Cyber Security News Week of March 6

This week in the cyber security blog we will go over some of the biggest news to help you be better informed on threats and changes.

• Daxin malware discovered by Synamtec researchers is believed to be from Chinese-linked APTs. Daxin specifically is believed to be designed to be implanted into highly-secure critical networks of telecommunication, transportation, and manufacturing companies, where internet connectivity may not be available. According to Symantec, "Daxin is, without doubt, the most advanced piece of malware Symantec researchers have seen used by a China-linked actor." This malware uses a Windows kernel driver by hiding in legitimate traffic by hijacking TCP connections to communicate with other infected devices. Read more about Daxin from BleepingComputer

• Toyota was affected by a supplier hit by a cyber attack. No signs show Toyota being directly attacked or infected, but one of their suppliers has been hit by ransomware. This has led to a parts shortage that has halted Toyota in Japan from continuous production at this time. Third-Party supply risks are increasingly prevalent. When evaluating third-party vendors, consider their cyber security maturity compared to the criticality of the service offered. Read more about the Toyota shutdown from Reuters

• CISA and FBI issued a joint advisory on WhisperGate and HermeticWiper malware. Currently, these are only seen in the wild in Ukraine, however, they are powerful destructive malware that disguises themselves as malware, encrypts data, and alters the Master Boot Record. As CISA launched its Shields Up initiative, this fits right into the need for an increased awareness of the broader cyber attacks to better defend networks. Read more about WhisperGate and HermeticWiper from the CISA Alert

• When completing a system reset in new versions of Windows 10 and Windows 11, the reset does not erase some OneDrive synced data. This bug still exists when the hard drive is encrypted, potentially leading to information disclosure on systems that were thought to have been securely reset. When completing secure resets and processing end of systems, consider the sensitivity of data on the device and whether normal software-based resets are acceptable to other data destruction methods. Read more about the Windows 10 and 11 reset bug from Ars Technica

This was rewritten in org, then exported to html to maintain the consistent look. As part of that, hakyll is no longer used, and I never really got it working either.