Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.
Before we get started on this week’s CIW, I’d like to highlight the great work that our offensive security team has been doing around tool development. Check out all of our open source tooling here, we’ve got MFA bypass tools galore, as well as phishing toolkits and more. If you have any questions about any of our published tools and how to use them, feel free to reach out and let us know.
Away we go!
1. L3Harris Technologies in Talks to Buy NSO Groups Hacking Tools
The NSO’s Group Pegasus hacking software is apparently in hot demand, from one of the largest US defense contractors nonetheless, L3Harris Technologies. This would theoretically give a U.S. based company control over one of the world’s most potent hacking technologies. We’ve written about Pegasus countless times in our CIW column. It has become infamous for its ability to hack into a target’s mobile phone with ease.
The Pegasus software has been so controversial that it has become a target itself for other reasons, mainly drawing attention from human rights groups as well as the US government. Earlier this year, the US Commerce Department put the NSO Group, the maker of the Pegasus tool, on its export blacklist, effectively banning any US companies from using the hacking toolset.
The Washington Post reported last week that the Biden administration is concerned about the potential deal. Per the WaPo article, neither L3Harris or NSO chose to comment on the matter specifically. Many are worried about the privacy related consequences of this type of tool after such a transaction. L3Harris is a public company, obviously concerned about their bottom line, they aren’t going to let a tool like this sit on the shelf. There is concern that the tool could be used in public policing efforts as well as the potential for private misuse. This is a potential transaction worth tracking.
2. Actively Exploited Follina Vulnerability Finally Addressed in Latest Windows CU
As we have been reporting on for weeks, a severe zero-day has been actively exploited in the wild against companies across the globe. This vulnerability, dubbed ‘Follina’ by the security community, has been the ire of many for weeks. Companies have been installing workarounds or tweaking other defenses to account for these open gaps.
The security hole is related to the Microsoft Support Diagnostic Tool (MSDT), and it has been impacting nearly every modern version of Windows and researchers have confirmed that exploitation works against most versions of Office.
The update, released this past Tuesday (Patch Tuesday), is part of the overall Cumulative Update as it is called in Microsoft speak. Microsoft noted in its advisory on June 14th, “The update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.”
3. Hacked Email Account Potentially Led to Breach at Kaiser Permanente
Earlier this month Kaiser Permanente, the largest non-profit health plan provider in the United States, released a breach notification stating that there was protected health information potentially exposed that included first and last name, medical record number, dates of service, and laboratory test result information.
The notice from Kaiser Permanente suggested that the threat actor had access to an employee’s emails and that the employee would received additional cybersecurity training. Per a breach notification on Health and Human Services Office of Civil Rights website, some 69,589 records were involved in the breach.
Coming from personal experience, the issues of sensitive unstructured data and structured data floating around email and other places it shouldn’t be is very real. We’ve been testing some email security products that protect sensitive data within emails at rest, adding an extra layer of authentication to be able to access the data. Having these types of controls in place can ensure organizations don’t wind up on the breach notification list. Let us know if you’d like to learn more.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about