New Ransomware Groups Emerging Due to Code Leaks

According to a report from Cisco Talos, there has been a rise in the emergence of new ransomware groups due to leaked source code or builders. These new threat actors are demanding lower ransom payments compared to more established groups. This development highlights the continuous evolution of the ransomware landscape and the need for organizations to stay updated with the latest security practices to mitigate the risk of ransomware attacks.

Chinese State-Sponsored Threat Group RedHotel

Recorded Future has released a report on a Chinese state-sponsored threat group named RedHotel that has targeted entities in academia, aerospace, media, government, research, and telecom sectors over the past couple of years. While victims have been observed in 17 countries across Asia, Europe, and North America, the group’s primary focus appears to be in Southeast Asia. This report serves as a reminder of the persistent threat posed by state-sponsored actors and the importance of robust cybersecurity defenses.

macOS Security Reports

Two reports on macOS security have been published this week by Accenture and Bitdefender. Bitdefender’s data shows that Mac users are primarily targeted by trojans, adware, and potentially unwanted applications (PUAs). Accenture reported a staggering 1000% increase in dark web threat actors targeting macOS. These findings highlight the need for Mac users to remain vigilant and utilize the appropriate security measures to protect their devices and data.

Cybersecurity Gaps Found in Companies Backed by London’s Biggest VC Firms

A recent analysis conducted by DynaRisk reveals that all 5,482 companies backed by London’s largest venture capital firms have cybersecurity vulnerabilities. Two-thirds of these companies have high-risk vulnerabilities, while nearly 9% have critical security holes. This analysis highlights the importance of cybersecurity assessments and proactive measures to address vulnerabilities in all sectors.

Google to Release Chrome Security Updates More Frequently

Google has announced its plans to ship weekly stable channel updates for Chrome starting with version 116. The aim is to deliver security fixes to users more quickly and ensure that their browsing experience remains safe. This move demonstrates Google’s commitment to tackling security vulnerabilities and protecting users from online threats.

TunnelCrack VPN Vulnerabilities

Researchers have released details of a VPN attack named TunnelCrack that exploits a combination of two vulnerabilities, allowing attackers to intercept traffic outside the VPN tunnel. Testing has revealed that every VPN product is vulnerable on at least one device. Exploitation is possible when a user connects to an untrusted Wi-Fi network or through malicious internet service providers (ISPs). This highlights the need for caution when utilizing VPNs and the importance of keeping software and devices up to date.

NCC Group and Rapid7 Layoffs

UK cybersecurity firm NCC Group has announced layoffs of a “small number” of employees, following an earlier plan to terminate 125 workers earlier this year in the UK and North America. Similarly, Rapid7 also announced layoffs this week. These developments emphasize the challenges faced by cybersecurity companies and the need for organizations to prioritize security even in times of economic uncertainty.

Zyxel Routers Targeted via Old Vulnerability

Discontinued Zyxel routers are being targeted through the exploitation of a vulnerability that was patched by the vendor in 2017. The flaw has now been added to the “must patch” list by the Cybersecurity and Infrastructure Security Agency (CISA), and Fortinet reports seeing thousands of attack attempts. This serves as a reminder that even outdated devices can still pose security risks, and organizations should ensure that they regularly update and patch their systems.

Editorial: The Constant Struggle to Stay Secure Online

In an increasingly digital world, cybersecurity remains a constant challenge for individuals, businesses, and governments. The stories covered in this week’s roundup shed light on the evolving nature of cyber threats and the measures being taken to combat them. From innovative attack techniques like listening to the sound of keystrokes to the emergence of new ransomware groups and state-sponsored threat actors, the breadth and complexity of cybersecurity threats continue to grow.

The incidents reported this week highlight the need for individuals and organizations to maintain robust security practices. This includes implementing strong passwords, regularly updating software and devices, utilizing VPNs, and staying informed about the latest cybersecurity trends and best practices. Additionally, organizations must prioritize employee training and education to ensure that cybersecurity is ingrained in their culture and processes.

It is essential for governments and international organizations to work together in addressing the global cybersecurity challenges. Initiatives such as the DHS’s funding program and Interpol’s efforts to shut down cybercriminal networks demonstrate the significance of collaboration in safeguarding our digital infrastructure.

However, the fight against cyber threats requires ongoing vigilance and adaptability. Cybercriminals are constantly evolving their tactics, exploiting vulnerabilities, and finding new ways to infiltrate and compromise systems. It is incumbent upon all stakeholders to stay informed, prepared, and proactive in mitigating cybersecurity risks.

Advice: Taking Steps Towards a Secure Online Experience

1. Keep Software and Devices Updated:

Regularly update your software, operating systems, and devices to ensure that you have the latest security patches in place. This will help protect against known vulnerabilities and minimize the risk of exploitation.

2. Use Strong Passwords:

Choose unique and complex passwords for all your online accounts. Consider using a password manager to securely store and generate strong passwords.

3. Employ Multi-Factor Authentication:

Enable multi-factor authentication (MFA) whenever possible. MFA adds an extra layer of security by requiring additional verification methods, such as a fingerprint scan or a unique code sent to your phone, to access your accounts.

4. Utilize Virtual Private Networks (VPNs):

When connecting to public Wi-Fi networks or accessing sensitive information online, use a reputable VPN to encrypt your internet traffic and protect your privacy.

5. Stay Informed:

Stay updated on the latest cybersecurity threats, trends, and best practices. Follow reputable industry news sources, subscribe to security newsletters, and participate in security awareness training programs.

6. Be Cautious of Phishing Attempts:

Exercise caution when opening emails, clicking on links, or downloading attachments, especially from unknown or suspicious sources. Be aware of common phishing tactics and learn to identify red flags.

7. Implement Security Measures at Home and in the Workplace:

Ensure that your home network is secure with a strong password and firewall. At work, implement secure configurations, regularly back up data, and enforce cybersecurity policies and procedures.

8. Educate and Train Employees:

Organizations should invest in cybersecurity training and awareness programs for their employees. This will help foster a culture of security and ensure that everyone understands their role in protecting sensitive information.

In conclusion, cybersecurity remains an ongoing battle, requiring constant vigilance, adaptability, and collaboration. By following these recommendations and staying informed, individuals and organizations can take essential steps toward a more secure online experience.