Friday Five 1/27
A ransomware giant was taken down this past week, but vulnerabilities, poor cybersecurity implementation, and new hacking methods remain. Catch up on all of the latest stories in this week’s Friday Five!
1. GOVERNMENT WATCHDOG: FEDS FAIL TO IMPLEMENT VAST MAJORITY OF CYBERSECURITY RECOMMENDATIONS BY CHRISTIAN VASQUEZ
The Government Accountability Office put pressure on the Biden administration in its recent report, saying that a comprehensive national cybersecurity strategy is "urgently" needed to combat the slow pace at which government agencies put cybersecurity precautions and best practices in place. “[The Government Accountability Office] stressed that moving forward, the incoming administration needed to either update the existing strategy and plan or develop a new comprehensive strategy that addresses those characteristics,” according to the report. Find the full report and read more about what the GAO hopes will be implemented in the full story from CyberScoop.
2. US ANNOUNCES IT SEIZED HIVE RANSOMWARE GANG’S LEAK SITES AND DECRYPTION KEYS BY CARLY PAGE
Hive Ransomware saw its dark web portal seized by law enforcement agencies in the United States and Europe this past week as part of a coordinated law enforcement action carried out by the U.S. Department of Justice, the FBI, Secret Service, and several European government agencies. The FBI confirmed in its latest press release on the matter that it had access to Hive’s computer network since July 2022, allowing federal agents to capture and offer Hive’s decryption keys to victims worldwide.
3. HACKERS NOW USE MICROSOFT ONENOTE ATTACHMENTS TO SPREAD MALWARE BY LAWRENCE ABRAMS
After Microsoft disabled macros by default this past July to combat malicious Word and Excel files, threat actors are now turning to OneNote attachments in phishing emails to install malware, steal passwords, or compromise cryptocurrency wallets. Common examples of these malicious OneNote files found by BleepingComputer included fake DHL shipping notifications, invoices, ACH remittance forms, mechanical drawings, and shipping documents. While launching OneNote attachments warns users that doing so can harm their computer and data, such messages can still easily be ignored. Learn why hackers have turned to these OneNote attachments and how they work in the full story from BleepingComputer.
4. DATA BREACH NOTICES BECOME MORE OPAQUE, LEAVING CONSUMERS IN THE DARK BY TONYA RILEY
According to a recent Identity Theft Resource Center report, roughly 66% of data breach disclosures did not include specific details for consumers such as a root cause. This is a dramatic drop compared to statistics in 2020 showing that 100% of reported breaches tracked by the center included details about attack vectors. According to Eva Velasquez, president and chief executive order of the Identity Theft Resource Center, "that’s hundreds of millions of people who are left in the dark about what’s happened to them, and more importantly, what they can actually do about it." In the full story, read more about what may be causing this shortfall and why organizations may not fear the consequences of not reporting.
5. GRAND THEFT AUTO 5 EXPLOIT ALLOWS CHEATERS TO TAMPER WITH YOUR DATA BY CHRISTOPHER BOYD
A Grand Theft Auto V exploit said to allow cheaters to tamper with your account by corrupting your game data, altering your statistics, and even changing how much money you have in-game was confirmed to be real in a recent statement from Rockstar Games. While Rockstar aims to resolve the issue in an upcoming Title Update, they encourage affected players to contact customer support in the meantime. Read more about a temporary fix that could spare affected individuals hours of frustration and a timeline for the potential fix.