Welcome to the Cobalt Security Newsletter. When you’re constantly inundated with security news, it can be hard to parse what’s important. We’re here to help you distill updates in the security space whether you’re a CISO, security analyst, or lead product developer. Explore hand selected resources on security trends, tools, new vulnerabilities, and more.
Security News and Trends
In a shocking and wide-reaching verdict, the Court of Justice of the European Union (CJEU) has ruled the US-EU Privacy Shield agreement as invalid, explains CSO Online. The ruling was made after it was determined that the United States did not provide sufficient safeguards for personal European data. This means that companies that currently export personal data out of the EU will need to find a new legal mechanism to satisfy EU GDPR laws and regulations. However, the CJEU will still honor standard contractual clauses and it is seen as a popular alternative.
Fortinet has bought OPQA and plans to use its cloud-based Zero Trust Network Access (ZTNA) capabilities to enhance it’s Security Platform, states DarkReading. OPQA has focused on providing security for the edge, including branch offices, IOT devices, and other remote or removed endpoints.
According to Kaspersky Lab, Microsoft Office is now the most targeted platform by hackers, with over 70% of all platform attacks now geared towards it, reports CSO Online. Attackers are turning towards the platform as a result of more secure browsers and more resource-intensive browser attacks. Microsoft Office files are now preferred over PDFs to host and deliver malware.
A California court ruled that Facebook’s lawsuit against NSO group, an Israeli spyware firm, will move forward as planned, outlined Threatpost. This was decided after the court ruled NSO Group did not have derivative immunity, which they claimed since their customers were sovereign nations. Facebook alleges the organization took advantage of a WhatsApp zero day vulnerability to secretly deploy Pegasus spyware against targeted individuals, such as human rights activists and dissidents.
Security Tools and Updates
With its end of life looming on December 31, 2020, Adobe will soon begin urging users to uninstall the Flash Player application before its completely deprecated and no longer supported, reports Threatpost. This decision was made in part due to the advent of new, open standard substitutes and Flash Player’s predilection of being a popular target among hackers. This will affect a wide range of people since the application is utilized by everyone from daily consumers to enterprises.
Italian encryption utility company CloudEyE is being used to package the GuLoader cloud based malware, reports ZDNet. While CloudEyE claims that hackers tampered with its software, it’s this software that is being used to protect and encrypt the payloads. Researchers at Check Point found many similarities between related DarkEyE products and the GuLoader malware found in the wild. DarkEye, a now discontinued encryption malware, showed up on scene as early as 2014 in online hacking forums.
CryptBB, an exclusive hacking forum, has introduced a new forum for amateur hackers, revealed Tech Times. Originally aimed at a private group of elite cybercriminals, “newbies” can now use the platform to learn from one another, hone their skills, and gain knowledge and techniques from more senior members.
A weak spot within the GRUB2 Linux bootloader allows hackers to bypass SecureBoot security features and hijack the booting process of various OS systems, details CSO Online. Due to an unsigned configuration file, attackers can upload and execute malicious code before the operating system begins running. While there is a patch out, experts state that it’s a lengthy, manual process.
Major Security Breaches and Events
DDoSecrets has leaked over 269 GB of sensitive police and law enforcement data in what is now being called BlueLeaks, announced The Hacker News. The gathered data comes from over 200 government-owned agencies that store public safety information, including police and FBI reports. It is believed that the information was obtained from a third party vendor, Netsential, and highlights a growing trend of hackers targeting these vendors to obtain sensitive, government data.
Garmin’s aviation services were the target and victim of a ransomware attack that left both consumer and commercial services, even call centers, unavailable, announced BBC News. It has now been confirmed that the WastedLocker ransomware is the culprit and initial estimates state that the Garmin’s ransom was set at $10 million
DarkReading confirmed that 7.5 million customers of the financial services app Dave had their personal identifiable information leaked online. The information was gained through a security breach at a third- party vendor, WayDev, before ending up in an online hacker forum and highlights the need for a well thought out vendor management process.
Breach of the Month
If you haven’t been vacationing underneath a nice, cozy rock for the last month, you would have heard about the largest Twitter hack to date. Three hackers, led by a 17 year old in Florida, hacked the Twitter accounts of multiple high-profile individuals including Elon Musk, Barack Obama, and Bill Gates, in a bid to scam Bitcoin from Twitter users.
The entry point into Twitter’s system was a mobile spear phishing attack targeted towards internal Twitter employees, lays out Krebs on Security. Once the credentials were stolen from these employees, the hackers targeted accounts with access to internal tools that could make changes to verified Twitter accounts, such as disabling 2FA. According to Dark Reading, over a thousand personnel had access to these internal tools. Those charged in connection with the hack are known to be active in the Sim swapping community. Days before the hack, one of the attackers advertised direct access to Twitter accounts or changing the associated email of an account in online forums.
An important takeaway from this story is the continued need for security training across all levels of an organization. To give some perspective, phishing was documented as the top reason for security breaches in 2019 by the Verizon Data Breach Investigations Report.Security training is only one piece of the bigger picture and should be used in tandem with implementing internal controls, such as SSO, and re-evaluating and limiting access and permissions to only those who need it.
CISA Vulnerability Bulletins
We hope you enjoyed this edition of the Cobalt security newsletter. If you have any suggestions on what you’d like to see, we’d love to hear from you. As always, stay safe and stay healthy!
Explore which web app security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. Learn more in our 2020 State of Pentesting Report.