- MITRE Unveils Top 25 Software Weaknesses of 2023
- TSMC Faces $70M Ransom Demand After LockBit Breach
- 3 Ways to Build a More Skilled Cybersecurity Workforce
- At least 100,000 could have had data exposed after US health department hack
- Urgent warning for Android users over apps that steal your bank details
- The 2023 CWE Top 25 list of the most dangerous software weaknesses has been released.
- "Out-of-bounds Write" retains its position as the most dangerous software weakness.
- Newcomers to the list include "Improper Privilege Management" and "Improper Control of Generation of Code".
- The list is a community-developed resource sponsored by the US Department of Homeland Security.
The 2023 CWE Top 25 list is an essential resource for cybersecurity professionals, highlighting the most perilous software weaknesses. Topping the list is "Out-of-bounds Write", which involves writing data past the end of allocated memory. This can corrupt data, crash the system, or enable the execution of malicious code. Notably, "Improper Neutralization of Input during Web Page Generation", commonly known as Cross-Site Scripting (XSS), holds the second spot. XSS vulnerabilities allow attackers to inject client-side scripts into web pages viewed by other users, potentially leading to data theft or other malicious activities.
SQL Injection, which involves the insertion of malicious SQL code into queries, remains a significant threat, ranking third. A rising concern is "Use After Free" vulnerabilities, which involve the use of memory after it has been freed, potentially allowing an attacker to execute arbitrary code.
New entries such as "Improper Privilege Management" and "Improper Control of Generation of Code" reflect evolving threat landscapes. The former involves the mishandling of privileges within an application, while the latter concerns the dynamic creation of code without proper validation.
- TSMC, a major semiconductor supplier, has been targeted by the LockBit ransomware group, which is demanding a $70 million ransom.
- The breach occurred via a third-party IT hardware supplier, Kinmax Technology, leading to the leak of server setup and configuration information.
- TSMC has denied any compromise of its own systems or customer information, and has ceased data exchange with Kinmax Technology.
- LockBit threatens to publish the stolen data, network entry points, and login credentials if the ransom is not paid.
The LockBit ransomware group, known for its high-profile attacks, targeted TSMC through its IT hardware supplier, Kinmax Technology. This method of attack, known as a supply chain attack, is becoming increasingly common as cybercriminals exploit the interconnected nature of modern businesses to gain access to larger, more lucrative targets.
While TSMC asserts that its own systems and customer data remain uncompromised, the incident highlights the potential risks associated with third-party suppliers. The leaked information, which pertains to server setup and configuration, could potentially provide cybercriminals with valuable insights into TSMC's infrastructure, making it a prime target for future attacks.
The ransom demand of $70 million is one of the largest known to date, indicating the perceived value of the stolen data and the audacity of modern cybercriminals. The threat to publish the stolen data, along with network entry points and login credentials, adds another layer of pressure on TSMC and serves as a stark reminder of the potential consequences of a data breach.
This incident serves as a wake-up call for organizations to thoroughly vet their suppliers' cybersecurity protocols and to implement robust security measures across their supply chains. It also underscores the importance of incident response plans to mitigate the impact of such breaches.
- OECD and Microsoft release a report analyzing cybersecurity workforce supply and demand.
- The study is based on over 400 million online job postings from 2012 to 2022.
- The report focuses on insights from Australia, Canada, New Zealand, the UK, and the US.
- The findings come amid growing worker shortages and increased cyberattacks.
The report by OECD and Microsoft provides a comprehensive overview of the cybersecurity workforce landscape. The study, which analyzed over 400 million online job postings, highlights the growing demand for skilled cybersecurity professionals. The focus on five major countries provides a global perspective on the issue. The report underscores the urgency to address worker shortages in the cybersecurity field, especially in the face of increasing cyber threats. It is a call to action for governments, educational institutions, and businesses to invest in training and development to build a more skilled cybersecurity workforce.
- A cyberattack on contractors at the Department of Health and Human Services (HHS) has potentially compromised the data of at least 100,000 people.
- The attack is part of a larger cyberattack linked to Russian cybercriminals, exploiting the vulnerability in the MoveIT transfer software of third-party vendors.
- The breach did not compromise HHS systems or networks, but the attackers gained access to data through the software vulnerability.
- The cybercriminal group, known as Clop, is suspected of stealing data from victims and using the stolen data to make extortion demands.
The recent cyberattack on the Department of Health and Human Services (HHS) contractors underscores the growing threat of cybercrime and the vulnerability of third-party systems. The attack, linked to Russian cybercriminals, exploited a vulnerability in the MoveIT transfer software, a popular file-transfer software used by many organizations. This breach did not compromise HHS systems or networks directly, but it allowed attackers to access data through the software vulnerability.
The suspected group behind this attack, known as Clop, is known for stealing data from victims and using the stolen data to make extortion demands. This method of attack is particularly concerning as it not only compromises the security of the data but also puts the victims under the threat of extortion.
- Anatsa, a banking Trojan, is targeting Android users in the UK, US, Germany, Austria, and Switzerland.
- The malware is distributed via apps on the Google Play Store, with over 30,000 installations reported.
- Once installed, Anatsa can steal banking credentials, credit card details, and payment information.
- The Trojan performs on-device fraud by launching the banking app and performing transactions on the victim's behalf.
The Anatsa Android Trojan represents a significant threat to banking security. This malware is distributed via apps on the Google Play Store, with over 30,000 installations reported. Once installed, Anatsa can steal a wide range of financial information, including banking credentials, credit card details, and payment information.
The Trojan is particularly insidious because it performs on-device fraud. This means that it launches the banking app on the victim's device and performs transactions on their behalf. This method of operation makes it very difficult for banking anti-fraud systems to detect the fraudulent activity, as the transactions are initiated from the device that the targeted bank customers regularly use.
Sign up for Mandos Way
Join Mandos Way for tips and strategies to make security your business accelerator. Receive weekly cybersecurity briefs for you and your team.
No spam. Unsubscribe anytime.