Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS), managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
1. Automotive Security Recognition: Green Hills Software, a specialist in embedded safety and security, has received compliance certification against the ISO/SAE 21434 automotive cybersecurity standard. As a leading supplier of real-time operating systems, Green Hills is the first to receive the certificate, issued by the globally-recognized certification company exida. The certificate reaffirms Green Hills Software's leadership in supporting global vehicle manufacturers' (OEM) efforts to meet the requirements of the UNECE WP.29 R155 regulation and incorporate security measures across their development, production, and post-production processes, the company said.
2. Russians Hack Ukranian Telecom: Russian hackers were inside Ukrainian telecommunications Kyivstar's system from at least May 2023 in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief said. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from December 12. (Source: Reuters)
3. Malware Alert: Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family and is being attributed to North Korean threat actors. "SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the 9command-and-control) server," security researcher Greg Lesnewich said. The malware shares similarities with KANDYKORN (aka SockRacket), an advanced implant that functions as a remote access trojan capable of taking control of a compromised host. (Source: The Hacker News)
4. New RAT Variant Identified: A new variant of remote access (RAT) trojan called Bandook has been observed in phishing attacks with an aim to infiltrate Windows machines. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. "After the victim extracts the malware with the password in the PDF file, the malware injects its payload into msinfo32.exe," security researcher Pei Han Liao said. (Source: The Hacker News)
5. Ransomware Alert: A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA. While the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package is real. Whoever bought the package could use the malware to spin up a new ransomware-as-a-service (RaaS) operation or write a new locker based on the Zeppelin family. (Source: The Hacker News)
6. Voice Cloning Challenge Offered: The U.S. Federal Trade Commission (FTC) is accepting submissions for its Voice Cloning Challenge. The public competition offers a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. The challenge is an effort to find ways to counter the misuse of voice cloning technology as it becomes more sophisticated due to the improvement of text-to-speech with the help of artificial intelligence. Submissions can be accepted here through January 12. (Source: Bleeping Computer)
7. Mandiant X Account Hacked: The X (Twitter) account of cybersecurity firm and Google subsidiary Mandiant was hijacked this week to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson said. After getting control, the attacker renamed it to @phantomsolw and promoted a fake website impersonating the Phantom crypto wallet and promising to distribute free $PHNTM tokens as part of an airdrop. (Source: Bleeping Computer)