Weekly Email Security News Recap #2 [April 2022]

Welcome back to our weekly news recaps. As we dive into the world of email security news this week, we focus on another infrastructure-level threat: A large data leak, and not surprisingly, a Microsoft-related news story.

Let’s jump in!

Malicious Cyber Tools Target North American Energy Concerns

On Wednesday, a joint alert transpired about malicious cyber tools created by unknown threat actors.

Many US government agencies warned of this discovery and confirmed hackers could gain full access to multiple industrial control systems.

A number of government agencies, including the FBI, National Security Agency, and the Energy and Homeland Security departments alerted the public. However, they didn’t offer details on the discovery or present any names.

According to some private organizations and their cybersecurity partners, there’s a piece of evidence that Russia is behind these tools. However, the news sources only link to prior attack interests and don’t show specific evidence.

The Cybersecurity and Infrastructure Security Agency (CISA) has yet to identify the threat actor.

 

New Malware Uses Windows Bugs to Hide Scheduled Tasks

One of the latest hacking news is, again, connected to Microsoft. The Hafnium hacking group was recently discovered to maintain persistence on compromised Windows systems by building and hiding scheduled tasks.

This threat group has previously targeted US defense companies and researchers in cyberespionage attacks.

The Microsoft Detection and Response Team announced that, as Microsoft continues to hunt the state-sponsored hacking group Hafnium, new activity leverages unpatched vulnerabilities as initial vectors.

This new activity is a malware called Tarrask. It creates ‘hidden’ scheduled tasks to remove the task attributes and conceal the scheduled tasks from traditional means of identification. The group used this method to access the hacked devices even after reboots.

This hacking tool uses a formerly unknown Windows bug to hide them from “schtasks /query” and Task Scheduler by removing the associated Security Descriptor registry value.

The only way to find these tasks in the Windows Registry is to look for scheduled tasks without a security descriptor.

 

13 Million Personally Identifiable Records of Fox News Exposed

Because of a Fox News data leak, company cloud storage configuration errors and about 13 million records of personally identifiable information were exposed.

According to a research team, a 58 GB trove was left unprotected with no username or password, which allowed anybody on the internet to access it. Leaked data types included celebrity, internal Fox admin, and technical information.

At least 65,000 names of celebrities, cast, guests, and their internal Fox ID contact numbers were exposed. Leaked internal and technical data from Fox included:

  • Storage information
  • Internal Fox emails
  • Usernames
  • Employee ID numbers
  • Hostnames
  • IP addresses
  • Device data, etc.

Email addresses of 701 individuals linked to reference ID numbers, security, and user roles revealing who could take action on the content.

Our news coverages usually range from nationwide events and attacks to company-related ones. As you can see, this week was no different. While we’re waiting for updates on the Fox data leak recovery steps, the war in Ukraine continues, putting more tension on the whole geopolitical situation in the world.

SPF Record Syntax: Structure and Components

SPF Record Syntax: Structure and Components

Understanding what SPF is and bringing it into use is important for technology-driven businesses...

Read More
What is a DKIM Record?

What is a DKIM Record?

What is a DKIM record? That's a question we see everywhere these days. Emails...

Read More
What is an SPF Record?

What is an SPF Record?

What if you realize a threat actor is misusing your domain name to send...

Read More