Cybersecurity Decrypted #29: April 10 – 17

📰 Top Stories

• • The US Government has extended funding for non-profit research firm MITRE to continue operating its Common Vulnerabilities and Exposures (CVEs) program. The extension is confirmed to be for 11 months. 🔗

• • The China-backed Salt Typhoon attack on US carrier networks may have been caused by a legal “back door” implemented to support law enforcement agencies surveilling communications. 🔗

• • Bots now account for more traffic on the web than humans, according to new research from Thales. Bot traffic accounted for 51% of total web activity last year – an increase driven by AI and LLMs. 🔗

• • What’s the biggest target for ransomware? Remote access tools, according to a new report. Remote access tools were the initial entry point of 8 in every 10 ransomware attacks in 2024. VPNs are the second most likely target. 🔗
    

• • The aviation industry is at high risk of cyberattack due to vulnerable software and aging technologies, according to a new report released by the Foundation for Defense of Democracies. 🔗

📡 Threat Watch

• Browser extensions could be a serious enterprise security risk, according to a new report from LayerX. Over 50% of browser extensions can access critical data like passwords, cookies, and browsing information. 🔗
• Tycoon2FA, a leading phishing-as-a-service platform is now more dangerous. The platform has added new features to avoid fingerprinting by domain reputation systems. There has been a huge increase in SVG-based phishing linked to the Tycoon2FA platform. 🔗
• Cybercriminals could target ‘AI-hallucinated’ names in code dependencies that resemble popular libraries to spread malware, according to a new report. There are no confirmed reports yet – but if you use AI code, make sure to watch for this risk. 🔗
  
• AI has become a tool of the trade for scammers. This tax season, hackers used AI-produced audio to launch voice-phishing campaigns impersonating tax preparers and the IRS to try and steal funds and trick people into sending financial documents. 🔗
• An AI-powered bot platform named ‘AkiraBot’ has spammed over 80,000 websites since September 2024, according to SentinelOne threat researchers. The bot uses OpenAI to spam contact forms and chat widgets to promote SEO services. 🔗

🚨 Industry News

• SSL/TLS certificates will have shorter lifespans over the next few years, with a final lifespan of 47 days starting in 2029. The move is designed to minimize risks from outdated certificate data and reduce exposure for compromised credentials. 🔗
• Google has made a big move to simplify its suite of security tools – merging all its major products into a single platform: Google Unified Security. 🔗
• Microsoft is launching a new Defender for Endpoint feature that will block inbound and outbound traffic from undiscovered endpoints. This will work by containing the IP addresses of devices that haven’t been onboarded. 🔗
• Github has announced that its new ‘security campaigns’ feature is now available to all GitHub Advanced Security and GitHub Code Security customers. The new feature makes it easier for developers to fix vulnerabilities in applications. 🔗
• Virtue AI has announced a $30 million USD seed and series A funding round for a new platform designed to help organizations deploy generative AI securely and compliantly. 🔗
• Reminder: Microsoft Exchange 2016 and 2019 reach end of support in just 6-months. 🔗

🏛️ Cybersecurity Policy

• President Trump has ordered an investigation into former CISA Director Chris Krebs. Krebs is a lifelong Republican and was appointed director of CISA when Trump founded the agency in 2018. He was later fired by Trump for stating there had been no technological issues in the 2020 election. 🔗
• Krebs has now resigned from his role at SentinelOne, stating: “For those who know me, you know I don’t shy away from tough fights. But I also know this is one I need to take on fully – outside of SentinelOne.” 🔗
• China has accused the US National Security Agency of carrying out cyber-attacks targeting the Asian Winter Games in February. 🔗
• The Pentagon has announced it will terminate several IT service contracts valued at $5.1 billion USD, including contracts at Accenture, Booz Allen Hamilton, and Deloitte. This covers consulting and non-essential services, says Defense Secretary Pete Hegseth. 🔗
• The House Oversight Committee will investigate security and privacy risks caused by the bankruptcy of genetic testing company 23andMe. 🔗

🌎 Global News

• EU Diplomats have been targeted with phishing emails delivering malware via fake invites to wine tasting events. The attack is linked to a Russian threat actor group – you can’t say they don’t know their audience. 🔗
• IKEA’s operating company in Eastern Europe had losses of nearly $23 million USD after a ransomware attack which hit before Black Friday last year. 🔗
• Notorious online forum 4Chan has been offline after a major hack. Emails of admins, moderators, and janitors have been allegedly leaked, as well as screenshots of admin panels and maintenance tools. 🔗

🔍 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

• Is XDR Replacing SIEM? The Future of Security Operations 
• Automating Compliance: A Deep Dive into GRC Solutions That Save Time & Reduce Risk 
• Application Security Testing: A Deep Dive into Automating AST for Maximum Protection 

That’s all for this week! 👋

How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.

Expert Insights’ Cybersecurity Resources

• Top RMM Solutions For MSPs
• Top Mobile Device Management (MDM) Solutions
• Top Email Security Gateways
• Top Email Security Solutions For Office 365
• Top Identity And Access Management Solutions
• Top Phishing Protection Solutions
• Top Phishing Simulation And Testing Solutions
• Top Cyber Threat Intelligence Solutions