Mar 30 2024
Sorry we are a day lateโฆ
Welcome to Gone Phishing, your daily cybersecurity newsletter thatโs celebrating its 300th edition today and, as such, has a special article for you coming this Easter weekend ๐๐๐
Itโs Friday, folks, which can only mean one thingโฆ Itโs time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs it.
Congrats, the cybercriminals are no matchโฆ for your patch! ๐ฉน๐ฉน๐ฉน
A now-fixed flaw in Microsoft Edge could have let attackers sneakily install harmful extensions, gaining broad permissions without users knowing ๐ก๏ธ Security researcher Oleg Zaytsev flagged the issue, dubbed CVE-2024-21388, which Microsoft patched in Edge version 121.0.2277.83.
The bug allowed attackers to abuse a private API meant for marketing to install extensions without user consent, possibly leading to browser sandbox breaches. By exploiting this flaw, attackers could inject malicious JavaScript into trusted sites like bing[.]com, auto-installing extensions ๐ต๏ธโโ๏ธ
Though there's no evidence of exploitation yet, it underscores the balance between user ease and security in browser customizations, as innocuous-looking extensions could pave the way for complex attacks ๐ป
Now, on to todayโs hottest cybersecurity news stories:
โ๏ธ Air Force Invite to to Indian Defence, Energy turns out to be malware ๐พ
๐ฎโโ๏ธ Feds to adopt carrot and stick approach to bolster cybersecurity in industry ๐ญ
โ๏ธ Off to cyber jail! Sellafield nuclear waste dump prosecuted for cyber offences ๐จโโ๏ธ
๐ก๏ธ Indian government entities and energy companies are under siege from unknown cyber attackers employing a modified version of the HackBrowserData malware.
๐จ Dubbed "Operation FlightNight," the campaign utilises Slack channels for data exfiltration, pilfering sensitive documents and browser data.
๐ผ The targets include government bodies overseeing electronic communications, IT governance, and national defence, along with private energy firms, resulting in the theft of 8.81 GB of data.
๐ต๏ธโโ๏ธ The attackers repurposed legitimate infrastructure like Slack, a popular business communication platform, to cloak their activities.
๐ The attack chain begins with deceptive ISO files and hidden executables, exploiting unsuspecting victims. Interestingly, the attackers repurposed legitimate infrastructure like Slack, a popular business communication platform, to cloak their activities.
๐ ๏ธ By adapting freely available offensive tools and repurposing legitimate infrastructure such as Slack that's prevalent in enterprise environments, it allows threat actors to reduce time and development costs, as well as easily fly under the radar.
๐ป This sophisticated approach underscores the evolving landscape of cyber threats, where threat actors leverage freely available tools to achieve their malicious objectives with minimal risk.
๐ It's a stark reminder of the importance of robust cybersecurity measures in today's digital age, urging organisations to stay vigilant and proactive in safeguarding their data and systems against evolving cyber threats.
๐ Proposed federal initiatives to bolster cybersecurity in the healthcare sector are encountering resistance from industry groups, cautioning against financial penalties for perceived laggards.
๐ฐ The Department of Health and Human Services' budget proposal for fiscal 2025 allocates $1.3 billion for cybersecurity investment, but also introduces penalties for non-compliance starting in fiscal 2029.
๐ The American Hospital Association (AHA) warns that penalties could strain hospital resources needed to combat cybercrime, urging a reevaluation of the proposed approach.
๐ Healthcare industry groups support voluntary cybersecurity goals but argue that threats of financial penalties may hinder progress.
๐จ As the Change Healthcare cyberattack reverberates, Senator Mark Warner introduces legislation to incentivize adherence to HHS cybersecurity standards.
๐ผ Privacy attorney David Holtzman notes the government's determination to enhance healthcare cybersecurity, signalling forthcoming regulations.
๐ก Despite concerns, federal support underscores the urgency of fortifying healthcare cybersecurity against evolving threats.
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
The Sellafield nuclear waste facility is set to be prosecuted for alleged information technology security offences, announced the Office for Nuclear Regulation (ONR) on Thursday. Charges stem from a four-year period between 2019 and early 2023 and come after the Guardian's investigative report highlighted cyber vulnerabilities at the site.
๐ The ONR clarified that the charges don't imply compromise to public safety but pertain to IT security lapses during the mentioned time frame. Sellafield, a sprawling repository for nuclear waste, faced intensified scrutiny following revelations of cyber penetrations by groups linked to Russia and China, as uncovered by the Guardian. Despite assurances from Sellafield that critical networks remained insulated, concerns persisted over the site's cybersecurity posture.
๐ This development follows organisational changes at Sellafield, including the impending departure of Richard Meal, the chief information security officer, and the recent appointment of Graeme Slater as the chief digital information officer with a focus on cybersecurity.
๐ While the prosecution unfolds, the National Audit Office has initiated an inquiry into risks and expenditures at Sellafield. The Department for Energy Security and Net Zero emphasised its commitment to safety and pledged support to the ONR's regulatory oversight.
๐ As legal proceedings progress, stakeholders await further details on the case, emphasising the imperative of stringent cybersecurity measures in safeguarding critical infrastructure.
Have a great Easter, folks! ๐คย ๐ฐย ๐ฅย ๐ย ๐ย ๐ฆย ๐ฅ
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐ย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!
