Cybersecurity Digest #30: 26/07/2021 – 6/08/2021

Cybersecurity news

• Apple patched a zero-day flaw found in both its iOS and macOS platforms that’s being actively exploited in the wild and can allow attackers to take over an affected system. The company urges iPhone, iPad and Mac users to install the updates.
• Google has blocked an ad for a website that tried to trick users into installing a fake version of the Brave browser. The malicious website was delivering ArechClient Remote Access Trojan (SectopRAT).
• Researchers have discovered nine vulnerabilities – collectively dubbed PwnedPiper – in the pneumatic tube systems (PTS) used in more than 80 percent of major hospitals in North America.
• A free decryptor for Prometheus ransomware has been released for victims to retrieve their encrypted files. Available on GitHub, the decryptor effectively works by brute-forcing the encryption key used to lock the victim’s data.
• The Joint Cybersecurity Advisory coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) provided details on the top 30 vulnerabilities primarily Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
• At the Black Hat US 2021 hybrid event a team of researchers detailed a new type of attack against databases that could potentially lead to information disclosure and loss. The attack goes by the name DBREACH, which is an acronym for Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics.

Cybersecurity Blog Posts

• APIs allow developers to work across the digital assets and across multiple systems with ease. But with increased use of APIs comes increased security risks, largely because developers struggle with API security for mobile use. Sue Poremba described best practices for API Security.
• AWS, like other cloud providers, has a “Shared Responsibility Model” that determines which cloud components AWS is responsible for securing and which are the customer’s responsibility to secure. Ermetic team takes a look at what this model means, its many challenges and how organizations can better protect their cloud infrastructure and improve their cloud security posture.
• Anton Chuvakin continues the conversation on detection quality. He answers such questions like: How do we get the mainstream companies to improve their detection quality? What does it mean to have “good” detections? How do we get to more and better detections?
• Bruce Lynch described five reasons why opting for a security-first vendor is smarter than depending on your ISP.

Research and Analytics

• ISACA published State of Cybersecurity 2021, Part 2: Threat Landscape, Security Operations and Cybersecurity Maturity report which contains the results of the annual ISACA global State of Cybersecurity Survey, conducted in the fourth quarter of 2020. Part 2 focuses on the threat landscape, the impact of the COVID-19 pandemic on security programs and the challenges of assessing cybersecurity maturity.
• Avast released Global Risk Report for SMBs H1 2021 which can help small and medium businesses to better understand what the security landscape is looking like in the Covid-19 era.
• McAfee published the report which covers Babuk ransomware with an array of prevention and detection techniques.
• CynergisTek published The State Of Healthcare Security & Privacy 2021 Annual Report which combs through data of nearly 100 risk assessments measuring progress alongside overall NIST conformance with a complete picture of the healthcare industry’s current state of security.
• ThycoticCentrify completed a global cyber security survey among 8,000+ knowledge workers in 15 countries in partnership with Sapio Research. Survey results reveal a disturbing disconnect between an understanding of cyber security risks in 2021 and the risky activities employees engage in every day to get their jobs done.
• A new survey Rethinking the Sec in DevSecOps: Security as Code completed by SANS focuses on application security and DevOps.
• Salt Labs published State of API Security Report Q3 2021 which focuses on API security concerns and risks and the implications they have on businesses. According to the report, API attacks are increasing at an alarming rate – up 348% in six months, and today’s tools aren’t stopping them.
• The Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) published the research report The Life and Times of Cybersecurity Professionals 2021 which surveyed 489 cybersecurity professionals and reveals several nuances surrounding the well-documented cybersecurity skills shortage. The top ramifications of the skills shortage include an increasing workload for the cybersecurity team (62%), unfilled open job requisitions (38%), and high burnout among staff (38%).
• The U.S. Government Accountability Office has issued a report Cybersecurity and Information Technology: Federal Agencies Need to Strengthen Efforts to Address High-Risk Areas. Federal agencies have implemented about 73 percent of the approximately 5,100 recommendations that GAO has made since 2010 on cybersecurity and IT management. However, about 950 cybersecurity and approximately 300 IT recommendations have not been implemented to successfully address the high-risk areas.

Major Cyber Incidents

• Hackers have attacked and blocked an Italian Covid-19 vaccination booking system marking the worst cyberattack the country’s health service has ever seen. The malware attack used a “crypto locker” to encrypt the files and block all the system’s activities, including the Covid-19 vaccine reservation center.
• Hackers broke into the email accounts of some of the most prominent US federal prosecutors’ offices. 27 US attorney offices had at least one employee email account compromised. According to the justice department the accounts were compromised from 7 May to 27 December last year.
• The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services.
• The LINE accounts of more than 100 Taiwanese politicians and government officials have been hacked, and data exfiltrated from devices. The company notified users of the intrusions and told them to enable their account’s message encryption feature.
• Northern Ireland’s Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. The government body says that a limited number of users were potentially exposed to data of other users, causing them to temporarily halt the service.