Pentagon cloud deal, Apple encrypts iCloud backups, CloudSEK hack
Pentagon awards cloud contract to four major providers
The Pentagon said Wednesday that Amazon, Google, Microsoft and Oracle received a cloud computing contract that could total as much as $9 billion through 2028. The approach is in line with the U.S. Defense Department’s strategy of relying on multiple providers of external technology infrastructure to improve resilience . Back in 2019, the Pentagon awarded a cloud contract to Microsoft, but after a series of challenges (including from AWS and Oracle), the agency expanded its requests for bids to include the four tech giants.
Apple finally adds encryption to iCloud backups
On Wednesday, Apple unveiled its “Advanced Data Protection” features, including end-to-end encryption for iCloud backups as well as iMessage Contact Key Verification, which allows users to verify who they are communicating with. Apple now also allows users to use a hardware security key such as a USB drive or NFC dongle for two-factor authentication to protect their Apple ID account. In addition to iCloud backups, Apple’s encryption now also covers contacts, notes, photos, voice memos and wallet passes. The only data still not covered by Advanced Data Protection is iCloud Mail, Contacts and Calendar due to compatibility reasons. Advanced Data Protection is currently in beta in the US and will be made available to all US users by the end of the year. The feature will begin rolling out globally in early 2023.
(Computerworld and WSJ)
CloudSEK claims it was hacked by another cybersecurity firm
India-based security firm CloudSEK says a threat actor gained access to its Confluence server using credentials stolen from one of its employees’ Jira accounts. While some internal information was exfiltrated from the Confluence wiki, CloudSEK says the attackers did not compromise the databases. A threat actor named ‘sedut’ has leaked some of CloudSEK’s internal data and is trying to sell what they claim is CloudSEK’s database, codebase and product documents on various hacking forums. CloudSEK’s CEO, Rahul Sasi, stated that he believes a “notorious cyber security company engaged in dark web surveillance” is responsible for the attack. CloudSEK refused to name the company they believe is behind the attack.
Microsoft’s November updates keep breaking things
According to Microsoft, ODBC connections to some apps may fail after installing the November 2022 Patch Tuesday Windows updates. Microsoft clarified that the issue is related to connections that use the SQL Server Driver (sqlsrv32.dll). Microsoft published instructions for customers to diagnose the problem and says it is still working on a solution. In mid-November, Microsoft resolved login errors for domain controllers, and the company continues to investigate ongoing domain controller freezes and restarts. These issues were also triggered by last month’s Patch Tuesday Windows Server updates.
Thanks to today’s episode sponsor, PlexTrac
Watchdog exposes UK agencies’ use of unsupported applications
The UK’s National Audit Office (NAO) has revealed that almost a third (30%) of applications used by the Department for Environment, Food and Rural Affairs (Defra) are not supported. The problem, often referred to as “tech debt”, means apps can no longer receive security or software updates. Defra provides critical services related to disease prevention, flood protection and air quality, and a major cyber incident can have serious consequences. The NAO concluded that although Defra is taking steps to address acute systemic risks and vulnerabilities, it lacks an adequate digital transformation plan. The government has given Defra £366m ($445m) to make IT investment over the next three years.
FFT and Ransomware account for the bulk of cyber insurance claims
According to figures from Corvus, fraudulent money transfers (FFTs) and ransomware caused the most financial damage in 2022, accounting for more than 50% of insurance claims. FFT accounted for an all-time high 36% of all injuries this year. There were fewer ransomware demands in H1 2022 compared to H2 2021, but the rate of data exfiltration increased by 25% in the same period. The proliferation of FFT highlights the increasing effectiveness of email compromise (BEC) fraud with FFT representing 70% of all BEC-related claims. The average FFT claim was significantly lower than ransomware due to the fact that such incidents typically do not include data recovery, system recovery, business interruption or breach response costs.
New Zerobot malware exploits a number of exploits
A new Go-based malware called “Zerobot” was first discovered in mid-November and exploits 21 vulnerabilities in a variety of devices, including F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. Zerobot scans networks and propagates itself to adjacent devices with the goal of adding compromised devices to a distributed denial-of-service (DDoS) botnet. Researchers indicate that since November, a new version of Zerobot has appeared with improved obfuscation and exploitation features that signal the malware is under active development.
San Francisco makes U-turn on ‘killer robots’ plan
We reported last week that San Francisco city lawmakers passed a proposal to allow police to kill suspects using robots equipped with lethal weapons. Protesters and several dissenting board members gathered on the steps of City Hall to urge the city to reverse its decision. On Tuesday, the board did just that, in a secondary vote that normally serves to stamp board decisions. The original proposal will now be refined or completely scrapped. These types of deadly robots are already in use in other parts of the United States.