NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition."
BlackLotus is an advanced Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Chinese Attackers Hack American Businesses Digital Locks To Steal Sensitive Data
[[{“value”:”
United States Senator Ron Wyden warned and notified the Director of the National Counterintelligence and Security Center (NCSC), Michael C. Casey, that Chinese hackers are actively backdooring digital locks to steal sensitive data.
As a result, Hackers target and backdoor the digital locks to gain unauthorized access to sensitive information and resources.
Backdooring allows hackers to maintain access even after the initial breach, facilitating the threat actors’ ability to keep ongoing unauthorized activities active.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Technical Analysis
Ryden urges NCSC to warn businesses about substandard commercial safe lock risks. Many have undisclosed manufacturer backdoor reset codes that are known only to makers.
According to the report, Lock companies receive demands from agencies for these codes granting safe access. Foreign threat actors could exploit the backdoors to steal trade secrets and IP stored in business safes.
The Department of Defense (DoD) emailed on November 8, 2023, that manufacturer reset codes are prohibited in approved government locks due to a threat.
On December 15, 2023, the white paper showed that standards omit backdoor mentions to hide their existence. The public was kept in the dark after the government secured itself against vulnerability.
Chinese firm SECURAM dominates the consumer safe lock market with low-cost models. Website docs confirm products have undisclosed reset codes.
As a result, SECURAM must assist with the surveillance demands, potentially compromising business safety.
The U.S. rival S&G has confirmed that many products have reset codes that must be disclosed to the government and litigants.
The policy on code turnover is also provided, as the codes are enticing targets for hacking and espionage.
Only S&G (Sargent and Greenleaf) locks without backdoors are approved for U.S. government-classified data storage.
NCSC should warn businesses about foreign spy threats to intellectual property. Firms can’t defend trade secrets if unaware of safe lock vulnerabilities.
Ron Wyden urges NCSC to update the public guidance recommending business safes meet strict government security standards.
Besides this, transparent advisory is needed to protect America’s economic edge from espionage exploitation.
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. […] Read More
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems.
"As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday.
The Romanian firm’s Read More
The Hacker News | #1 Trusted Cybersecurity News Site