Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit

The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize. [TechWeb]( Follow Dark Reading: [RSS]( July 26, 2022 LATEST SECURITY NEWS & COMMENTARY [Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit]( The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize. [Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs]( Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT. [Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control]( Two previously unknown critical vulnerabilities within FileWave’s multiplatform MDM system could grant malicious actors access to the platform's most privileged user account. [Getting Ahead of Supply Chain Attacks]( Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful. [T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People]( After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million. [Qakbot Is Back With a New Trick: DLL Sideloading]( In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [ICYMI: Neopets & the Gaming Problem; SolarWinds Hackers Are Back; Google Ads Abused]( Dark Reading's weekly roundup of all the OTHER important stories of the week. [What Firewalls Can — and Can't — Accomplish]( Understanding the limitations of firewalls is important to protecting the organization from evolving threats. [What InfoSec Pros Can Teach the Organization About ESG]( Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers. [MORE]( EDITORS' CHOICE [Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open]( A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content. LATEST FROM THE EDGE [Why Layer 8 Is Great]( To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior. LATEST FROM DR TECHNOLOGY [OpenFHE Brings New Encryption Tools to Developers]( The open source fully homomorphic encryption library from Duality Technologies is intended to help developers build their own FHE-enabled applications. WEBINARS - [How Supply Chain Attacks Work - And What You Can Do to Stop Them]( The headline-making attack against Solarwinds sent a shockwave through the world and had many security and business leaders reexamining the security of their own supply chains. In a supply chain - or third party - attack, criminals infiltrate and disrupt ... - [Building and Maintaining Security at the Network Edge]( Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [AppSec Considerations For Modern Application Development]( - [The Many Facets of Modern Application Development]( [View More White Papers >>]( FEATURED REPORTS - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Aqua Launches Out-of-the-Box Runtime Security with Advanced Protection against the Most Sophisticated Threats]( [Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration]( [Data-Centric Security Market Worth $12.3B by 2027 - Exclusive Report by MarketsandMarkets™]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)