Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Have I Been Pwned has added close to 71 million new email addresses to its database. HIBP is a data breach notification service that is constantly updating its site with the latest breach information, and, in this case, their source was the Naz.API dataset, which contains stolen email address and password pairs for many different services.
HIBP has stated that the emails recovered from this list will be recorded under ‘Naz.API’ but will not advise individuals exactly what service(s) their information was stolen from. To check if your credentials have been exposed in this dataset, visit haveibeenpwned and enter your email address.
All users present in Naz.API’s list are advised to reset the password for all accounts associated with their compromised email address. Since the accounts in this dataset were stolen using information-stealing malware, there is also a risk of crypto wallets being compromised; if your stolen account is in use for any cryptocurrency sites, we advise transferring to a new wallet as soon as possible.
"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," MITRE's Common Weakness Enumeration has reported.
Information about the threat actors and the nature of the attacks have been withheld by Google in to limit further exploitation. Users are advised to update to version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Foxsemicon, a semiconductor firm in Taiwan, is the latest organisation to be hit by the LockBit ransomware gang. On the 17th of January Foxsemicon’s website was hijacked by the gang and displayed a message threatening to release the personal information of its employees and customers.
The website has since been recovered and the firm has stated they are working with security experts to resolve the situation. Foxsemicon has not disclosed any information about what information has been accessed or the ransom demanded by LockBit.
Security researchers have discovered a large botnet called Bigpanzi, operated by an eight-year-old cybercrime syndicate, responsible for infecting potentially millions of smart TVs and set-top boxes. At the peak of the campaign, at least 170,000 bots were running daily, infecting Android-based TVs and streaming hardware through pirated apps and firmware updates.
Researchers noted the potential for Bigpanzi-controlled devices to broadcast violent, terroristic, or pornographic content and despite ongoing efforts to trace Bigpanzi, its operations are believed to have recently shifted to a separate botnet for more lucrative cybercrimes.
The National Cyber Security Centre are kicking of 2024 with a new initiative titled the ‘Cyber League’, which aims to “bring together a trusted community of NCSC and industry experts to work on the biggest cyber threats facing the UK.”.
Those in the UK’s cybersecurity industry are encouraged to volunteer and join the Cyber League but are required to have “relevant cyber experience and knowledge.”.
The NCSC Director of Operations has commented on this initiative by saying:
“Cyber defence is a giant, complex and ever changing puzzle, with critical knowledge, skills and innovation spread widely across industry and government. Only through working together can we achieve our collective aim of making the UK the safest place to live and work online.”
The National Institute of Standards and Technology (NIST) has released draft guidance on measuring and improving information security programs. The two-volume document, titled NIST Special Publication (SP) 800-55 Revision 2: Measurement Guide for Information Security, aims to help organizations develop effective information security measurement programs.
The first volume, directed towards information security specialists, provides guidance on prioritizing, selecting, and evaluating specific measures to assess existing security measures. The second volume, intended for the C-suite, outlines how organizations can create and implement an information security measurement program over time.
NIST are asking for feedback and comments on this new guidance, which is a positive sign of their desire to help businesses grow and improve their security posture.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #265 – 19th January 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.