[ This article was originally published here ]
Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023.
Threat Advisories and Alerts
The U.K. National Cyber Security Centre has published guidance on how companies can leverage zero trust security. The article explains why some systems can’t integrate into a zero trust network. Organizations can get around this issue by building a mixed estate using a zero trust proxy or a managed virtual private network (VPN).
A high-severity flaw (CVE-2022-36537) affecting the ZK Framework has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. The remote code execution flaw is being actively exploited and can give threat actors access to sensitive information. Affected ZK Framework versions include 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1.
Emerging Threats and Research
Password manager company LastPass has been hit with an attack related to its August 2022 breach. LastPass explained, “The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources.” The motive and identity of the threat actor is still unknown. As have become increasingly common, the incident could be a stepping stone to an attack on a larger target.
In December of last year, the U.S. Senate passed a ban on the use of TikTok from government devices. On Monday, the ban began, allowing federal agencies 30 days to remove the popular social media app. The ban is a move by the White House to protect American citizens from China driven social media campaigns that could deepen divisions and manipulate voting on important domestic issues. It follows a similar last week.
The U.S. Marshals Service, one of America’s highest ranking law enforcement agencies, has been hit with a major breach. On February 17, a ransomware infection affected a system that contained “law-enforcement sensitive information.” According to Marshals Service spokesperson Drew Wade, the sensitive data includes administrative information, returns from legal process and personally identifiable information pertaining to subjects of USMS investigations, certain USMS employees and third parties.
In a to employees last week, mass media and publishing company News Corp – owner of newspapers including The Sun, The Times and The Australian – revealed it experienced a breach that lasted two years. “News Corp understands that, between February 2020 and January 2022, an unauthorised party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the letter read. Also impacted by the breach were some News Corp brands, including the New York Post, Wall Street Journal and some U.K. publications.
U.S. broadcasting platform Dish Network has confirmed it suffered a ransomware attack, which is responsible for the multi-day service and network outage that began last Friday. While Dish also confirmed that data was stolen from its systems, it didn’t specify who the data belonged to – customers, employees or both. The company’s website is still experiencing an outage as the attack is investigated with the help of outside security advisors.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community board.
Ad