Infosec In Brief United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.
"Today, the country faces a persistent and constant threat from foreign adversaries, particularly the CCP [Chinese Communist Party]” wrote in a press release. "These bad actors are always exploring ways to breach our networks, devices, and technology ecosystem."
The Council has three goals:
Reduce the American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries;
Mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries;
Ensure the U.S. wins the strategic competition with China over critical technologies, such as 5G and 6G, AI, satellites and space, quantum computing, robotics and autonomous systems, and the Internet of Things.
Carr didn’t say how or if the new Council will work with the Cybersecurity and Infrastructure Security Agency (CISA), whose Cyber Safety Review Board was already investigating Chinese cyber threats, including operations linked to the Salt Typhoon attacks on US telecoms infrastructure, before being disbanded by the incoming Trump administration.
Critical vulnerabilities of the week: Ivanti under attack
Last week’s Patch Tuesday saw many critical flaws fixed.
We could only find one other flaw of the same caliber last week, the CVSS 9.9-rated CVE-2024-57968 vulnerability in Advantive’s order and warehouse management VeraCore that allows remote authenticated users to upload files to directories that other users can see from the web.
It’s already being actively exploited, so users of versions prior to 2024.4.2.1 have a job to do.
Also under active exploitation are three of the four CVEs we recently reported afflicting Ivanti EPM.
CISA last week warned that CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 - all rated CVSS 9.8 – have become the subject of proof-of-concept exploits.
Garantex administrator found, arrested, in Indian vacation destination
That didn't take long: Just a week after US authorities announced the takedown of Russian crypto exchange and cybercrime hub Garantex, one of its two administrators indicted by US officials have been arrested.
Found in Thiruvananthapuram, a seaside city in southern India, Aleksej Besciokov was arrested on March 12, India's Central Bureau of Investigation said in a statement posted to X. The Bureau alleged that Besciokov planned to flee the country, though why the Lithuanian citizen chose to leave the relative safe haven of Russia, where he reportedly resided, wasn't indicated.
As we reported last week, Garantex was used by a number of notorious ransomware gangs, including Black Basta, Play, and Conti, to launder millions of dollars in stolen cryptocurrencies since coming online in 2019.
Besciokov and his codefendant Aleksandr Mira Serda, a Russian national based in the United Arab Emirates, each face up to 20 years in a US prison if convicted of the charges brought by American authorities. Serda remains at large.
More North Korean spyware apps found on app stores
A new batch of spyware apps believed to have been built by North Korean cyber snoops have been discovered hiding on Google Play and third-party app stores. Researchers say they are targeting both Korean and English speakers.
Lookout Threat Lab reported the discovery of several apps carrying novel Android surveillance malware dubbed KoSpy and has attributed it to North Korean crooks known as ScarCruft crew "with medium confidence."
While mostly hiding in generic apps with titles like "File Manager" and "Software Update Utility," one was masquerading as "Kakao Security" in a bid to imitate the South Korean tech conglomerate of the same name.
KoSpy has numerous data collection capabilities, including the ability to collect and transmit SMS messages, harvest Wi-Fi network details, access location info, and record keystrokes.
The apps have all been removed from the app stores.
Australian investment firm sued for alleged cybersecurity failures
FIIG Securities Limited is headed to a court Down Under over allegations that years of sloppy security enabled a hacker to steal and sell thousands of clients' data.
Australia's Securities and Investments Commission (ASIC) accused Sydney-based FIIG of neglecting legally required cybersecurity practices from March 2019 until June 2023. During that period, a nearly month-long intrusion allegedly resulted in the theft of 385 GB of data, which later was sold on the dark web.
FIIG was reportedly unaware it had been breached until officials with the Australian Signals Directorate's Cyber Security Centre alerted them of suspicious activity in June 2023. Even then, it took the company nearly a week to respond, ASIC alleged.
According to the Commission, FIIG failed to have an appropriately configured and monitored firewall set up, hadn't applied software patches and OS security updates, didn't provide security awareness training to staff, and lacked "human, technological and financial resources" dedicated to cybersecurity.
"This matter should serve as a wake-up call to all companies on the dangers of neglecting your cybersecurity systems," said ASIC chair Joe Longo. ®