Friday Five 10/21
Ransomware, info-stealing malware, and scams may be taking up the headlines, but a new, "tough" national cybersecurity strategy is right around the corner. Read about these stories and more in this week's Friday Five.
1. FBI: SCAMMERS LIKELY TO TARGET US STUDENT LOAN DEBT RELIEF APPLICANTS BY BILL TOULAS
The FBI has warned that any individuals taking advantage of the Federal Student Aid program should be on the lookout for potential scams. According to an FBI representative, "cybercriminals and fraudsters may purport to offer entrance into the Federal Student Loan Forgiveness program, contacting potential victims via phone, email, mail, text, websites, or other online chat services." To find out more about how to distinguish a scam from real government communications, read the full story from Bill Toulas at BleepingComupter.
2. WHITE HOUSE CYBER DIRECTOR DEFENDS 'TOUGH' NATIONAL CYBERSECURITY STRATEGY AHEAD OF RELEASE BY SUZANNE SMALLEY
The Biden administration recently released its comprehensive national security strategy, meaning that National Cyber Director Chris Inglis will likely be releasing his national cybersecurity strategy in the coming days. The tough new strategy will reportedly “more forcefully use government power in the cyber arena.” According to Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, the new strategy will include an implementation plan and “explicit tasking to achieve objectives.” Read more about the plan and what Inglis has to say about it in the full story from CyberScoop.
3. NEW PHP VERSION OF DUCKTAIL MALWARE HIJACKING FACEBOOK BUSINESS ACCOUNTS BY RAVIE LAKSHMANAN
An information-stealing malware known as Ducktail, which first originated in Vietnam in late 2021, has been found in the wild in the form of cracked installers for legitimate apps and games. The latest variant of said malware, first discovered this past August, aims to exfiltrate sensitive information like saved browser credentials and Facebook account information and store it on a newly hosted website in JSON format.
4. VENUS RANSOMWARE TARGETS REMOTE DESKTOP SERVICES BY CHRISTOPHER BOYD
Threat actors behind Venus ransomware are reportedly breaking into “publicly exposed Remote Desktop services” to encrypt Windows devices and the files they contain. Concerningly, home networks have been shown to be just as vulnerable as those in the office, with the ransomware being capable of infecting PCs and external drives. Read more about the details of Venus ransomware and the steps you can take to protect your network in the full story from Malwarebytes Labs.
5. MICROSOFT OFFICE 365 EMAIL ENCRYPTION COULD EXPOSE MESSAGE CONTENT BY BILL TOULAS
Security researchers recently uncovered that, under certain conditions, it's possible to partially or fully infer the plaintext of messages sent through Microsoft Office 365. This issue was found to be caused by the use of a weak block cipher mode of operation known as Electronic Code Book (ECB) mode--the same block cypher mode that was first highlighted as an issue after a massive data breach of over 150,000,000 Adobe accounts in 2013. Read more about how hackers can exploit ECB mode and why there still isn't a solution to the problem over at BleepingComputer.