Australia plans to ban ransomware payments
We’ve covered the details and fallout from the latest high-profile hack that hit Australia, impacting insurance company Medibank. Combined with the Optus breach, the personal data of a large percentage of Australians has been exposed this year. Today, Australian Home Affairs Minister Clare O’Neil proposed making it illegal to pay ransomware, in a bid to reduce the profitability of such breaches. Critics of the proposal say it would move ransom payments underground, using third parties in other jurisdictions. The government also announced the formation of a new cyber-policing model between AFP and the Australian Signals Directorate to create a permanent joint operation against cyber-attacks.
Thousands of sites used for brand impersonation
Turns out, mass brand impersonation isn’t just a problem for Twitter these days. According to a report by Cyjax researchers, China-based threat actors known as Fangxiao operate a vast network of over 42,000 domains, intended to impersonate popular brands. The group is not new to the game, having spotted spoofing companies for the first time since 2017. It uses the sites to redirect users to adware, dating sites and scam giveaways, generating revenue from customers who pay for the traffic. The sites attempt to appear compelling, with researchers noting many location options. The group seems to be registering about 300 new brand domains per day.
GitHub gets private reports
The code hosting provider announced that it now offers a direct channel for security researchers to report vulnerabilities found in public repositories. Previously, the defaults on GitHub required researchers to report issues using the issues feature or through a git request. Apart from these approaches, researchers could resort to publishing vulnerabilities on blogs or social networks. These public means of reporting could alert a potential attacker. Administrators of public repositories must enable the setting to receive private reports.
SEO campaign hits WordPress sites
Sucuri security researchers report that since September 2022, it started tracking an increase in WordPress malware. This malware redirected site visitors to a fake Q&A site. It seems the organizers are hoping to boost search engine optimization with the campaign. Sucuri’s own SiteCheck scanner detected over 2,500 impacted sites, while PublicWWW’s results show almost 15,000. The malware does not take a subtle approach, modifying over 100 files per site on average. Usually, this type of malware seeks to limit file modifications to avoid detection. It is unknown which initial vector infects the sites.
Thanks to today’s episode sponsor, AppOmni
Binance fund hopes to stabilize the crypto industry
With FTX’s Chapter 11 bankruptcy filing, it’s a bit of a stretch to say the cryptocurrency industry is going through a tough time. Over the past week, other exchanges have seen over $8 billion in cryptocurrency assets removed. Now, Binance CEO Changpeng Zhao has announced that the exchange will launch an “industry recovery fund, to help projects that are otherwise strong, but in liquidity crisis.” More details will be announced in the coming days, and Binance will open the fund to co-investors. It is currently unknown how much money Binance will invest. Last month, the company opened Binance Pool, a $500 million lending pool to help struggling bitcoin miners.
Google accepts the largest consumer privacy agreement
The search giant has agreed to pay $391.5 million as part of a settlement with state attorneys general in 40 states over its tracking behavior. Google also agreed to improve its location tracking disclosures starting in 2023. AGs allege that Google’s settings misled consumers into thinking they had turned off proximity-based data collection. Google said it informed users that disabling location history would still allow Google to collect location data to improve user experience. The Associated Press first reported on these tracking practices in 2018.
Suppose Zimbra is compromised
This comes from a new Quirk of the Cybersecurity and Infrastructure Security Agency. He reported a series of vulnerabilities in Zumbra collaboration suites being actively exploited by malicious actors, leading to remote code execution and full access to the platform. Zimbra offers a suite of professional services including mail servers and a web-based mail client. The alleged attacks come from government and private networks. CISA has released guidance to help protect organizations from these malicious attacks, but the overall message remains.
Patch Tuesday breaks authentication
Some of the updates provided in Microsoft’s latest Patch Tuesday release have caused issues with corporate domain controllers, resulting in Kerberos login failures on both client and server versions. Bleeping Computer readers report that the issues arise in situations where accounts are configured to support Kerberos AES 256-bit and 128-bit encryption in Account Options or in Active Directory accounts. Microsoft has acknowledged the issue and is working on a fix, saying it’s not the result of the previously announced security tightening for Kerberos, which is scheduled for November.