BuzzSec

Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, to download the report as a PDF. This report details a campaign conducted by a China-linked threat activity group, RedEcho, targeting the Indian power sector. The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis. Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight, and common open-source tools and techniques. The report will be of most interest to individuals engaged in strategic and operational intelligence relating to Indian and Chinese activity in cyberspace. Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organizations. Executive Summary Relations between India and China have deteriorated significantly following border clashes in May

InputMag wrote: "We are entering scary times. New deepfake videos of actor Tom Cruise have made their way onto TikTok under the handle   @deeptomcruise , and boy do they look real. from KnowBe4 Security Awareness Training Blog http://blog.knowbe4.com/new-scary-good-deepfake-videos-of-tom-cruise-show-the-threat-to-society-is-very-real

InputMag wrote: "We are entering scary times. New deepfake videos of actor Tom Cruise have made their way onto TikTok under the handle   @deeptomcruise , and boy do they look real. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-scary-good-deepfake-videos-of-tom-cruise-show-the-threat-to-society-is-very-real

COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware. from Threatpost https://threatpost.com/stalkerware-volumes-high-bans/164325/

A new document provides guidance for businesses planning to implement a zero-trust system management strategy. from Dark Reading: https://www.darkreading.com/nsa-releases-guidance-on-zero-trust-architecture/d/d-id/1340269?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Some jokes never get old. from Dark Reading: https://www.darkreading.com/edge/theedge/nerd-humor/b/d-id/1340268?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next? from Dark Reading: https://www.darkreading.com/edge/theedge/the-edge-pro-tip-fasten-your-seatbelts/b/d-id/1340267?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies. from Threatpost https://threatpost.com/lazarus-targets-defense-threatneedle-malware/164321/

Hey who finked about Flink? In this week's round of modules, contributor bcoles offered up two modules to leverage that Apache Flink install you found in some fun new ways. If you are just looking to filch a few files, auxiliary/scanner/http/apache_flink_jobmanager_traversal leverages CVE-2020-17519 to pilfer the filesystem on Flink versions 1.11.0 thru 1.11.2. The second module, for a litte extra fun, exploit/multi/http/apache_flink_jar_upload_exec utilizes the job functionality in Flink to run arbitrary java code as the web server user, turns out there is a meterpreter for that! RDP: a dream and a nightmare for the sysAdmin near you. Ever wonder if exposing a remote desktop in a web page was a good idea? I mean, it's just a web server, the internet loves those. Turns out timing attacks can expose your usernames when someone chooses to pay close attention. A recently contributed module auxiliary/scanner/http/rdp_web_login contributed by Matthew Dunn can even pay at

A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs. from Dark Reading: https://www.darkreading.com/edge/theedge/securing-super-bowl-lv/b/d-id/1340262?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/02/26/nsa-releases-guidance-zero-trust-security-model

While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/advanced-threats/attackers-turn-struggling-software-projects-into-trojan-horses/d/d-id/1340266?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup.   from Threatpost https://threatpost.com/yeezy-sneaker-bots-boost-sun/164312/

Originally Aired on February 24, 2021 Articles discussed in this episode: https://ift.tt/3kvCQ3l https://ift.tt/2ZJkger The post Talkin’ About Infosec News – 2/24/2021 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-2-24-2021/

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses. from Threatpost https://threatpost.com/malware-gangs-partner-up-in-double-punch-security-threat/164279/

Black History Month is a time for every person, from all different backgrounds to honor and celebrate the achievements of Black and African Americans in the U.S. and their impact on world history. In honor of Black History Month, we would like to recognize some of our amazing team members who have made an impact on our company culture, embody our core values, and exude excellence. We pride ourselves on creating a safe space for everyone to be their authentic selves. Hear what Black History Month means to them! Junior Carreira, Service Desk Technician, Boston, MA What does Black History Month mean to you? Black History Month to me means an opportunity for the black community to reconnect with their heritage and ancestry while celebrating how our accomplishments and heroes have impacted our ways of being today. It means legacy and continuing to add onto that legacy. It also stands as a reminder of our resilience and that our fight isn't over as long as we’re still here. What is

According to three reports published last week, the bad guys have improved their popular tactics with phishing and ransomware attacks. The attacks involving fake COVID-19 scams and remote work have upgraded with some minor changes. from KnowBe4 Security Awareness Training Blog http://blog.knowbe4.com/heads-up-ransomware-and-phishing-attacks-are-not-going-away-in-2021

In this series, our security experts will give a behind the scenes look at phishing emails that were reported to PhishER , KnowBe4's Security Orchestration, Automation and Response (SOAR) platform. We will go in-depth to show you real-world attacks and how you can forensically examine phishing emails quickly. from KnowBe4 Security Awareness Training Blog http://blog.knowbe4.com/phishing-catch-of-the-day-your-inbox-will-be-deactivated

Over the last few decades, survey after survey has shown that if IT Administrators had their way, the vast majority of them prefer a hand-picked set of best-of-breed point solutions over bundled suite of tools from one vendor. But sometimes there are organizational obstacles. from KnowBe4 Security Awareness Training Blog http://blog.knowbe4.com/the-dilemma-best-of-breed-stand-alone-or-a-bundled-suite-of-tools

Innovations in quantum computing mean enterprise and manufacturing organizations need to start planning now to defend against new types of cybersecurity threats. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/after-a-year-of-quantum-advances-the-time-to-protect-is-now/a/d-id/1340180?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

According to three reports published last week, the bad guys have improved their popular tactics with phishing and ransomware attacks. The attacks involving fake COVID-19 scams and remote work have upgraded with some minor changes. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-ransomware-and-phishing-attacks-are-not-going-away-in-2021

Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor. from Threatpost https://threatpost.com/podcast-ransomware-attacks-exploded-in-q4-2020/164285/

Retailers that lacked significant digital presence pre-COVID are now reaching new audiences through e-commerce sites that are accessible anytime, from anywhere, on any device. from Threatpost https://threatpost.com/protecting-sensitive-cardholder-data-in-todays-hyper-connected-world/164277/

In this series, our security experts will give a behind the scenes look at phishing emails that were reported to PhishER , KnowBe4's Security Orchestration, Automation and Response (SOAR) platform. We will go in-depth to show you real-world attacks and how you can forensically examine phishing emails quickly. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-catch-of-the-day-your-inbox-will-be-deactivated

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy .” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights­ — whether patents, copyrights, and other intellectual property, or privacy rights — ­presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses. From the conclusion: Privacy legislation should empower individuals through more layered and meaningful transparency and individual rights to know, correct, and delete personal information in databases held by others. But relying entirely on individua

Over the last few decades, survey after survey has shown that if IT Administrators had their way, the vast majority of them prefer a hand-picked set of best-of-breed point solutions over bundled suite of tools from one vendor. But sometimes there are organizational obstacles. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-dilemma-best-of-breed-stand-alone-or-a-bundled-suite-of-tools

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me . This post examines some of what that company is seeing in its efforts to stymie unemployment fraud. These prisoners tried to apply for jobless benefits. Personal information from the inmate IDs has been redacted. Image: ID.me A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5 billion in fraudulent jobless benefits — nearly two-thirds of the phony claims it reviewed — was paid out to individuals with Social Security numbers filed in multiple states. Almost $100 million we

Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm. from Dark Reading: https://www.darkreading.com/operations/inside-stratas-plans-to-solve-the-cloud-identity-puzzle/d/d-id/1340261?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017. from Dark Reading: https://www.darkreading.com/operations/microsoft-releases-free-tool-for-hunting-solarwinds-malware/d/d-id/1340260?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Building security into your overall vulnerability risk management (VRM) strategy is a must-do in the age of the all-important web app. Between security and IT-Ops teams, there are a number of steps in the VRM process, including asset identification, enumeration, prioritization, and remediation. How does application security fit in? Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post. The distinguished subject-matter experts and presenters also dive deep into the nitty gritty of what it takes to get a better night’s sleep by creating a VRM strategy that extends to the application layer. Watch the webcast here , and read on for our recap below! Web applications and APIs are assets, too Applications are one of the most common ways attackers are getting in. In a recent survey, Forrester found that 31% of firms suffered a breach as a result of an external attack, with applications serving as one of the most common attack vectors. Alon

Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says. from Dark Reading: https://www.darkreading.com/threat-intelligence/north-koreas-lazarus-group-expands-to-stealing-defense-secrets/d/d-id/1340259?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports. from Dark Reading: https://www.darkreading.com/threat-intelligence/ransomware-phishing-will-remain-primary-risks-in-2021/d/d-id/1340256?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Phishing continues to be a primary initial access vector in cyberattacks against industrial control systems, according to researchers at Dragos. Out of the fifteen threat groups tracked by the security firm, ten rely on spear phishing attachments to compromise their victims, and thirteen abuse valid accounts to maintain persistence. from KnowBe4 Security Awareness Training Blog http://blog.knowbe4.com/phishing-targets-industrial-control-systems

Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders. from Threatpost https://threatpost.com/cyberattacks-vietnam-human-rights-activists/164284/

While most organizations think through the direct risk of cyber threats to their business via cyber attacks, known vulnerabilities, and security flaws, not many organizations recognize the risk posed to their business by their customers. from SBS CyberSecurity https://sbscyber.com/resources/customer-cybersecurity-awareness-creating-a-culture-of-security

Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code. from Dark Reading: https://www.darkreading.com/threat-intelligence/thousands-of-vmware-servers-exposed-to-critical-rce-bug/d/d-id/1340255?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Educational institutions have become prime targets, but there are things they can do to stay safer. from Dark Reading: https://www.darkreading.com/attacks-breaches/5-key-steps-schools-can-take-to-defend-against-cyber-threats/a/d-id/1340177?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results. from Threatpost https://threatpost.com/health-website-leaks-covid-19-test/164274/

The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. from Threatpost https://threatpost.com/malicious-mozilla-firefox-gmail/164263/

TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body ( https://www.cmmcab.org/ ) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense Industrial Base (DIB). The CMMC model was created and is managed by the Department of Defense https://www.acq.osd.mil/cmmc/index.html . Building on the existing DFARS 252.204-7012 regulation and NIST 800-171 standard, the CMMC adds a verification component to the requirements in the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Registered Provider Organizations offer advice, consulting, and recommendations to clients based on the constructs of the CMMC Standard and adhere to the CMMC-AB Code of Professional Conduct. With an estimated 350,000 organizatio

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/02/25/cisco-releases-security-updates

What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability (CVSSv3 Base 10; CVE-2021-1388) Cisco Security Advisory Cisco Multi-Site Orchestrator (MSO) is the product responsible for provisioning, health monitoring, and managing the full lifecycle of Cisco Application Centric Infrastructure (ACI) networking policies and tenant policies across all Cisco ACI sites organizations have deployed. It essentially has full control over every aspect of networking and network security. Furthermore, Cisco ACI can be integrated with and administratively control VMware vCenter Server, Microsoft System Center VMM [SCVMM], and OpenStack controller virtualization platform managers. A weakness in an API en

Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, to download the report as a PDF. Recorded Future analyzed current data from the Recorded Future® Platform, information security reporting, and other OSINT sources to review 11 fraud methods and services that facilitate threat actor campaigns. In subsequent months, Recorded Future will publish in-depth reports on each method or service, the threat actors offering them, technical details where applicable, and mitigation recommendations. This report will be of most interest to anti-fraud and network defenders, security researchers, and executives charged with security and fraud risk management and mitigation. Executive Summary The cybercriminal fraud ecosystem is a whole and interconnected enterprise. In this report, the introduction to our series on cybercriminal fraud, Insikt Group will describe 11 types of fraud methods and services currently used by threat actors to facilitate their

A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late. from Dark Reading: https://www.darkreading.com/risk/how-to-avoid-falling-victim-to-a-solarwinds-style-attack/a/d-id/1340181?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. from Threatpost https://threatpost.com/cisco-critical-security-flaw/164255/

Phishing continues to be a primary initial access vector in cyberattacks against industrial control systems, according to researchers at Dragos. Out of the fifteen threat groups tracked by the security firm, ten rely on spear phishing attachments to compromise their victims, and thirteen abuse valid accounts to maintain persistence. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-targets-industrial-control-systems

I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States .” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is growing, that a large part of that power is in the digital sphere, and that China can and will wield that power in ways that adversely affect our national security. However, the specific threats and risks posed by different Chinese technologies vary, and effective policies must start with a targeted understanding of the nature of risks and an assessment of the impact US measures will have on national security and competitiveness. The goal of the paper is not to specifically quantify the risk of any particular technology,

Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year. from Dark Reading: https://www.darkreading.com/operations/61--of-malware-delivered-via-cloud-apps-report/d/d-id/1340251?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Quickbooks malware targets tax data for attackers to sell and use in phishing scams. from Threatpost https://threatpost.com/tax-quickbooks-data-theft/164253/

Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking. from Threatpost https://threatpost.com/mozilla-firefox-bugs-cookie-tracking/164246/

Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term. from Dark Reading: https://www.darkreading.com/operations/google-invests-in-linux-kernel-developers-to-focus-on-security/d/d-id/1340247?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Purchase extends offerings for MSP and SMB customers from Dark Reading: https://www.darkreading.com/operations/kaseya-buys-managed-soc-provider/d/d-id/1340245?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/the-realities-of-extended-detection-and-response-(xdr)-technology-/a/d-id/1340201?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system. from Threatpost https://threatpost.com/vmware-patches-critical-rce-flaw-in-vcenter-server/164240/

Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage. from Dark Reading: https://www.darkreading.com/attacks-breaches/universities-face-double-threat-of-ransomware-data-breaches/d/d-id/1340242?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

And the winner of The Edge's February cartoon caption contest is ... from Dark Reading: https://www.darkreading.com/edge/theedge/cartoon-caption-winner-be-careful-who-you-trust/b/d-id/1340234?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/02/24/mozilla-releases-security-updates-thunderbird-firefox-esr-and

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/02/24/vmware-releases-multiple-security-updates