Press "Enter" to skip to content

An insider job at Ubiquiti, plus new creative attacks

In vulnerability madness, here’s two good ones.  Security researchers have found hardware and software vulnerabilities in HP multi-function printers that could be used to steal confidential information and remotely pivot through network infrastructure.  F-Secure estimates that around 150 HP multi-function printer models are vulnerable to the exploits found by the security firm.

Finland’s National Cyber Security Center is warning with a severe alert of a campaign targeting Android users that push text messages to lure victims to a voicemail, which instead pushes the Flubot banking malware.  

CISA has named the new cyber advisory panel that will make recommendations on subjects ranging from battling misinformation to gaining aid from the hacker community on national cyber defense.  The 23 member panel range from social media, cybersecurity companies, tech firms, and infrastructure. 

In news you can use, Presidio and CrowdStrike are partnering with Amazon Web Services for a new Ransomware Mitigation Kit.      The kit offers enterprises visibility and breach protection across a range of digital assets, a beefed-up cloud security foundation, detection and attack prevention capabilities, as well as response and attack mitigation tools. 

Finally, quoting the Verge, An indictment from the Department of Justice suggests that the Ubiquiti hack reported in January, and subsequent whistleblower claims of a cover-up, were the work of someone who was then an employee of the company. The DOJ alleges that Nickolas Sharp, 36, was arrested on Wednesday on accusations that he used his employee credentials to download confidential data and sent anonymous demands to the company he worked for pretending to be a hacker in an attempt to get a ransom of 50 Bitcoin. 

Why do we care?

The creativity of the attackers never ceased to amaze me.    Faking voicemails is clever.    Really reinforces how attackers only have to be right once, and defenders can never make a mistake in a “protect all the things” approach.   

I’ll comment that the list of CISA advisors is distinguished, but generally full of large company focused leaders.   Not a lot of SMB focus there – that’s unfortunate, considering how much small companies bear the brunt of the problem.

Zero trust remains my guiding idea – it addresses more of the vulnerabilities as well as that insider threat.