The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 1/21

by Chris Brook on Friday January 21, 2022

Contact Us
Free Demo

News on the Ukrainian wiper attack, MIcrosoft disables macros in Excel by default, and more - catch up on the infosec news of the week with the Friday Five!

1. How a Russian cyberwar in Ukraine could ripple out globally by Patrick Howell O'Neill

While tensions at the Ukraine-Russia border continue to percolate, MIT Technology Review looks at how the dominos around the conflict could fall online. It seems much more realistic for any actions, if they're taken, to happen online first. The story follows in the footsteps of a warning issued by the US Cybersecurity and Infrastructure Security Agency (CISA) last week, urging those in charge of critical infrastructure to familiarize themselves with attack vectors commonly used by Russian state-sponsored hackers and some of their favorite vulnerabilities to exploit. The story touches on talking points by two men well-versed in the cyber capabilities of both nations, Mandiant's John Hultquist, who while at iSight Partners, publicly outed Russian 'Sandworm' hackers for the 2015 power outage in Ukraine and Dmitri Alperovitch, formerly of Crowdstrike, who in 2016 pulled back the covers on Russia's hacking of the Democratic National Committee.

Read more

2. Safari and iOS users: Your browsing activity is being leaked in real time by Dan Goodin

Over at Ars Technica, Dan Goodin digs into research around an as yet unfixed vulnerability in Safari 15 on iOS and iPadOS 15 that could be used to leak user identities and browsing in real time. According to the story, the problem stems from the way the Webkit browser engine in Safari implements IndexedDB. Those interested in learning about the vulnerability further should head to a demo site pulled together by Martin Bajanik, a software engineer at FingerprintJS who discovered the issue.

Read more

3. Microsoft disables Excel 4.0 macros by default to block malware by Sergiu Gatlan

Macros have been a sore spot for Microsoft for years. If left enabled, malware can take advantage of Visual Basic for Applications programming in Office to spread and infect machines. Microsoft announced this week that in Excel 4.0 (XLM), macros will be disabled by default, something that should help deter security threats. “In July of 2021, we released a new Excel Trust Center setting option to restrict the usage of Excel 4.0 (XLM) macros,” Microsoft’s Catherine Pidgeon wrote this week, “As planned, we have now made this setting the default when opening Excel 4.0 (XLM) macros. This will help our customers protect themselves against related security threats.”

Read more

4. Hackers Were in Ukraine Systems Months Before Deploying Wiper by Kim Zetter

Kim Zetter has a good piece on her Substack this week, citing research from Cisco's Talos Group, that attackers who breached Ukraine's systems last week were actually in there for months, as early as last summer. It wasn't until last week, when Microsoft uncovered a wiper, that the general public discovered the hack. According to Zetter, Cisco is still parsing through information related to the hack but per the company's Matthew Olney, the wiper's components were compiled just a few days before it was discovered, meaning it wasn't put there until just recently. There's some good context here about those Ukrainian website defacements we mentioned in this space last week, too, for those curious.

Read more

5. 'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital by Sean Lyngaas

I find it hard not to find these stories fascinating. CNN looks at what a hospital - Florida’s Jackson Hospital - did to halt a ransomware attack over the weekend, including completely shutting down its computer system and reverting to pen and paper to keep things running. This agile thinking has unfortunately become the norm for industries struck by ransomware over the years. Hospitals have had to divert ambulances, reschedule surgeries and so on in the face of attacks. It's of course great to hear a success story every so often. It sounds as if the efforts of Jamie Hussey, Jackson Hospital's IT director, helped limit some of the damage however. While one server was encrypted and the emergency room's system is apparently offline, that seems to be the extent of the damage.

Read more

Tags: Ransomware, Vulnerabilities

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.