BuzzSec

We have discovered a squid — (Oegopsida, Magnapinnidae, Magnapinna sp.) — that lives at 6,000 meters deep. :They’re really weird,” says Vecchione. “They drift along with their arms spread out and these really long, skinny, spaghetti-like extensions dangling down underneath them.” Microscopic suckers on those filaments enable the squid to capture their prey. But the squid that Jamieson and Vecchione saw in the footage captured 6,212 meters below the ocean’s surface is a small one. They estimate that its mantle measured 10 centimeters long — ­about a third the size of the largest-known magnapinnid. And the characteristically long extensions observed on other magnapinnids were nowhere to be seen in the video. That could mean, says Vecchione, that this bigfin squid was a juvenile. Research paper . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security http

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen. Unlike similar tracking products from competitors such as Tile, Apple added features to prevent abuse, including notifications like the one Ms. Estrada received and automatic beeping. (Tile plans to release a feature to prevent the tracking of people next year, a spokeswoman for that company said.) […] A person who doesn’t own an iPhone might have a harder time detecting an unwanted AirTag. AirTags aren’t compatible with Android smartphones. Earlier this month, Apple released an Android app that can scan for AirTags — but you have to be vigilant enough to download it and proactively use it. Apple declined to s

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. from Threatpost https://threatpost.com/rise-cyber-recon-security-strategy/177317/

Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks. from Dark Reading https://www.darkreading.com/edge-articles/getting-started-with-threat-informed-security-programs

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. from Threatpost https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/

Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges. from Dark Reading https://www.darkreading.com/operations/zero-trust-and-access-protecting-the-keys-to-the-kingdom

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy. from Dark Reading https://www.darkreading.com/threat-intelligence/takedowns-prove-temporary-tactic-in-cybercrime-fight

Don't think of zero trust as a product. Think of it as "how you actually practice security." from Dark Reading https://www.darkreading.com/edge-slideshows/7-steps-for-navigating-a-zero-trust-journey-

Here’s what cybersecurity watchers want infosec pros to know heading into 2022.   from Threatpost https://threatpost.com/5-cybersecurity-trends-2022/177273/

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team. from Dark Reading https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. from Threatpost https://threatpost.com/toy-christmas-spying/177288/

More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a malware phishing attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-impacts-of-phishing-attacks

Ransomware demands a new approach to incident response. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/an-adaptive-security-strategy-is-critical-for-stopping-advanced-attacks

The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. from Threatpost https://threatpost.com/2021-log4j-year-review-funny-cybersecurity/177215/

The details on cybersecurity technologies that we expect to advance rapidly in the coming year. from Dark Reading https://www.darkreading.com/dr-tech/6-security-tech-innovations-we-re-excited-to-see-in-2022

Someone left it in a cemetery . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/12/friday-squid-blogging-squid-headed-statue-appears-in-dallas.html

Working together is going to make getting through this problem a lot easier. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/log4j-a-ciso-s-practical-advice

Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. from Threatpost https://threatpost.com/telegram-steal-crypto-wallet-credentials/177266/

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. from Threatpost https://threatpost.com/spider-man-no-way-home-download-installs-cryptominer/177254/

VPNs have become a vulnerability that puts organizations at risk of cyberattacks. from Dark Reading https://www.darkreading.com/attacks-breaches/the-future-of-work-has-changed-and-your-security-mindset-needs-to-follow

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test what scams a worker will easily recognize and which ones they need more education on. KnowBe4’s product helps administrators figure out exactly who needs more education and on what topics. We know that customers who more consistently and frequently educate and test their co-workers reduce cybersecurity risk lower than those who do not. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/having-an-efficient-security-awareness-training-program

There was a lot to learn from breaches, vulnerabilities, and attacks this year. from Dark Reading https://www.darkreading.com/attacks-breaches/6-of-the-most-impactful-cybersecurity-incidents-of-2021

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/alerts/aa21-356a

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities

The functionality of all-in-one platforms is being deconstructed into a smorgasbord of services that can be used to develop bespoke end-user security procedures for specific work groups, lines of businesses, or customer communities. from Dark Reading https://www.darkreading.com/operations/future-of-identity-based-security-all-in-one-platforms-or-do-it-yourself-solutions-

Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. from Threatpost https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. from Threatpost https://threatpost.com/half-billion-compromised-credentials-cloud-server/177202/

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. from Threatpost https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/

“Battles are won with kinetics, but wars are won with influence.” -Ajit Maan China’s entire propaganda system is working at full force in the largest Chinese state-sponsored overt influence campaign to date observed by Recorded Future. The narrative warfare operation, which aims to reshape global definitions of democracy, criticize American democracy, and position China as a democracy itself, has been amplified by nearly every Chinese state-affiliated media outlet and spokesperson and dozens of state-hired influencers. With thousands of social media posts, dozens of cartoons and memes, news articles and academic reports, panel discussions, and videos that criticize US democracy, the narrative they are pushing is simple: US democracy is harming the world; trust China’s “whole-process people’s democracy” instead. This ongoing messaging, which began on December 2, 2021, is particularly aimed at global, English-language audiences outside of China and likely began as a preemptive defen

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb21-355

For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/how-is-zero-trust-evolving-to-be-more-continuous-in-verifying-trust-

Distributed Denial of Services attacks continue to grow in size, frequency and sophistication, and it’s in every organization’s best interest to properly prepare themselves against this sort of online attack.  The team at Cloudflare recently published their 2021 Q3 report on DDoS, outlining their observations and recommendations for mitigating DDoS attacks. Joining us is John Graham-Cumming, CTO at Cloudflare , to share his insights on the state of the DDoS threat, and where things may be headed.               This podcast was produced in partnership with the CyberWire . The post DDoS Defenses Divide and Conquer appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-239/

Spam calls in the US spiked in October, according to Truecaller’s annual Global Spam Report . The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spam-calling-rates-spike

Company partners with Exabeam to launch update to its BlackBerry Guard managed detection and response (MDR) service. from Dark Reading https://www.darkreading.com/attacks-breaches/blackberry-launches-new-managed-extended-detection-and-response-xdr-service

While the shipping industry's cyber posture was better than companies in the Forbes Global 2000, the industry performed lower in key risk group factors. from Dark Reading https://www.darkreading.com/attacks-breaches/securityscorecard-research-reveals-cyber-vulnerabilities-pose-a-threat-to-u-s-maritime-security

Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning. from Dark Reading https://www.darkreading.com/careers-and-people/trend-micro-crowns-champions-of-2021-capture-the-flag-competition

Ziv Oren previously held the position of chief operations officer at the company. from Dark Reading https://www.darkreading.com/application-security/reblaze-appoints-new-ceo

Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar. from Dark Reading https://www.darkreading.com/operations/four-out-of-five-organizations-are-increasing-cybersecurity-budgets-for-2022

I need to get a few disclaimers out of the way first: Ransomware attacks in 2021 are going to surpass the number of attacks in 2020 significantly. This data is preliminary and based on publicly reported data, but it does show interesting trends. There are always observability problems with ransomware. No one sees the full picture of ransomware attacks. 2021 has seen unprecedented global law enforcement action taken against ransomware groups. The 30-nation ransomware task force led by the United States appears to be seeing early success with almost weekly announcements against ransomware groups, some of which are shown in Figure 1:  Figure 1 : Some of the law enforcement action taken against ransomware groups in 2021 (Source: Recorded Future)   While there is little doubt that continued and consistent law enforcement action against ransomware groups is needed, there have been questions about whether these actions would slow down ransomware attacks.  It is too early to prov

We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/whitelisting-on-known-headers-not-recommended

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. from Threatpost https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them. from Dark Reading https://www.darkreading.com/attacks-breaches/lights-out-cyberattacks-shut-down-building-automation-systems

Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure. from Dark Reading https://www.darkreading.com/endpoint/zero-trust-shouldn-t-mean-zero-trust-in-employees

Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. This module has been successfully tested with: Apache Solr Apache Struts2 Spring Boot Example usage: msf6 > use auxiliary/scanner/http/log4shell_scanner msf6 auxiliary(scanner/http/log4shell_scanner) > set RHOSTS 192.168.159.128 RHOSTS => 192.168.159.128 msf6 auxiliary(scanner/http/log4shell_scanner) > set SRVHOST 192.168.159.128 SRVHOST => 192.168.159.128 msf6 auxiliary(scanner/http/log4shell_scanner) > set R

The "PseudoManuscrypt" operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry. from Dark Reading https://www.darkreading.com/threat-intelligence/pseudomanuscrypt-malware-targeted-government-ics-systems-in-2021

CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge. from Dark Reading https://www.darkreading.com/crowdstrike/time-to-reset-the-idea-of-zero-trust

The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it. from Dark Reading https://www.darkreading.com/threat-intelligence/cisa-issues-emergency-directive-on-log4j

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache

Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. from Threatpost https://threatpost.com/cloud-ransomware-convergence/177112/

If you cannot track, access, or audit data at every stage of the process, then you can't claim your data is secure. from Dark Reading https://www.darkreading.com/risk/is-data-security-worthless-if-the-data-lifecycle-lacks-clarity-

Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Insikt Group determined MITRE ATT&CK TTPs used by ransomware. The intended audiences for this report are SOC analysts and those interested in threat hunting. Executive Summary Ransomware continues to evade detection and infect enterprise networks of every industry. Defenders need to continually mature their dynamic detections, such as Sigma rules, to detect and stop a ransomware attack. Insikt Group analyzed common techniques used by ransomware operators, mapped them to the MITRE ATT&CK framework, and developed 5 Sigma rules to detect these techniques, which are available to Recorded Future clients.  The ATT&CK techniques highlighted in this research align with Insikt Group’s 2020 Top MITRE ATT&CK Techniques report, where the Defense Evasion tactic was the most commonly seen tactic in 2020.  The 5 ransomware techniques det

How do you protect the two most populous cities in the United States? New York City and Los Angeles have a combined population of over 12 million people and cover vast swaths of land. The differences between the two cities are well documented—cultural, weather, geography, etc.—but when it comes to securing the cities against threats the two cities are more alike than different.  During Predict 21: The Intelligence Summit , hosted by Recorded Future, a discussion was held with Geoff Brown, Chief Information Security Officer for the City of New York, and Timothy Lee, Chief Information Security Officer for the City of Los Angeles. The session was moderated by Niloofar Razi Howe, an executive, investor, and entrepreneur who served as Chief Strategy Officer and Senior Vice President of Strategy and Operations at RSA. To start the discussion both Brown and Lee kicked off with a description of the breadth of the threats they face, as well as the impact they have.  “The vision for New Yor

A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together with a company that remained anonymous. The company did not inform their employees about the simulated phishing program they were going to be part of. The four goals of the study were to determine: from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eye-opener-new-eu-phishing-study-shows-that-crowd-sourcing-phishing-defense-is-successful

The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. from Threatpost https://threatpost.com/conti-gang-ransomware-attack-mcmenamins/177119/

The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic. from Dark Reading https://www.darkreading.com/dr-tech/mobile-app-developers-keep-fraudulent-traffic-at-bay-with-anti-fraud-api

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court. In May 2019, the jury awarded Terpin a $75.8 million judgment against Truglia. In January 2020, a New York gr