Friday Five 7/8
In this week’s Friday Five, read more about what Apple is doing to protect users against government-backed malware, why U.S. healthcare organizations should be on high alert, how threat actors are changing their tactics, and much more.
1. Apple Announces 'Extreme' Privacy Mode for Targets of Government Spyware by Lorenzo Franceschi-Bicchierai
In a recent press release, Apple announced that they will soon be releasing a new feature known as “Lockdown Mode,” which will help to protect Apple’s most vulnerable users against government malware. “Lockdown Mode—the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura—is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.” Read the full story at VICE to see why researchers call this development a “promising step forward.”
2. US: North Korean Hackers Targeting Healthcare Sector With Maui Ransomware by Ionut Arghire
A joint advisory released by the U.S. Treasury, FBI, and CISA warned that U.S. healthcare services are being targeted by North Korean cyber criminals using Maui ransomware. Per the advisory, “the North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations.” Read the full story from SecurityWeek to find out what Maui ransomware is capable of and how the advisory recommends healthcare organizations prepare for potential attacks.
3. Ransomware, hacking groups move from Cobalt Strike to Brute Ratel by Lawrence Abrams
A troubling new trend has emerged: threat actors are slowly switching from Cobalt Strike to using Brute Ratel (BRc4) as their preferred post-exploitation toolkit. While this penetration testing tool is lesser known compared to Cobalt Strike, it is just as complex and is even specifically designed to evade modern endpoint detection and response (EDR) and antivirus solutions. Read the full story from BleepingComputer to better understand how Brute Ratel can be used by threat actors to spread through compromised networks and how they’re getting their hands on the software.
4. Rogue HackerOne employee steals bug reports to sell on the side by Ionut Ilascu
HackerOne, a platform used to coordinate vulnerability disclosures between organizations and bug hunters, recently revealed that one of its own employees was terminated for stealing reports submitted by these bug hunters to claim the financial rewards. According to HackerOne, “the [former employee] created a HackerOne sockpuppet account and had received bounties in a handful of disclosures. After identifying these bounties as likely improper, HackerOne reached out to the relevant payment providers, who worked cooperatively with us to provide additional information.” Learn the specifics of how the former employee was caught by reading the full story at BleepingComputer.
5. TikTok says ‘Project Texas’ will bolster security for US users in wake of China data access concerns by Ivan Mehta
In the wake of an FCC Commissioner calling for Apple and Google to remove TikTok from their respective app stores, along with a senators’ letter that questioned its data access policy, TikTok has announced an initiative to rebuild trust with users and key stakeholders in what will be known as Project Texas. Read more at TechCrunch to see what TikTok CEO Shou Zi Chou has to say about Project Texas and what the initiative entails for the social media giant moving forward.