Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022.

Threat Advisories and Alerts

Researchers Sound Alarm on Dangerous BatLoader Malware Dropper

A dangerous new malware loader with features for determining whether it’s running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit on victim systems.

Source: https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper

Windows Kerberos Authentication Impacted by November Patches

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems. The failure appears to be linked to installing the cumulative updates released during November’s Patch Tuesday release. The known issue, actively investigated by Redmond, can affect any Kerberos authentication scenario within affected enterprise environments.

Source: https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/

NSA Calls for Use of Memory-Safe Programming Languages

The U.S. National Security Agency (NSA) has released guidance encouraging organizations to shift development work away from the likes of C and C++ to memory-safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift. In a PDF posted to the NSA site, examples are provided, such as a threat actor finding their way into a system through a buffer overflow or leveraging software memory allocation shortcomings to justify this advice.

Source: https://www.theregister.com/2022/11/11/nsa_urges_orgs_to_use/

Critical Vulnerability in Spotify’s Backstage Found and Fixed

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. Backstage unifies all infrastructure tooling, services and documentation to create a streamlined development environment. Researchers from cloud application security vendor Oxeye reported the vulnerability through Spotify’s bug bounty program. Spotify rapidly patched the vulnerability and released Backstage version 1.5.1, which fixes the issue.

Source: https://www.helpnetsecurity.com/2022/11/15/spotify-backstage-vulnerability/

Emerging Threats and Research

Australia Considers Ransomware Payout Ban as Additional Medibank Files Leaked

The Australian government has said it is considering the introduction of legislation that would ban companies from paying ransom demands set by hackers in ransomware attacks. This possible policy move comes following a series of high-profile cyberattacks on Australian private sector businesses that left millions of its citizens’ records exposed. Recent victim Medibank has seen even more of its customer data posted online.

Source: https://www.itpro.co.uk/business/policy-legislation/369511/australia-considers-ransomware-payment-ban-further-medibank-leaks

Police Arrest 59 Suspected Scammers

A recent month-long anti-fraud crackdown across Europe resulted in the arrest of 59 suspected scammers, according to Europol. Its European Cybercrime Centre (EC3) and the Merchant Risk Council led the operation, with assistance from merchants, logistic companies, banks and payment card schemes across 19 countries.

Source: https://www.infosecurity-magazine.com/news/police-arrest-59-suspected-scammers/

CISA Releases Vulnerability Management Methodology

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a set of documents to guide prioritization of software vulnerability remediation by agencies and other organizations. CISA Executive Assistant Director Eric Goldstein has encouraged enterprises via a blog post to use “Stakeholder Specific Vulnerability Categorization” – a process first articulated by CISA with the Software Engineering institute at Carnegie Mellon University – for deciding which system bugs they should fix first.   

Source: https://www.nextgov.com/cybersecurity/2022/11/cisa-issues-vulnerability-management-tools-dependent-industry-action/379632/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.