Articles of interest from the week of June 10, 2024

Cybersecurity Labeling for Smart Devices Aims to Help People Choose Items Less Likely to be Hacked

Consumer labels designed to help Americans pick smart devices that are less vulnerable to hacking could begin appearing on products before the holiday shopping season, federal officials said Wednesday. (SecurityWeek)

“With the rise in the global awareness of cybersecurity, the Cyber Trust labeling campaign offers an effective means to educate individuals on securing their personal data and protecting their families. The average user may not have the time or knowledge-base to thoroughly research organizations or stay updated on recent data breaches involving manufacturers of security cameras or smart watches. By providing a convenient QR code that can be scanned in-store, the campaign allows consumers to quickly access information on a company’s data protection measures and account security practices, thus simplifying the process of becoming more security-conscious. However, while potentially helpful, it still requires the effort of the individual to utilize these. My fear is that this will go the way of the Energy Start Ratings as no one truly utilizes these to justify their purchase,  often being more focused on brand loyalty. This does, however, pose a new security risk as individuals could cover the QR codes with one that takes them to a malicious download page and result in their personal devices becoming infected or unwittingly giving personal information away.” – Craig Flynn, SOC Manager/Tier 3 Analyst at Ingalls Information Security

Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments

The Mallox ransomware group is targeting VMWare ESXi environments with a fresh Linux variant that employs a new technique, to deliver and execute its payload only in machines with high-level user privileges. (Dark Reading)

Cisco Patches Webex Bugs Following Exposure of German Government Meetings

Cisco released a security advisory last week after the media reported that the German government’s Webex meetings were exposed, potentially allowing adversaries to obtain highly sensitive information. (SecurityWeek)

FBI Recovers 7,000 LockBit Keys, Urges Ransomware Victims to Reach Out

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. (Help Net Security)

Deprecated Features for Windows Client

Each version of the Windows client adds new features and functionality. Occasionally, new versions also remove features and functionality, often because they added a newer option. This article provides details about the features and functionalities that are no longer being developed in Windows client. For more information about features that were removed, (Microsoft)

RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks

In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim's environment. (Dark Reading)

Malicious VSCode Extensions With Millions of Installs Discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. (BleepingComputer)

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta warns of a vulnerability in the cross-origin authentication feature of their Customer Identity Cloud (CIC). (The Hacker News)

Data of 560 Million Ticketmaster Customers for Sale After Alleged Breach

​A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. (BleepingComputer)

Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.

More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. (The Hacker News)