How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks
A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allowed the attacker to log into the client’s security portal, where they attempted to remediate incident reports and uninstall security agents to cover their tracks. This incident is part of a larger campaign that targets SonicWall VPNs. This campaign quickly spread the Akira ransomware to many victims.
NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has announced more than $3.3 million in cooperative agreements intended to develop the workforce needed to protect our nation’s infrastructure and organizations from cybersecurity threats. The 17 awards of about $200,000 each will go to educational and community organizations in 13 states to address the nation’s ongoing shortage of qualified cybersecurity professionals. The agreements will be administered by NICE, a NIST-led collaboration among government, academia and the private sector. NICE focuses on cybersecurity education and training and on the development of a skilled workforce.
Albania’s government debuts its AI ‘minister’ to parliament
An AI-generated government “minister” was debuted in the Albanian parliament on Thursday, with Prime Minister Edi Rama presenting the bot as a symbol of his government’s push for transparency and innovation. “The Constitution speaks of institutions at the people’s service. It doesn’t speak of chromosomes, of flesh or blood,” the avatar declared in a three-minute address delivered from two large screens. “It speaks of duties, accountability, transparency, non-discriminatory service.” “I assure you that I embody such values as strictly as every human colleague, maybe even more,” added the artificial persona. It has been named Diella, which means sun in Albanian, and is depicted as a woman in traditional Albanian dress.
The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting Mac users through fraudulent GitHub repositories designed to trick potential victims into installing what is presented as various companies’ software for MacOS. In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. The threat actors are using Search Engine Optimization (SEO) to deliver links to their malicious sites at the top of search pages, including Bing and Google. This campaign appears to be targeting a range of companies, including tech companies, financial institutions, password managers, and more. Further information on the targeted companies can be found in the Indicators of Compromise (IoCs) at the end of the blog.
Transforming Cyber Frameworks to Take Control of Cyber-Risk
CIOs, CTOs, and CISOs today can find themselves constantly on the defensive, having to adjust their security protocols and tooling to match the latest shift in the technology landscape. This may be especially true for cyber leaders in the public sector. They are required to safely guard their IT environments from AI vulnerabilities and threats from bad actors — all while potentially working with reduced budgets, managing lean IT teams, and adjusting to government cybersecurity mandates.
Google tests automated switching from passwords to passkeys
The move from passwords to passkeys is making gradual progress, and Google is among the companies pushing to encourage people to make the switch. Now there are signs that things are being taken up a notch. Hidden away in the most recent Canary build of Chrome, Google is testing a flag which, when enabled, will automatically convert saved passwords into passkeys when logging into a site or service. As spotted by Windows Report, the process happens automatically in the background, without the need for prompts or any interaction from the user. This stands in contrast to the current system which sees users being prompted to adopt passkeys instead of passwords, with the conversion required confirmation on a prompt.
