Microsoft has discovered a China-based hacking group targeting network systems and credential access in Guam and other US territories. Called Volt Typhoon, the criminals specialize in espionage and associated information-gathering activities aimed against critical infrastructure organizations. Documented exploits by the hackers show that they operate and maintain compromised access “without being detected for as long as possible.” Among the victims of attacks are the government, maritime, communications, manufacturing, transportation, information, and education sectors. Microsoft said it has “moderate confidence” that the group’s campaigns could disrupt vital communication capabilities between the US and Asian regions in a conflict.
It is usually the case that new versions of Windows see the arrival of new features and options, but Microsoft is also known to take things away. This month, Microsoft has taken the decision to deprecate three features and services, including WebDAV, in Windows 10 and Windows 11. Also for the chop are the Remote Mailslots protocol and the Computer Browser service. The reason for killing off the trio is security, with age meaning that there are now far better options available.
The March 2023 National Cybersecurity Strategy (NCS) includes, “In setting cybersecurity regulations for critical infrastructure, regulators are encouraged to drive the adoption of secure-by-design principles…” There are two important elements to this. The concept of secure-by-design is introduced but not defined; and it is implied that this undefined concept will be enforced on the critical infrastructure by regulations that are yet to be established. This is more than a little nebulous but is something that cannot be ignored.
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “Fearlless,” the nickname chosen by the proprietor of the SWAT USA Drops service. Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “Fearlless,” the nickname chosen by the proprietor of the SWAT USA Drops service.
Microsoft has been pushing for users to ditch passwords in favor of passwordless solutions for logging into Windows 11 and other services for some time. Another way to offer better security is with multi-factor authentication (MFA) by using the Microsoft Authenticator app. In May, the app added a new feature that required all users to match the number sent by Microsoft before they could respond to a new MFA notification on their phone with the Authenticator app. This was made to help defeat the spamming of these kinds of notifications by hackers. However, in a new blog post, Microsoft has announced it has extended this kind of protection for the Authenticator app.
IBM X-Force has discovered a new variant of the notorious Gootloader malware, dubbed GootBot. This malware performs stealthy lateral movement, which complicates the detection or blocking of the campaign within enterprise networks. According to the blog post authored by Golo Mühr and Ole Villadsen, the Gootloader group implements their custom bot in the latter stages of this attack chain to evade detection, using off-the-shelf tools for establishing C2 communication, such as RDP or CobaltStrike.