Polonium targets Israel, CISO-Board relations, UK supply chain
Polonium APT targets Israel with new custom backdoor dubbed PapaCreep
The APT Group has been using custom backdoors in attacks targeting Israeli entities since at least September 2021. Focusing only on Israeli targets, it has launched attacks against organizations in the fields of engineering, technology, information, law, communications, branding and marketing, media, insurance, and social services. Microsoft MSTIC researchers believe the attackers were coordinated with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on the overlap of casualties and TTPs. This circumstance is confirmed by the revelations that have emerged over the past two years that the Iranian government is using cybermercenaries for its operations. MSTIC observed POLONIUM active on or targeting multiple organizations that were previously compromised by Iran-linked MuddyWater APT (aka MERCURY).
RSA conference reveals CISO-Board relationship
The RSA Conference Executive Security Action Forum (ESAF) released a research report on Wednesday outlining how CISOs communicate risk, accountability, security maturity and metrics to boards of directors, and the challenges this poses. can sometimes result. Among the discoveries:
• CISOs and boards are generally well aware of the legal ramifications of a data breach and the need to document their efforts to properly manage cyber risk
• There is debate within the CISO community about the types of metrics used in board reporting, particularly whether stories or numbers are better.
• CISOs who have evaluated developing a capability to quantify cyber risk in dollars have found that resources and talent, including actuaries, would be prohibitive for most security teams.
• Security teams use internal risk scoring systems to prioritize their efforts, but do not find it helpful to share these numbers with the board.
We have a link to the full report in the show notes for this episode, at CISOSeries.com
UK government urges action to boost supply chain security
The UK government has warned organizations to take steps to strengthen their supply chain security. The National Cyber Security Center (NCSC) issued guidance in response to an increase in supply chain attacks such as the SolarWinds incident in 2020. Aimed at medium to large organizations, the document outlines practical steps to better assess cybersecurity in increasingly complex environments. supply chains. This includes a description of typical vendor relationships and the ways organizations are exposed to vulnerabilities and cyberattacks through the supply chain, as well as expected outcomes and key steps needed to assess vendor approaches to security .
Digital license plates legalized in California
California ended a pilot program and fully legalized digital license plates for private and commercial vehicles. E Ink digital license plates, known as Rplate, are manufactured by California-based company Reviver. It can operate in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.
Thanks to this week’s episode sponsor, Noname Security
Signal will drop SMS support on Android
Signal says it will begin phasing out support for SMS and MMS messages from its Android app to streamline the user experience and prioritize security and privacy. While this announcement may come as a surprise to those unaware that Signal can also be used to manage this type of text message, the Signal app for Android could be set as the default SMS/MMS app since its debut as TextSecure, an application that used the Axolotl Ratchet Protocol. The company said, in a blog posted yesterday, “We have now reached the point where SMS support no longer makes sense.”
Australian insurer Medibank hit by targeted cyberattack
Medibank, a private health insurer in Australia with 3.7 million customers, today confirmed it is the latest company to suffer a digital break-in. In a brief statement, the company confirmed that it has taken the international and ahm student policy systems offline, “and we are in the process of safely and methodically restarting the systems.” Medibank – which provides insurance coverage for accidents, hospitalizations, optical health, dental care, etc. — didn’t explain how the criminals gained access to his network, how long they were there, or anything else.
NHS Advanced provider confirms loss of patient data, but remains tight-lipped
Following a story we reported to you in August, the UK’s National Health Service (NHS) IT service provider, named Advanced, has confirmed that attackers stole data from its systems during the attack on August ransomware, but declines to say whether patient data was compromised. The attack destroyed a number of NHS services, including its Adastra patient management system, which helps non-emergency call handlers dispatch ambulances and helps doctors access patient records, and Carenotes, which is used by mental health trusts for patient information. In an update dated October 12, Advanced said the malware used in the attack was LockBit 3.0.
Meta’s VR headset collects personal data directly from your face
Meta’s latest VR headset, the Quest Pro, features an array of five inward-facing cameras that monitor a person’s face to track eye movements and facial expressions, allowing their avatar to mirror their expressions in a more realistic. Researcher Luke Stark, an assistant professor at Western University, Canada, said in an interview with Wired that he suspects the default “off” setting for face tracking won’t last long and that, “There It’s been clear for a few years that animated avatars act as leaders in privacy loss,” he said. The eye-tracking and facial expressions privacy notices the company released this week indicate that well raw images are removed, information derived from these images may be processed and stored on Meta servers.