#AxisOfEasy 264: Four-Fifths Of Firms Have Been Impacted By Critical Cloud Security Incidents


Weekly Axis Of Easy #264


Last Week’s Quote was  “Imperfection is beauty, madness is genius and it’s better to be absolutely ridiculous than absolutely boring.” -was by Marilyn Monroe.  We got many interesting guesses, but no winner! 

This Week’s Quote:  “It’s all to do with the training: you can do a lot if you’re properly trained.” … by ???

THE RULES:  No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize:
First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of September 19th, 2022, wherein our our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

Announcing native support for .ETH domains, this is Ethereum’s own TLD. 
We now offer the registrations on .ETH itself.

In this issue:

  • Four-fifths of firms have been impacted by critical cloud security incidents
  • American citizens who questioned the 2020 election were spied on by Facebook
  • Hackers exploit vulnerabilities in airplane Wi-Fi devices to target passengers
  • Cyberattack on Uber’s internal network prompts investigation
  • Millions are being trafficked into cyber slavery through ‘pig-butchering’ scams in Cambodia


Elsewhere online

  • An emerging threat to cross-sector cyberespionage
  • Phishing emails related to Ethereum Merge should be avoided
  • Text messaging: where do the boundaries lie?
  • There appears to be a winning streak for Ukraine’s cyberwar chief
  • Embracing DeFi exploits becomes a priority for law enforcement
 

Four-fifths of firms have been impacted by critical cloud security incidents

The State of Cloud Security Report from Snyk found that 80% of organizations suffered a “severe” cloud security incident over the past year and that 58% predict they will suffer another severe incident over the coming year.

Over the past year, respondents have reported breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits, and system downtime.

“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.

Respondents also pointed out challenges around cloud-native development, including the need for additional expertise, training, and education and a shift left on cloud security.

Read: https://www.infosecurity-magazine.com/news/fourfifths-firms-critical-cloud/

 

American citizens who questioned the 2020 election were spied on by Facebook

According to the Department of Justice sources, Facebook has been spying on American users and reporting anti-government or anti-authority sentiments to the FBI. The FBI has not obtained a subpoena for these private messages.

Facebook users who talked about staging protests were all conservative right-wing individuals. Facebook sent back gigabytes of data and photos as soon as a subpoena was requested.

Erica Sackin, a spokesperson at Facebook’s parent company META, said in a statement that the claims are false and that Facebook carefully examines all government requests for user information to make sure they are legal and narrowly tailored. On the other hand, the FBI did not confirm nor deny allegations about its joint operation with Facebook but acknowledged a “quick exchange of information” and an “ongoing dialogue.”

The FBI works with private sector entities, including social media providers, to share information about foreign malign influence actors. This includes threat information, actionable leads, or indicators. Facebook denied providing the FBI with private user data, but if true, it would indicate that someone with authority to access and search users’ private messages provided the data to the FBI.

Sources in DOJ are raising concerns about federal law enforcement being politicized and abusing innocent Americans’ constitutional rights. “The most frightening thing is the combined power of Big Tech colluding with the enforcement arm of the FBI,” says one source. “Google, Facebook and Twitter, these companies are globalist. They don’t have our national interest at heart.”

Read: https://nypost.com/2022/09/14/facebook-spied-on-private-messages-of-americans-who-questioned-2020-election/

 

Hackers exploit vulnerabilities in airplane Wi-Fi devices to target passengers

Researchers at Contec discovered two potentially serious vulnerabilities in wireless LAN devices. The vulnerability involves a hidden webpage that can execute Linux commands with root privileges on the device.

The researchers found a backdoor account with a weak, hardcoded password that could be used by an attacker to gain control of the device.

Contec’s Flexlan wireless LAN devices provide WiFi access points for airplane passengers to access the internet and use in-flight services. Researchers have found several vulnerabilities that could be exploited by malicious actors to collect data or deliver malware to passengers’ devices.

The US Cybersecurity and Infrastructure Security Agency have not released an advisory for the Flexlan issues, but Japan’s JPCERT/CC did release an advisory this month.

Read:https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airplane-wi-fi-devices

 

Cyberattack on Uber’s internal network prompts investigation

Uber confirmed a cybersecurity incident on Thursday and took several of its internal communications and engineering systems offline while investigating it. The hacker behind the breach claimed to be 18 years old and said he compromised Uber’s systems using social engineering. He also said that Uber drivers should receive higher pay.

The attacker gained access to Uber’s production systems, Slack management interface and endpoint detection and response portal, and Uber’s cloud services, including Amazon Web Services (AWS) and Google Cloud (GCP), where Uber stores its source code and customer data.

According to Chris Evans, HackerOne’s chief hacking officer and CISO, the company “is in close contact with Uber’s security team, has locked down their data, and will continue to support their investigation.”

Read: https://techcrunch.com/2022/09/16/uber-internal-network-hack/

 

Millions are being trafficked into cyber slavery through ‘pig-butchering’ scams in Cambodia

Thousands of people across Asia have been trafficked to Cambodia and forced to carry out online scams in a shadowy industry estimated to be worth millions, according to investigations by local media outlet VOD and international news organizations.

Cambodia has conventionally been seen as a “source country” for human trafficking. Still, the COVID-19 pandemic has seen Cambodia emerge as a destination country for human trafficking, including victims from typically wealthier nations.

What is Cambodia doing about it? Cambodian Deputy Prime Minister Sar Kheng acknowledged that foreign nationals had been trafficked into the country and subjected to abuse and that authorities had rescued 865 victims.

Chou Bun Eng, a permanent vice-chair of the National Committee for Counter-Trafficking, told the ABC that Cambodia was also a victim of the crime.

Jacob Sims, country director for International Justice Mission Cambodia, said close coordination between law enforcement and victim support was needed to effectively respond to the magnitude of this crisis. He said action from leading social media platforms and governments was desperately needed.

Read:https://www.abc.net.au/news/2022-09-16/cambodia-human-trafficking-online-scam-pig-butchering/101407862

 

Elsewhere Online


An emerging threat to cross-sector cyberespionage
Read: https://cyware.com/news/worok-a-new-cross-sector-cyberespionage-threat-9f93a7b7/


Phishing emails related to Ethereum Merge should be avoided
Read: https://easydns.com/blog/2022/09/16/beware-of-ethereum-merge-related-phishing-emails/


Text messaging: where do the boundaries lie?
Read: https://www.nytimes.com/2022/09/14/technology/personaltech/texting-ios-android.html


There appears to be a winning streak for Ukraine’s cyberwar chief
Read: https://www.wired.com/story/yurii-shchyhol-urkaine-cyberwar-russia/


Embracing DeFi exploits becomes a priority for law enforcement
Read: https://fortune.com/2022/09/12/law-enforcement-defi-exploits/

 
 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

 

 

 

 

 

2 thoughts on “#AxisOfEasy 264: Four-Fifths Of Firms Have Been Impacted By Critical Cloud Security Incidents

  1. re-
    Last Week’s Quote was “Imperfection is beauty, madness is genius and it’s better to be absolutely ridiculous than absolutely boring.” -was by Marilyn Monroe. We got many interesting guesses, but no winner!

    No winner? I bet a lot of them were!
    Marilyn did NOT say: “Imperfection is beauty, madness is genius and it’s better to be absolutely ridiculous than absolutely boring.”

    She DID say: “I am good, but not an angel. I do sin, but I am not the devil. I am just a small girl in a big world trying to find someone to love.”
    See – https://thoughtcatalog.com/kara-nesvig/2014/08/most-of-those-marilyn-monroe-quotes-are-fake-heres-what-she-did-and-didnt-say/

    Well, as someone once said- “Madness is genius…etc” I’d be incredibly bored without it.
    Umm.. Say, Doc- What happened to that elective lobotomy that I asked you to schedule for me?

Leave a Reply

Your email address will not be published. Required fields are marked *