Medusa ransomware threat actors have increased their activities following the February 2023 launch of a data leak site on the dark web to publish sensitive data of victims who refuse to give in to their demands. According to Palo Alto Networks' Unit 42, as part of their multi-extortion strategy, this group gives victims multiple options when their data is posted on their leak site, such as time extension, data deletion, and more. Medusa is a ransomware family that emerged in late 2022 before becoming well-known in 2023.

Anne Neuberger, the deputy national security advisor for cyber and emerging technologies, announced that the US has signed an agreement with the European Union on a joint roadmap for a consumer labeling program aimed at alerting consumers about the cybersecurity of Internet of Things (IoT) devices. A cyber trust mark should appear on the packaging of smart devices that meet specific security standards, similar to how the Energy Star label provides a seal of approval for energy-efficient electronics and appliances.

Laptop computer maker Framework has recently started notifying users that personal information was stolen in a data breach at its primary external accounting partner.  The California-based company said the incident occurred on Thursday, January 11, and was the result of a phishing attack targeting an employee at Keating Consulting.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to the Finnish National Cybersecurity Center (NCSC-FI), the Akira ransomware, first detected in Finland in June 2023, was particularly active at the end of 2023. In 2023, NCSC-FI received 12 reports of Akira ransomware attacks on Finnish organizations, three of which occurred during the holiday season. Before launching the ransomware, the attackers identified and targeted organizations with vulnerable Internet-facing Cisco ASA or FTD devices, as well as found and wiped the organizations' backups.

GitLab has addressed two critical vulnerabilities, one of which allows account hijacking with no user interaction. The vendor urges updating all vulnerable versions of the DevSecOps platform. The most severe vulnerability is an authentication flaw that allows password reset requests to be sent to arbitrary, unverified email addresses, enabling account takeover. Since the platform is commonly used to host proprietary code, Application Programming Interface (API) keys, and other sensitive data, compromising a GitLab account can significantly impact an organization.

According to security researchers at NetDocuments, UK law firms are falling victim to data breaches primarily because of insiders and human error.  The researchers examined data from the Information Commissioner’s Office (ICO) covering Q3 2022 to Q2 2023 and found that 60% of data breaches in the UK legal sector were the result of insider actions, and the rest (40%) were from external actors.  In total, the researchers found that data from legal firms relating to 4.2 million people was compromised during the period analyzed.

Fidelity National Financial (FNF) recently revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack in 2023.  The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated filing on January 9, 2024.  The company first disclosed the incident in November 2023.  The attack forced FNF to take down certain systems, resulting in disruption to its business operations.

Security researchers at Trustwave are warning organizations of a vulnerability in Kyocera Device Manager that can be exploited to capture credentials and gain access to accounts and devices.  A web-based application, the Kyocera Device Manager is used for the management of multiple Kyocera printers and multifunction devices within an organization’s environment, offering support for application deployment, setting up alerts, and more.

Volt Typhoon, a China-backed cyber espionage group, is systematically targeting legacy Cisco devices in a sophisticated campaign to expand its attack infrastructure. The threat actor, known for targeting critical infrastructure, has exploited router vulnerabilities from 2019 to infiltrate and control the devices.