Microsoft and CrowdStrike finally fix the stupidest problem in cybersecurity
In cybersecurity, every second counts. But when the same hacking group goes by half a dozen different names depending on which company you ask, defenders are left wasting time instead of stopping attacks. Now, Microsoft and CrowdStrike are teaming up to clean up the mess they helped create. The two companies just announced a joint effort to map their threat actor naming systems to each other. Basically, it’s a cheat sheet for decoding the confusing and conflicting names used across the industry. Midnight Blizzard? That’s Microsoft’s name for what CrowdStrike calls Cozy Bear. Others call it APT29 or UNC2452.
NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages
The NSO Group has filed an appeal in response to a jury’s $168 million award to WhatsApp last month for the spyware manufacturer’s alleged role in allowing government clients to infect some 1,400 phones with its zero-click surveillance technology. NSO asked the Northern California federal judge who oversaw the five-year trial to either drastically reduce the $167.2 million in punitive damages the jury awarded WhatsApp or greenlight a new trial, according to a Thursday court filing. The surveillance product allegedly used against the WhatsApp users, Pegasus, has been found on devices belonging to members of civil society worldwide for years, proving NSO’s clients widely abuse the technology.
MainStreet Bank reports vendor cyber incident that leaked customer info
MainStreet Bank said a cyberattack affecting one of its vendors exposed the sensitive information of about 5% of its customers. In regulatory filings with the Securities and Exchange Commission (SEC) on Friday afternoon, MainStreet Bancshares said it was informed in March that the vendor was compromised. “Although each vendor undergoes a thorough security vetting process, we swiftly ceased all activity with this provider,” the company said, adding that they concluded a review of the scope of the incident in late April. The company did not respond to a request for comment about how many customers were affected and what information was stolen. The Fairfax-based bank has 55,000 ATMs and branches across Virginia and Washington, D.C.
Backdoors in Python and NPM Packages Target Windows and Linux
New research from Checkmarx Zero has unveiled a unique malicious software campaign that targets Python and NPM users on both Windows and Linux systems. Security researcher Ariel Harush at Checkmarx Zero has identified this troubling new trend in cyberattacks. According to their research, shared with Hackread.com, attackers are using typosquatting and name-confusion techniques to trick users into downloading harmful software. What makes this campaign especially unusual is its cross-ecosystem approach. The malicious packages, uploaded to PyPI (Python Package Index), mimic the names of legitimate software from two different programming ecosystems: colorama (a popular Python tool for adding color to text in terminals) and colorizr (a similar JavaScript package found on NPM, the Node Package Manager). This means an attacker is using a name from one platform to target users of another, a rarely seen tactic.
Alleged Conti, TrickBot Gang Leader Unmasked
erman authorities have named Russian national Vitaly Nikolaevich Kovalev as the founder and leader of the TrickBot cybercrime gang. Established in 2016, the TrickBot group is believed to have infected millions of computers worldwide, exfiltrating sensitive information such as credentials, banking and credit card details, and personal information, while also enabling the deployment of other malware, such as ransomware.
