Tuesday Morning Threat Report: Jan 17, 2023
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
Russian hackers target U.S. nuclear researchers, employers are using spyware against employees, and Microsoft has created AI that can mimic your voice. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
U.S. Nuclear Researchers Targeted: Using fake login pages and a phishing campaign, Russian hacking group, Callisto, targeted several U.S. nuclear research facilities. The goal of the hacking effort was to steal the researcher’s passwords.
Experian Vulnerability Exploited: An Experian vulnerability was exploited to steal customer credit reports.
Royal Mail Hacked: The United Kingdom’s Royal Mail has had a “cyber incident,” which is inhibiting it from sending international mail.
JWT Vulnerability: JSON Web Tokens (JWT) are used for securing website logins. A JWT implementation that is used in over 22,000 projects was found to have a critical vulnerability.
Spyware on Laptop — from Employer!: A Canadian woman was fired and fined by her company, and the company used spyware that they installed on her laptop to gather evidence against her.
TikTok Fined $5.4M: A French privacy watchdog fined TikTok $5.4 million for violating cookie consent rules.
GitHub Adds Scanning: In some good news for cybersecurity, popular code hosting website, GitHub, added a feature to scan and alert developers of vulnerabilities in their code.
Car Companies Vulnerable: Vulnerabilities that affect 16 car companies have put millions of cars at risk. When exploited, the vulnerabilities can be used to start, unlock, and track cars.
Free Malware Decrypter: MegaCortex is a ransomware that is primarily used against businesses. Researchers have been able to crack the encryption used, and are offering a free decrypter to any businesses affected by MegaCortex.
NortonLifeLock Accounts Breached: Some Norton accounts, including Norton Password Manager, have been accessed by an unauthorized third party.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
I Spy: Employers are increasingly using “productivity tracking” software to evaluate employees. One form of this is spyware. Spyware can record every click and keystroke the employee makes. It can also take screenshots of the employee’s device throughout the day. Some spyware will even go so far as to take pictures of the device user via the laptop camera.
Employers have a poignant argument for installing such software, particularly if their employees are working remotely. The employer (generally) owns the laptop, and the employer is paying the employee for their time. As long as the employee is using a company device and on company time, shouldn’t the company be allowed to monitor the device?
Interestingly, some employees report that they like being tracked. Citing work from home and cell phones as distractions, these employees said the software helps to keep them accountable.
Many employees object to being spied on by their company, and think that the use of such software demonstrates a lack of trust. An investigation into employee tracking by Indeed found that tracking made employees more likely to break company policies, eroded corporate culture, and resulted in higher employee anxiety levels.
In addition to Indeed’s findings, it needs to be recognized that tracking only paints a partial picture. From brainstorming on a white board to reading printed documents, many employees work away from their laptops. Tracking software cannot be relied on as the sole definition of productivity.
A privacy advocate myself, I suspect spying on employees does more damage than good. It generates bad will with employees, and the information it gives paints only a partial picture. If you want to know if your employer is spying on you, there are ways…
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
Voice Mimicking AI: Microsoft has developed Artificial Intelligence (AI) software that is capable of mimicking people’s voices. The AI only needs to listen to someone for three seconds, and then can convincingly mimic.
European Crypto Scammers Arrested: An international group of scammers in Europe stole up to hundreds of millions of Euros by selling a fake crypto currency. Fifteen individuals allegedly involved with the scam were arrested by European police this week.
New APT Emerges: Advanced Persistent Threat (APT) groups are sophisticated hacking organizations. A new APT, Dark Pink, has emerged, and is targeting governments in the Asian Pacific region.
SailPoint Acquires SecZetta: SailPoint is a giant in the Identity Access Management (IAM) space. SailPoint acquired competitor SecZetta, and plans to incorporate some of its features into SailPoint products.
AI Phishing: Phishing emails are emails designed to trick the recipient into giving up information/downloading malicious software. Artificial Intelligence (AI) is able to write increasingly convincing phishing emails.
B2B Privacy: List of 5 tech startups looking to enhance privacy that occurs in business-to-business (B2B) interactions.
CloudFlare Bypassing Attack: A novel attack uses a malicious python install script. The script leverages a CloudFlare tunnel, which enables it to bypass security protections that may be in place.
SCOTUS Greenlights Suit Against NSO Group: NSO Group is a sophisticated hacking group that sells its hacks exclusively to governments. WhatsApp is looking to sue NSO Group, and the suit is moving forward in spite of legal obstacles NSO Group has tried to raise.
CloudFlare and Microsoft Expand Partnership: CloudFlare is a cybersecurity company which helps protect servers. CloudFlare and Microsoft are partnering in an effort to make Zero Trust easier to achieve. Zero Trust is a security architecture many companies are looking to move to.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
