BuzzSec

New analysis shows attackers for the most part are continuing to rely on the same techniques and tactics they have been using for years. from Dark Reading: https://www.darkreading.com/attacks-breaches/top-5-attack-techniques-may-be-easier-to-detect-than-you-think/d/d-id/1340564?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Attackers linked to North Korea began to target security researchers on social media earlier this year. from Dark Reading: https://www.darkreading.com/attacks-breaches/google-updates-on-campaign-targeting-security-researchers/d/d-id/1340563?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The FBI's Internet Crime Complaint Center (IC3) released their annual report, and the number of complaints have skyrocketed in 2020. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbis-newly-release-internet-crime-report-shows-cybercrime-has-ramped-up-in-2020

XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR. from Dark Reading: https://www.darkreading.com/omdia/whats-so-great-about-xdr/a/d-id/1340560?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks. from Dark Reading: https://www.darkreading.com/threat-intelligence/83--of-businesses-hit-with-a-firmware-attack-in-past-two-years/d/d-id/1340561?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent. from Threatpost https://threatpost.com/google-apple-track-mobile-opting-out/165147/

The Cart Crasher gang is testing stolen payment cards while cleaning ill-gotten funds. from Threatpost https://threatpost.com/fraud-lauders-money-charity-donations/165138/

Telecommuting social media manager left account unsecured so the child could access and send tweet. from Threatpost https://threatpost.com/child-tweets-gibberish-nuke-account/165140/

The Internal Revenue Service warns of fraudulent emails sent to .edu addresses. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/college-students-targeted-in-newest-irs-scam/d/d-id/1340558?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons. from Dark Reading: https://www.darkreading.com/operations/advice-from-security-experts-how-to-approach-security-in-the-new-normal/a/d-id/1340505?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Originally Aired on March 29, 2021 Articles discussed in this episode: https://ift.tt/31jXpXH https://ift.tt/3tXYOQi https://ift.tt/3rrGf56 https://ift.tt/3d7NpGB The post Talkin’ About Infosec News – 3/29/2021 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-3-29-2021/

As customers rely more on cloud storage and remote workforces, the probability of a breach increases. from Dark Reading: https://www.darkreading.com/attacks-breaches/3-ways-vendors-can-inspire-customer-trust-amid-breaches/a/d-id/1340466?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Researchers at Armorblox describe several recent phishing scams that managed to bypass email security filters. The first attempted to gain access to users’ Facebook accounts. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/recent-phishing-scams-that-managed-to-bypass-email-security-filters

A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows. from Dark Reading: https://www.darkreading.com/vulnerabilities---threats/weakness-in-edr-tools-lets-attackers-push-malware-past-them/d/d-id/1340555?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

According to the recent report by the Royal United Services Institute (RUSI) , they are sending a warning to organisations in the UK that ransomware is becoming more and more costly to organizations more than ever before. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/uk-report-warns-of-ransomware-being-the-perfect-storm

Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals. from Threatpost https://threatpost.com/charming-kitten-pounces-on-researchers/165129/

Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news. from Dark Reading: https://www.darkreading.com/operations/security-on-a-shoestring-more-budget-means-more-detection/d/d-id/1340551?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows. from Dark Reading: https://www.darkreading.com/risk/publicly-available-data-enables-enterprise-cyberattacks/d/d-id/1340550?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers. from Dark Reading: https://www.darkreading.com/attacks-breaches/what-we-know-(and-dont-know)-so-far-about-the-supernova-solarwinds-attack-/d/d-id/1340513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Ziggy joins Fonix ransomware group and shuts down, with apologies to targets. from Threatpost https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/

When I was first starting off in my career, I wanted to be a doctor. As life often goes, I got waylaid. Wanting to be a doctor turned in an accounting major and CPA certification, quickly followed by a lifetime career in computer security. I have always joked that being in computer security is like being a doctor, except the patient does not verbally tell you where it hurts. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/there-is-no-herd-immunity-in-the-digital-world

The company first confirmed plans to change its name in October 2020. from Dark Reading: https://www.darkreading.com/threat-intelligence/white-ops-renames-company-human/d/d-id/1340547?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers. from Threatpost https://threatpost.com/malicious-docker-cryptomining-images/165120/

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ubiquiti-cyber-attack-details-depict-a-far-more-disastrous-scenario-than-let-on

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source — we’ll call him Adam — spoke on condition of anonymity for fear of retribution by Ubiquiti. “It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wr

What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do. from Dark Reading: https://www.darkreading.com/attacks-breaches/what-you-need-to-know----or-remember----about-web-shells/d/d-id/1340544?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now. from Dark Reading: https://www.darkreading.com/threat-intelligence/watch-out-for-these-cyber-risks-/a/d-id/1340453?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary's emails, among others. from Threatpost https://threatpost.com/solarwinds-attackers-dhs-emails/165110/

Data security hygiene severely lacking among healthcare firms, new research shows. from Dark Reading: https://www.darkreading.com/threat-intelligence/ghost-users-haunt-healthcare-firms/d/d-id/1340545?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one. from Dark Reading: https://www.darkreading.com/attacks-breaches/beyond-mitre-attandck-the-case-for-a-new-cyber-kill-chain/a/d-id/1340539?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article : The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance). The app can also monitor your GPS location (so it knows exactly where you are), hijack your phone’s camera to take pictures, review your browser’s search history and bookmarks, and turn on the phone mic to record audio. The app’s spying capabilities are triggered whenever the device receives new information. Researchers write that the RAT is constantly on the lookout for “any activity of interest, such as a phone call, to immediately rec

Editor’s Note : We’re sharing excerpts from the third edition of our popular book, “ The Security Intelligence Handbook: How to Disrupt Adversaries and Reduce Risk with Security Intelligence .” Here, we’re looking at chapter 11, “Geopolitical-Party Intelligence.” To read the entire section, download your free copy of the handbook. Nation-state threat actors are out to cause maximum damage and disruption, which has led to more critical infrastructure attacks targeting cities, government agencies, critical infrastructure, and large companies. Take, for example, the recent attack on more than 250 federal agencies and businesses presumed to be at the hands of Russian operatives. Attacks like this underscore the importance of reducing geopolitical risk. That means going beyond protecting your digital assets from domestic cyber threats to also consider the unique challenges of defending against global threats and protecting your offices, manufacturing plants, warehouse facilities, and r

Elderly people often struggle with technology because the products aren’t designed with them in mind, according to Ming Yang, founder and CEO of Orchard. On the CyberWire’s Hacking Humans podcast, Yang explained that this often leads to older people being excluded from an increasingly technical society. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/what-is-the-reason-that-older-users-often-have-problems-using-technology

This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “ 10 Things Your MDR Service Must Do. ” By the time you’re ready to invest in a Managed Detection and Response (MDR) service, you’ve likely already invested in a number of different security tools aimed at preventing threats and detecting breaches. MDR is a continued investment in this technology, not always a pure replacement. MDR is a complement of any program with a “defense in depth” technology stack. When designing modern submarines, the Navy uses a thought process of "assume breach," meaning at some point a flood door or bulkhead will fail and there needs to be multiple failsafes to ensure adequate protection. The same is true for a security program. Utilizing an “assume breach” mentality in the network, instead of just having a firewall at the perimeter and endpoints on the interior of your network, the defense in de

Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security. from Dark Reading: https://www.darkreading.com/cloud/in-the-rush-to-embrace-hybrid-cloud-dont-forget-about-security/a/d-id/1340438?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-11-13-eye-opener-mom-charged-in-deepfake-cheerleading-plot

In part 1 of this blog series , we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you. There are considerations unique to PCI. For your self-assessments and QSA lead assessments, are you certain that scoping and encryption are compliant? Will your QSA and/or your Approved Scanning Vendor (ASV) agree with your stance? To start, let’s identify the relevant controls. What has the PCI Security Standards Council (PCI-SSC) said within the Data Security Standard (PCI-DSS)? Let’s look at current version 3.2.1. The transport of cardholder data has controls described within requirement 4.1, and the most crucial testing of the use of secure transport is within requirement 11.2 for ASV scanning. Requirement 4.1 requires ‘strong cryptograp

I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new test/scanning scope Changes in scanning techniques, tools, or vendors Supporting legacy applications or legacy connections Acquisition of applications Unless you only support new applications with the latest, strongest ciphers and protocols, the list above describes almost everyone. The intention of this blog is NOT to recommend a specific scanner or vendor or detail how to manage such relationships. It is simply to arm you with the basics to analyze your own transport security using an authoritative and objective source. We will look at the protocols and cipher suites employed in the encryption. It should go without saying that if you have

A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com. from Threatpost https://threatpost.com/intel-sued-under-wiretapping-laws/165104/

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security. from Dark Reading: https://www.darkreading.com/physical-security/manufacturing-firms-learn-cybersecurity-the-hard-way/d/d-id/1340542?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Predator-ranked players on Xbox console game version rigged matches with DDoS attacks. from Threatpost https://threatpost.com/apex-legends-players-banned-ddos-server-attacks/165085/

The PHP maintainers have decided to make GitHub the official source for PHP repositories going forward. from Dark Reading: https://www.darkreading.com/attacks-breaches/attackers-target-php-git-server-to-backdoor-source-code/d/d-id/1340540?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Several high-level government accounts were also breached in the attack. from Dark Reading: https://www.darkreading.com/attacks-breaches/solarwinds-hackers-accessed-dhs-chiefs-email/d/d-id/1340537?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

There could be more than immediately meets the eye with this targeted attack group. from Threatpost https://threatpost.com/hades-ransomware-connections-hafnium/165069/

     In The Wild - CyberSecurity Newsletter Welcome to the 216 th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Hacker Hour: The Importance of Patch Management SBS Educational Resources Date:  Wednesday, March 31, 2021 Time:  2:00 - 3:00 PM CDT According to the Ponemon Institute, 57% of cyber