Brief #6: Top 25 Software Weaknesses, TSMC Ransomware

Mandos Brief, Week 26 2023: MITRE's top 25 software weaknesses, TSMC's ransomware predicament, strategies for a skilled cybersecurity workforce and more.

5 min read
mandos brief #6 - week 26 2023


MITRE Unveils Top 25 Software Weaknesses of 2023

The 2023 CWE Top 25 list is an essential resource for cybersecurity professionals, highlighting the most perilous software weaknesses. Topping the list is "Out-of-bounds Write", which involves writing data past the end of allocated memory. This can corrupt data, crash the system, or enable the execution of malicious code. Notably, "Improper Neutralization of Input during Web Page Generation", commonly known as Cross-Site Scripting (XSS), holds the second spot. XSS vulnerabilities allow attackers to inject client-side scripts into web pages viewed by other users, potentially leading to data theft or other malicious activities.

SQL Injection, which involves the insertion of malicious SQL code into queries, remains a significant threat, ranking third. A rising concern is "Use After Free" vulnerabilities, which involve the use of memory after it has been freed, potentially allowing an attacker to execute arbitrary code.

New entries such as "Improper Privilege Management" and "Improper Control of Generation of Code" reflect evolving threat landscapes. The former involves the mishandling of privileges within an application, while the latter concerns the dynamic creation of code without proper validation.

TSMC Faces $70M Ransom Demand After LockBit Breach

The LockBit ransomware group, known for its high-profile attacks, targeted TSMC through its IT hardware supplier, Kinmax Technology. This method of attack, known as a supply chain attack, is becoming increasingly common as cybercriminals exploit the interconnected nature of modern businesses to gain access to larger, more lucrative targets.

While TSMC asserts that its own systems and customer data remain uncompromised, the incident highlights the potential risks associated with third-party suppliers. The leaked information, which pertains to server setup and configuration, could potentially provide cybercriminals with valuable insights into TSMC's infrastructure, making it a prime target for future attacks.

The ransom demand of $70 million is one of the largest known to date, indicating the perceived value of the stolen data and the audacity of modern cybercriminals. The threat to publish the stolen data, along with network entry points and login credentials, adds another layer of pressure on TSMC and serves as a stark reminder of the potential consequences of a data breach.

This incident serves as a wake-up call for organizations to thoroughly vet their suppliers' cybersecurity protocols and to implement robust security measures across their supply chains. It also underscores the importance of incident response plans to mitigate the impact of such breaches.

3 Ways to Build a More Skilled Cybersecurity Workforce

The report by OECD and Microsoft provides a comprehensive overview of the cybersecurity workforce landscape. The study, which analyzed over 400 million online job postings, highlights the growing demand for skilled cybersecurity professionals. The focus on five major countries provides a global perspective on the issue. The report underscores the urgency to address worker shortages in the cybersecurity field, especially in the face of increasing cyber threats. It is a call to action for governments, educational institutions, and businesses to invest in training and development to build a more skilled cybersecurity workforce.

At least 100,000 could have had data exposed after US health department hack

The recent cyberattack on the Department of Health and Human Services (HHS) contractors underscores the growing threat of cybercrime and the vulnerability of third-party systems. The attack, linked to Russian cybercriminals, exploited a vulnerability in the MoveIT transfer software, a popular file-transfer software used by many organizations. This breach did not compromise HHS systems or networks directly, but it allowed attackers to access data through the software vulnerability.

The suspected group behind this attack, known as Clop, is known for stealing data from victims and using the stolen data to make extortion demands. This method of attack is particularly concerning as it not only compromises the security of the data but also puts the victims under the threat of extortion.

Urgent warning for Android users over apps that steal your bank details

The Anatsa Android Trojan represents a significant threat to banking security. This malware is distributed via apps on the Google Play Store, with over 30,000 installations reported. Once installed, Anatsa can steal a wide range of financial information, including banking credentials, credit card details, and payment information.

The Trojan is particularly insidious because it performs on-device fraud. This means that it launches the banking app on the victim's device and performs transactions on their behalf. This method of operation makes it very difficult for banking anti-fraud systems to detect the fraudulent activity, as the transactions are initiated from the device that the targeted bank customers regularly use.

Share This Post

Check out these related posts

Brief #52: Black Basta Ransomware Targets Critical Infrastructure, AI-Generated Malware Threats, CISO Credibility Gap, and Cybersecurity Career Paths

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #51: VPN Decloaking Attack, Azure Health Bot Vulnerabilities, CISO Dissatisfaction, and Incident Response Challenges

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #50: Postman API Credential Leaks, DHS AI Threat Guidelines, Effective Risk Communication, Cybersecurity Analyst Insights

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read