Cybersecurity News Roundup March 2023

SSL Support Team

1 year ago

Twitter Removes Source Code Leaked on GitHub By Suspected Former Employee

Image above by Markus Spiske from Pixabay.

Twitter has removed a source code used for its systems that is suspected to have been released on GitHub by a former employee. Twitter also submitted a subpoena request in California’s court system hoping that it would compel GitHub to release user data that would point to the culprit as well as other people who could have downloaded the code.

Last March 31, GitHub responded to Twitter’s Digital Millennium Copyright Act (DMCA) infringement notice because the leak incident divulged Twitter’s proprietary source code which could expose vulnerabilities in its platform and tools. Competitors of Twitter could also use the leaked code to gain business advantage.

Based on a New York Times report, the date when the code was leaked is unsure, but “it appeared to have been public for at least several months.”

SSL.com’s Takeaway: Companies can better regulate access to their critical systems if employees that deal with sensitive information (like proprietary source codes) are required to login with Client Authentication Certificates. These are digital certificates that can be uniquely issued to current employees and will enable them to access company platforms and applications. Once an employee leaves the company, the digital certificate assigned to that person can be revoked by the company, ensuring that unauthorized access and incidents like data breach will not occur.

CLICK THIS BUTTON FOR MORE INFORMATION ON SSL.COM CLIENT AUTHENTICATION CERTIFICATES

Go to top

Spyware-Enabling Android And iOS Zero-Day Vulnerabilities Continue To Be Discovered By Google

Image above by Amy from Pixabay.

The Threat Analysis Group (TAG) from Google continues to encounter multiple exploit paths using Android and iOS zero-day vulnerabilities that enable spyware and malicious apps to be downloaded on the devices of targeted users.

The malicious actors attacked Android and Apple users with distinct exploit chains as early as November of last year.

Their method involved sending SMS messages that take the victims to pages activating exploits that abuse an iOS WebKit remote code execution zero-day and a sandbox escape bug. Afterwards, they then redirect the victims to real shipment websites using bit.ly shortened links.

They also place a payload on affected iOS devices and this enables them to determine the location of the victims and install .ipa files.

SSL.com’s Takeaway: A good way to gain protection from malware is to regularly update your device, install patches, and not veer away from approved mobile system configurations. If possible, contact the support team of your mobile phone provider to make sure that your device is fully-updated and correctly-configured.
Malicious software can’t get access to your files without access to your system, so never download, open, or install files from email or online without knowing their source.

You should also be mindful when receiving SMS messages, especially those that contain shortened links which are often used by cybercriminals as one method to spread malware.

Lastly, never click links from unidentified contacts. Modern mobile devices display the actual names of legitimate organizations in your inbox while phishers and scammers are usually labeled as unknown numbers.

Go to top

Malware Targeting Apple’s macOS Steals Loads Of Data From Apple Users

Image above by Gerd Altmann from Pixabay.

Apple’s macOS users have discovered their documents, passwords, and other information to have been obtained by data-stealing malware. Nicknamed “MacStealer,” the malware is purported to have the ability to steal cryptocurrency wallets and browser-stored data including credit card details and passwords to online accounts.

MacStealer is apparently being priced for only $100 per build on the dark web. Nodes for infection by this malware include websites for pirated materials, bogus apps in app stores, and email attachments.

Among Apple’s operating systems targeted by this malware include macOS Catalina and versions that employ Intel M1 and M2 CPUs.

In order to enable this malware, the threat actors lure their victims to download .DMG files that serve as containers for macOS applications. Once downloaded, a fake password prompt shows up to steal the user’s real password. MacStealer proceeds to store the stolen password in the compromised system’s temporary folder (TMP) where data that is subsequently stolen will also be stored.
SSL.com’s Takeaway: Code signing certificates are one way you can be sure that a downloaded software comes from the actual publisher and is free of malware. Code signing certs are also often required for compliance with OS platform policies. As a software customer, you should insist on installing signed software and never click through security errors and warnings to install software without a valid digital signature.
For software developers, they should digitally sign their software programs, apps, and drivers, with our trusted and proven code signing certificates to prevent tampering or compromise of applications by unauthorized parties. Check out SSL.com’s Extended Validation Code Signing Certificates.

In addition, developers can add more security to their downloadable software files by enrolling their code signing certificate to SSL.com’s eSigner and enabling Malware Scan. eSigner is our cloud-based code signing service that enables software developers to conveniently sign and timestamp their code on the cloud, with no need for USB tokens, HSMs, or expensive hardware. Code that is signed through eSigner can also be examined through our Malware Scan. If malware is detected in the code, the signature will not be applied and the user is informed so that preventive action can be taken.

CLICK THIS BUTTON TO LEARN MORE ON SSL.COM EV CODE SIGNING CERTIFICATES
Go to top

GoAnywhere Data Breach Leads To Ransom Demanded From Crown Resorts Gaming Company

Image above by Tumisu from Pixabay.

Crown Resorts, the biggest casino and entertainment company in Australia, has affirmed that it was the victim of a data breach when its GoAnywhere file-sharing server was attacked using a zero-day vulnerability. Crown Resorts operates in Sydney, Melbourne, Perth, and London and has a yearly revenue of more than $8 billion.

The Russia-connected Clop ransomware gang is identified as the one responsible for the breach. This gang is known to have moved their operations last year from encrypting files to data extortion attacks.

Crown is now among a list of organizations that have been affected by the GoAnywhere vulnerabilities. Other organizations affected include Procter & Gamble, Toronto city government, Hatch Bank, and Hitachi Energy.

Crown maintains that there was no sensitive customer data stolen in the breach and its operations have not been affected.

Fortra, the maker of the GoAnywhere file transfer software, is currently battling a class action lawsuit in the United States where it is charged with a failure to maintain sufficient cybersecurity measures to protect sensitive data stored in its system.
SSL.com’s Takeaway: SSL.com Client Authentication Certificates provide an extra layer of security that passwords or SMS-based two factor authentication alone cannot give. These can be very beneficial to multinational companies that use software services to transfer files globally. Client Authentication Certificates restrict access to sensitive sites and applications and therefore shield online company accounts from malicious actors by ensuring that only the verified individual and holder of the digital certificate can access them.

CLICK THIS BUTTON FOR MORE INFORMATION ON SSL.COM CLIENT AUTHENTICATION CERTIFICATES
Go to top

SSL.com Announcements

1) For those looking for easy enrollment of a high volume of email signing and encryption S/MIME certificates for company staff members, Enterprise PKI (EPKI) Agreement is now available for Individual Validation + Organization Validation (IV+OV) S/MIME certificate validation. An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence of employees or contractors within a company or organization, enabling a single validation process for an entire organization. Click this link to learn more about the EPKI Agreement Setup.

2) SSL.com’s Document Signing Watch Folder service is now available for our customers. This is a digital signing service for Windows and Linux that can be used to sign bulk volumes of electronic documents (including PDFs) by simply placing them into a local folder. Click here to learn more about the Document Signing Watch Folder service.
< p align=”justify”>3) With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service. Additional information on this change can be found on the CA/Browser Forum website. Learn more about the SSL.com eSigner cloud code signing solution: https://www.ssl.com/esigner/.