Antivirus used to spread malware, White House ransomware summit

Threat group rides antivirus software to install malware

Researchers at Kaspersky discovered the China-based threat group Cicada targeting Japanese organizations. The group used a spear-phishing email to prompt the install of the legitimate K7Security Suite. However it also included a malicious DLL to install it’s custom LODEINFO backdoor. Because Cicada effectively uses a legitimate security app to sideload the DLL, other security apps may not detect it. Targeted organizations span across media groups, diplomatic agencies, and public sector organizations, indicating the group plans to use the backdoor for cyberespionage. 

(Bleeping Computer)

White House organizes ransomware summit

The White House hosted its second International Counter Ransomware Summit starting on October 31st, bringing together three dozen nations as well as private-sector companies. The Summit focused on how to make systems more resilient to attacks overall and disrupting threat actors in the planning stages. Private companies attending included Microsoft, Maniant, Crowdstrike, and Palo Alto Networks. The Biden administration cited the recent ransomware attack on the Los Angeles school district as a factor in deciding to call the summit now. 


Ed tech company exposed user data

The Federal Trade Commission filed a complaint against the ed tech company Chegg, alleging “careless” security practices that compromised personal data. Based on the filing, these practices data back to 2017. In 2018, sensitive information on about 40 million customers became exposed after a former contractor accessed a third-party database. This included names, emails, passwords, sexual orientation, and parents’ income. SInce then, this dataset appears for sale online. The company also reportedly exposed information of employees, including social security numbers. The complaint chided Chegg for not requiring multi-factor authentication, storing personal data in plain text, a lack of any written security policy until 2021, and using “outdated and weak” encryption. 


Twitter exploring paid verification

According to documents seen by and sources…