Note from Lionel: After too long of a hiatus. I’m glad to introduce the next issue of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry. I will publish a new blog post every other week on the X-Labs blog.
Forcepoint Security News
Here are some top recent security stories getting our attention:
The Cybersecurity and Infrastructure Security Agency (CISA) added several vulnerabilities that affect Apple, Cisco and Gigabyte to its list of bugs currently being exploited by hackers. Per an advisory Apple issued earlier this week, a kernel vulnerability allows for an application to potentially ‘execute arbitrary code with kernel privileges’. It affects iPhone 8 and later, all iPad Pro models and various iPad and iPad mini models CISA also recently added four Gigabyte vulnerabilities and two more from Cisco. The Cisco vulnerabilities affected their AnyConnect Secure Mobility Client for Windows, both of which have been patched.
On Wednesday, the Biden Administration unveiled plans aimed to protect the United States chemical sector from cyberattacks. The ‘Chemical Action Plan’ is an expansion of the government’s Industrial Control Systems (ICS) Cybersecurity Initiative—the chemical sector represent the fourth sector in the initiative. This plan was based on best practices previously learned during action plans for electric, pipeline and water sectors. CISA will lead the 100-day sprint. According to a White House fact sheet on the topic, since the majority of chemical companies are privately owned, the Chemical Action Plan requires collaboration between the private sector and the government.
Hackers recently used two malware variants, Treasure Hunter and its more advanced successor MajikPOS, to steal the details of 167,000 credit cards from payment terminals. Both malware items can either ‘brute force their way into a POS terminal,’ or can ‘purchase access from other parties known as initial access brokers.’ Many of the cards stolen were issued by banks in the United States, U.K, Canada, France and a handful of other countries. The hackers behind the scheme have not been identified.
According the (ISC)2 2022 Cybersecurity Workforce Study, the cybersecurity workforce gap grew by 26% so far in 2022. In 2021, (ICS)2 estimated the gap to be a shortage of 2.72 million cybersecurity professionals. Of that, the APAC region makes up the biggest percentage of that shortage, at 1.4 million. In comparison, the workforce gap in North America is over 400,000 and about 200,000 in the United Kingdom. Organizations are taking steps to close the gap through training, implementing more flexible working and investing in diversity, equity and inclusion programs.
According to Microsoft’s Security Threat Intelligence team, a hacker group known as Vice Society has been linked to the use several ransomware strains in its attack on education government and retail sectors. According to Microsoft, the hacker group uses a combination of BlackCat, Quantum Locker and Zeppelin ransomware payloads. The Vice Society has been active since June 2021. It was the group that claimed responsibility for the ransomware attack of Los Angeles Unified (LAUSD) where they stole over 500GB of data.
For those of you wanting to stay up on the latest ransomware statistics, check out The Record’s Ransomware Tracker, updated on the 10th day each month.