Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing, special tools, access to customization tools and now we hear that the Cyclops group is even offering an information stealer as something of a value add if you use their services.

Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is one for a later (and much longer) article the overall tone of the EO is one that highlights a desire to centralize control over cybersecurity at the federal level, but not a lot of direct regulatory changes. Everything is recommendations, or guidelines. There is nothing in EO14038 that makes any real changes. Now that is both a good thing and a bad thing. On the one hand it means that organizations have time to adapt to the tone and general message of the EO and new cybersecurity requirements, and on the other hand, as we are already in an election cycle, many companies are likely to adopt a wait and see attitude towards any changes. One area is around SBOM, or Software Build of Materials.

So, there you are, you have found the one thing in all the internet that will make your object drive life complete. You put the fabulous object into your cart, giddily fumble out your credit card and enter those embossed numbers into the checkout screen and click to start the journey of your newfound treasure. Unbeknownst to you, attackers had previously injected skimming scripts into the site and captured all your card data for use later, or to sell in bulk on a dark web marketplace later.

Spring, the time of renewal, the time when nature wakes up. It is also a time when Zero-Day flaws hit the web. This year has been no different with many Zero-Day flaws identified in April and May 2023. The reasons for this are varied, but commonly we see Zero-Day flaws identified after everyone comes back from their Holiday vacations and after budgets are done, the money is available and initiatives for thew new year start. One of the more interesting zero-days for 2023 was a flaw found in MOVEit Transfer software.

The news that a feature in Gmail that shows a verification check mark for a sender is being abused by attackers should come as a surprise to no one. After all attackers have coopted, code singing certificates, legitimate web sites, and more as part of their attack processes, why wouldn’t a simple blue check mark be difficult? The new feature was introduced last month and, on the surface, looks like a great idea. Show that the sender of an email is who they say they are.

There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.

The arguments for and against AI as a threat all seem to be centered on the point of AGI (Artificial General Intelligence). This is the point where the reasons skills of AI are on par with the average human brain. When reached it would mark an evolution in AI. The people saying AI is a threat are trying to slow down progress towards this, while those arguing it is harmless all say we are nowhere near that stage. I have argued that this point is irrelevant in terms of assessing the dangers of a blind rush to build and shove AI into everything.

Google’s Chrome (and derivatives) is one of the more popular browsers on the market. It reached the height of popularity via a well-orchestrated marketing push, dissatisfaction with Microsoft, and being one of the faster and more secure browsers (at the time). However, the popularity of the browser and some less than stellar security policies in the Chrome Web Store have made it a nice target for attackers.
Goggle recently removed a total of 32 malicious extensions from the store with downloads possibly totaling 75 million.

Remember how the EU regulators said the Microsoft Activision deal was pro competition and pro-consumer? Well, I wonder what they might be thinking now as news is dropping saying that both Microsoft and Activision are considering pulling games out of the UK in order to push the buyout through. The deal all on its own is far from pro-competition and standing on licensing agreements that affect 1% of the market defied logic, but now we see the lengths that Microsoft is willing to go to in order to get their way.

The group behind BlackCat ransomware seem to be following some good business practices as they have launched a new variant with improved performance (faster encryption) and detection evasion. First identified in February of 2023 the new variant has been given some extra attention after an update to this flavor was seen in April. BlackCat is notable as being the first ransomware written in Rust identified in the wild.