Posts

Showing posts from April, 2021

Schneier - Friday Squid Blogging: On Squid Coloration

Nice excerpt from Martin Wallin’s book Squid . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/04/friday-squid-blogging-on-squid-coloration.html

Dark Reading - Ransomware Task Force Publishes Framework to Fight Global Threat

An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model. from Dark Reading: https://www.darkreading.com/threat-intelligence/ransomware-task-force-publishes-framework-to-fight-global-threat/d/d-id/1340889?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - MITRE Adds MacOS, Linux, More Data Types to ATT&CK Framework

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure. from Dark Reading: https://www.darkreading.com/threat-intelligence/mitre-adds-macos-more-data-types-to-attandck-framework/d/d-id/1340870?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - New Threat Group Carrying Out Aggressive Ransomware Campaign

UNC2447 observed targeting now-patched vulnerability in SonicWall VPN. from Dark Reading: https://www.darkreading.com/attacks-breaches/new-threat-group-carrying-out-aggressive-ransomware-campaign/d/d-id/1340887?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat Post - PortDoor Espionage Malware Takes Aim at Russian Defense Sector

The stealthy backdoor is likely being used by Chinese APTs, researchers said. from Threatpost https://threatpost.com/portdoor-espionage-malware-takes-aim-at-russian-defense-sector/165770/

Dark Reading - MITRE Adds MacOS, Linux, More Data Types to ATT&CK Framework

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure. from Dark Reading: https://www.darkreading.com/threat-intelligence/mitre-adds-macos-linux-more-data-types-to-attandck-framework/d/d-id/1340870?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

US-CERT - CISA Updates Alert on Pulse Connect Secure

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/04/30/cisa-updates-alert-pulse-connect-secure

Threat Post - WeSteal: A Cryptocurrency Stealing Tool That Does Just That

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”. from Threatpost https://threatpost.com/westeal-cryptocurrency-stealing-tool/165762/

Dark Reading - Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds

Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows. from Dark Reading: https://www.darkreading.com/application-security/survey-finds-broad-concern-over-third-party-app-providers-post-solarwinds/d/d-id/1340868?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Rapid 7 - Metasploit Wrap-Up

Image
Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations (vROps) Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher Egor Dimitrenko. The exploit/linux/http/vmware_vrops_mgr_ssrf_rce module achieves remote code execution (RCE) as the admin Unix user by chaining the two vulnerabilities. First, CVE-2021-21975 pre-authentication server-side request forgery (SSRF) vulnerability is exploited in the /casa/nodes/thumbprints endpoint to obtain the admin credentials. Then, the credentials are used to authenticate to the vRealize Operations Manager API and exploit CVE-2021-21983 via the /casa/private/config/slice/ha/certificate endpoint. This allows the module to write and execute an arbitrary file, a JSP payload in this case. The module should work against the following vulnerable versions: 7.0.0 7.5.0...

Black Hills InfoSec - Backdoors & Breaches LIVE – 4/28/2021

Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Jason Blanchard | BanjoCrashland Defenders: Matt Thomas […] The post Backdoors & Breaches LIVE – 4/28/2021 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/backdoors-breaches-live-4-28-2021/

Threat Post - Is the SolarWinds Hack Really a Seismic Shift?

Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals. from Threatpost https://threatpost.com/solarwinds-hack-seismic-shift/165758/

KnowBe4 - The Cost of Remediating a Ransomware Attack More than Doubles and is Quickly Approaching $2 Million

Image
With 54% of organizations unable to stop a ransomware attack before data is encrypted and operations are impacted, the increasing cost of ransomware remediation is troubling. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-cost-of-remediating-a-ransomware-attack-more-than-doubles-and-is-quickly-approaching-2-million

KnowBe4 - U.K. Royal Mail-related Phishing Scams Are Up 645%

Image
New data from CheckPoint highlights how scammers are using simple shipping-related social engineering scams to trick victims into giving up personal information and credit card details. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/u.k.-royal-mail-related-phishing-scams-are-up-645

Dark Reading - Ghost Town Security: What Threats Lurk in Abandoned Offices?

Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later - what happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses? from Dark Reading: https://www.darkreading.com/edge/theedge/ghost-town-security-what-threats-lurk-in-abandoned-offices/b/d-id/1340866?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

US-CERT - Codecov Releases New Detections for Supply Chain Compromise

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/04/30/codecov-releases-new-detections-supply-chain-compromise

US-CERT - Samba Releases Security Updates

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/04/30/samba-releases-security-updates

Dark Reading - 7 Modern-Day Cybersecurity Realities

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe. from Dark Reading: https://www.darkreading.com/cloud/7-modern-day-cybersecurity-realities/d/d-id/1340826?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - The Ticking Time Bomb in Every Company's Code

Developers must weigh the benefits and risks of using third-party code in Web apps. from Dark Reading: https://www.darkreading.com/application-security/the-ticking-time-bomb-in-every-companys-code/a/d-id/1340815?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Rapid 7 - Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

Image
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report (ICER): Fortune 500 . The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the security controls for hardening these applications are equally broad. APIs, distributed authentication schemes, single-page applications, and static websites all might fall under the general category of “web application.” There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here. All web applications should require strong encryption, with a vanishingly small number of exceptions. While this is most critical for applications serving up critical or sensitive information–such as personally identifiable information (P...

Schneier - Serious MacOS Vulnerability Patched

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard application metadata file called “info.plist,” he could silently run the app on any Mac. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Are you sure you want to open it?” More . from Schneier on Security https://www.schneier.com/blog/archives/2021/04/serous-macos-vulnerability-patched.html

Threat Post - Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. from Threatpost https://threatpost.com/microsoft-warns-25-critical-iot-industrial-devices/165752/

Threat Post - COVID-19 Results for 25% of Wyoming Accidentally Posted Online

Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said. from Threatpost https://threatpost.com/covid-19-results-accidentally-exposed/165709/

Dark Reading - The Challenge of Securing Non-People Identities

Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk. from Dark Reading: https://www.darkreading.com/operations/the-challenge-of-securing-non-people-identities/a/d-id/1340782?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

KnowBe4 - Ransomware Operators Threaten to Short Victims’ Stocks

Image
The Darkside ransomware operators are now offering to tip off unscrupulous stock traders before they post the names of publicly traded victim companies, the Record reports. The criminals believe this will put more pressure on the victims to pay up. Recorded Future’s Dmitry Smilyanets told the Record that this is the first time a ransomware crew has explicitly made this part of their strategy. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-operators-threaten-to-short-victims-stocks

KnowBe4 - Why Should We Care About Personal Smishing Attacks?

Image
I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/why-should-we-care-about-personal-smishing-attacks

KnowBe4 - Ransomware Demands Spike by 43% Already in 2021

Image
Cybercriminal groups are increasing their automated and tactical ransomware attacks. Unfortunately, that also means they have an increase in greed. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-demands-spike-by-43-already-in-2021

KnowBe4 - [HEADS UP] Ransomware Gangs are Creating Ransomware Cartels

Image
Analysis by threat intelligence group Analyst1 recently uncovered that the bad guys are responsible for forming a ransomware cartel. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heads-up-ransomware-gangs-are-creating-ransomware-cartels

KnowBe4 - Scammers Target Rogers Customers With SMS Messages

Image
Scammers are targeting Rogers customers with text messages offering $50 refunds, according to BleepingComputer. The Canadian telecommunications provider suffered a widespread outage last week, and subsequently announced on Twitter that affected customers would receive a refund in the form of a credit equivalent of a full day of service on their next bill. Scammers took advantage of this by sending SMS messages that purported to come from Rogers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/scammers-target-rogers-customers-with-sms-messages

KnowBe4 - Federal Reserve Chairman Jerome Powell Cites Cyberthreats as Current “Biggest Concern” to Financial Institutions

Image
Fears of a resurgence of COVID-19 and increased cyberattacks are mentioned as top risks that can materially impact the finance sector and the economy, by Jerome Powell in a recent interview. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/federal-reserve-chairman-jerome-powell-cites-cyberthreats-as-current-biggest-concern-to-financial-institutions

KnowBe4 - Security Culture Influenced by the Global Effects of COVID-19

Image
In the Industry Benchmark section of the 2021 Security Culture Report , we describe the security culture scores of each industry sector in detail. This section of the report can be used to get a deep dive into specific industries, and as a benchmark to compare your own scores against those of different industry sectors. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/security-culture-influenced-by-the-global-effects-of-covid-19

KnowBe4 - Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Image
Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros that install malware. Intel 471 says EtterSilent has been used by many well-known malware strains, including Trickbot, Bazar, BokBot, Gozi ISFB, and QBot. The latter three campaigns rely on bulletproof hosting, making them resilient to takedowns. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/researchers-warn-of-ettersilent-facilitating-risky-malware-delivery

KnowBe4 - Lazarus Group Uses New Technique to Avoid Detection

Image
North Korea’s Lazarus group is using an interesting method to evade security measures, according to researchers at Malwarebytes . The threat actor is sending phishing emails with malicious macros which, when run, will execute an image file with embedded JavaScript code that will install malware. Once the malware is installed, it can execute commands or exfiltrate data. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/lazarus-group-uses-new-technique-to-avoid-detection

KnowBe4 - Evil Corp Tries to Work Around U.S. Treasury Sanctions Using Hades Ransomware

Image
The cybercriminal group linked to over $100 Million in financial damages has pivoted their execution strategy to bypass sanctions that prevent U.S. companies from paying them ransom. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/evil-corp-tries-to-work-around-u.s.-treasury-sanctions-using-hades-ransomware

KnowBe4 - New Ransomware Task Force Shares Actions To Disrupt Ransomware Cyber Crime

Image
The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-ransomware-task-force-shares-actions-to-disrupt-ransomware-cyber-crime

Threat Post - Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites

Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of “obstructing operations carried out relative to COVID-19 under the Emergency Management Act,” the South Australia […] from Threatpost https://threatpost.com/anti-vaxxer-hijacks-qr-codes-covid19/165701/

KnowBe4 - Phishing Campaign Abuses Contact Forms

Image
Attackers are abusing websites’ contact forms to send malicious emails to the websites’ owners, according to researchers at Microsoft. The emails contain bogus copyright claims with a link to a sites.google.com page. Clicking the link will result in the installation of the IcedID banking Trojan. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-campaign-abuses-contact-forms

Recorded Future - The Business of Fraud: Deepfakes, Fraud’s Next Frontier

Image
Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. The report aims to provide insight into Iran-linked MABNA Institute campaign activity that was reported on by Insikt Group throughout 2020, as well as by the broader cyber research community. The report is most likely to be of use to scientific organizations, academic institutions, and software groups that service the academic sector. This report will be of interest to blue team defenders working to secure academic and scientific organization’s networks, as well as CTI groups that research Iran-nexus cyber activity. The Recorded Future® Platform, Insikt Group threat research, and that from Proofpoint, RiskIQ, and Malwarebytes are referenced. Data sources used to conduct this analysis include the Recorded Future® Platform, Farsight DNSDB, DomainTools and other common open-source tools and techniques. Executive Summary The MABNA Institute, a thre...

TrustedSec - PCI Specialist Art “Coop” Cooper Joins TrustedSec Team

When I founded TrustedSec in 2012, I knew exactly the type of person that I wanted to work alongside: talented, passionate about their corner of the security industry, and genuinely interested in helping anyone with the desire to learn more. After nearly a decade, I’m thrilled that TrustedSec is still able to add new people to the team that share these exact qualities. Art “Coop” Cooper will be joining the TrustedSec PCI Practice team as a Principal Security Consultant. Coop has over 40 years of experience in the IT and Information Security industry with a focus on e-Commerce, the PCI-Data Security Standard (DSS), payment application assessments, forensics investigations, compliance security assessments, development of secure network architectures, risk management programs, security governance initiatives, and managing regulatory compliance. Coop was named the 2019 ISSA Security Professional of the Year and has been a consultant to some of the largest retail companies and financial ...

Threat Post - SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps. from Threatpost https://threatpost.com/lessons-from-real-life-misconfiguration-exploitations/165659/

KnowBe4 - Mobile is a Problem: 97% of Organizations Experienced Mobile Attacks in 2020

Image
Everything from applications, social apps, OS vulnerabilities and even mobile device management acted as initial attack vectors troubling nearly every single organization globally. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/mobile-is-a-problem-97-of-organizations-experienced-mobile-attacks-in-2020

Krebs - Task Force Seeks to Disrupt Ransomware Payments

Image
Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 50-page report delivered to the Biden administration this week, top executives from Amazon , Cisco , FireEye , McAfee , Microsoft and dozens of other firms joined the U.S. Department of Justice (DOJ), Europol and the U.K. National Crime Agency in calling for an international coalition to combat ransomware criminals, and for a global network of ransomware investigation hubs. The Ransomware Task Force urged the White House to make finding, frustrating and apprehending ransomware crooks a priority within the U.S. intelligence community, and to designate the current scourge of digital extortion as a national security threat. The formation of the industry partnership comes just days after The Wall Street Journal broke the news ...

Threat Post - DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down

Information stolen in April 10 ransomware attack was posted on a dark web portal and includes private documents not published as part of public records. from Threatpost https://threatpost.com/doppelpaymer-leaks-illinois-ag/165694/

Schneier - Identifying People Through Lack of Cell Phone Use

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd , detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter. from Schneier on Security https://www.schneier.com/blog/archives/2021/04/identifying-people-through-lack-of-cell-phone-use.html

KnowBe4 - Cybercriminals Use Job-Specific Social Media Platforms to Target UK Citizens With Fake Accounts

Image
At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said these fake profiles are being used on “an industrial scale” to launch social engineering attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cybercriminals-use-job-specific-social-media-platforms-to-target-uk-citizens-with-fake-accounts

Krebs - Experian API Exposed Credit Scores of Most Americans

Image
Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau. Bill Demirkapi , an independent security researcher who’s currently a sophomore at the Rochester Institute of Technology , said he discovered the data exposure while shopping around for student loan vendors online. Demirkapi encountered one lender’s site that offered to check his loan eligibility by entering his name, address and date of birth. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API — a capability that allows lenders to automate queries for FICO credit scor...

Dark Reading - FluBot Malware's Rapid Spread May Soon Hit US Phones

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam. from Dark Reading: https://www.darkreading.com/threat-intelligence/flubot-malwares-rapid-spread-may-soon-hit-us-phones/d/d-id/1340851?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Rapid 7 - [Security Nation] Marina Ciavatta and int80 Put the Fun into Hacking With Hacking Esports and Dual Core Music

Image
In this episode of Security Nation, we are joined by Marina Ciavatta and int80 to talk about Hacking ESports , their “quarantine project that got out of control.” The duo talk about how they came up with the idea for the Twitch livestream , what they’ve learned along the way, and future plans for the games. We also speak with int80 about his “hacker rapper” gig, Dual Core Music . This episode's Rapid Rundown comes with a rare content warning: We're discussing the life, impact, and passing of Dan Kaminsky. It gets pretty emotional, as you might expect. As Matt Blaze said , may his memory be a blessing. Want More Inspiring Stories From the Security Community? Subscribe to Security Nation Today from Rapid7 Blog https://blog.rapid7.com/2021/04/28/security-nation/

Dark Reading - 74% of Financial Institutions See Spike in COVID-Related Threats

Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000. from Dark Reading: https://www.darkreading.com/attacks-breaches/74--of-financial-institutions-see-spike-in-covid-related-threats/d/d-id/1340850?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat Post - Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. from Threatpost https://threatpost.com/sharepoint-phish-ransomware-attacks/165671/

Dark Reading - FBI Works With 'Have I Been Pwned' to Notify Emotet Victims

Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts. from Dark Reading: https://www.darkreading.com/threat-intelligence/fbi-works-with-have-i-been-pwned-to-notify-emotet-victims/d/d-id/1340847?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat Post - Google Chrome V8 Bug Allows Remote Code-Execution

The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. from Threatpost https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/

Dark Reading - How to Secure Employees' Home Wi-Fi Networks

Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities. from Dark Reading: https://www.darkreading.com/endpoint/how-to-secure-employees-home-wi-fi-networks/a/d-id/1340764?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - Cartoon Caption Winner: Rough Patch?

And the winner of The Edge's April cartoon caption contest is ... from Dark Reading: https://www.darkreading.com/edge/theedge/cartoon-caption-winner-rough-patch/b/d-id/1340844?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Black Hills InfoSec - Talkin’ About Infosec News – 4/26/2021

Originally Aired on April 26, 2021 Articles discussed in this episode: https://ift.tt/3u2oM5k https://ift.tt/3n83bFX https://ift.tt/3tMsHmF https://youtu.be/G0gOAvpGoJg The post Talkin’ About Infosec News – 4/26/2021 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-4-26-2021/

Threat Post - Chase Bank Phish Swims Past Exchange Email Protections

Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims. from Threatpost https://threatpost.com/chase-bank-phish-sexchange-email-protections/165653/

Dark Reading - Is Your Cloud Raining Sensitive Data?

Learn common Kubernetes vulnerabilities and ways to avoid them. from Dark Reading: https://www.darkreading.com/cloud/is-your-cloud-raining-sensitive-data/a/d-id/1340754?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Recorded Future - Stay Ahead of Global Uncertainty With Real-time Geopolitical Intelligence for Esri

For a complete understanding of the threats to their organizations, all intelligence analysts must consider how geopolitical events — such as a global pandemic, terrorist attack, or natural disaster — will impact their organization, supply chain, and industry. They need to respond swiftly to these threats, to mitigate disruptions to operations and protect their assets, but organizations are still susceptible to being blindsided at the most inopportune times because intelligence often lags. Relying on disparate data sources and manual processes means insights are often incomplete or outdated. Most analysts spend too much time manually collecting, analyzing, and visualizing a vast amount of intelligence — not to mention translating information from news sources in these regions’ local languages. To monitor and respond to geopolitical threats in real time, teams need a more efficient and collaborative way to report on relevant insights that drive more informed decision-making. A Compr...

Dark Reading - Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat

New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged. from Dark Reading: https://www.darkreading.com/threat-intelligence/attacks-targeting-adfs-token-signing-certificates-could-become-next-big-threat/d/d-id/1340843?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

KnowBe4 - Phishing Tactics Help Legitimate Pension Fund to Secure Meetings with Prospective Customers

Image
Security researchers uncover a marketing campaign that takes a page from the cybercriminal phishing handbook to “trick” pensioners to have an introductory call with their fund expert. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-tactics-help-legitimate-pension-fund-to-secure-meetings-with-prospective-customers

KnowBe4 - The Darkside Ransomware Group Is the Dangerous Poster Child for Today’s Ransomware-as-a-Service

Image
Looking beyond the “older” RaaS threat groups like Ryuk, DoppelPaymer, and Revil, today’s modern ransomware -as-a-service operator is far more business-like and specific in execution. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-darkside-ransomware-group-is-the-dangerous-poster-child-for-todays-ransomware-as-a-service

KnowBe4 - A Legitimate Charity Prompts Scam Imitators

Image
Scammers are impersonating philanthropist Mackenzie Scott, the billionaire ex-wife of Jeff Bezos, the New York Times reports. Scott prefers to give money directly and contacts charities and other organizations unexpectedly, which has the unintended side effect of making it easier for scammers to pose as her. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/a-legitimate-charity-prompts-scam-imitators

Schneier - Second Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. I have 600 copies of the book available. When they’re gone, the sale is over and the price will revert to normal. Order here . Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. I try to do some each day, but sometimes I can’t. And the pandemic can cause mail slowdowns all over the world. from Schneier on Security https://www.schneier.com/blog/archives/2021/04/second-click-here-to-kill-everybody-sale.html

Dark Reading - Emotet Malware Uninstalled from Infected Devices

A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware. from Dark Reading: https://www.darkreading.com/threat-intelligence/emotet-malware-uninstalled-from-infected-devices/d/d-id/1340838?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat Post - Linux Kernel Bug Opens Door to Wider Cyberattacks

The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices. from Threatpost https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/

Dark Reading - 10K Hackers Defend the Planet Against Extraterrestrials

Hack the Planet's Cyber Apocalypse capture-the-flag contest attracts 10,000 competitors from across the globe. from Dark Reading: https://www.darkreading.com/edge/theedge/10k-hackers-defend-the-planet-against-extraterrestrials/b/d-id/1340813?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading - Ransomware Recovery Costs Near $2M

The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report. from Dark Reading: https://www.darkreading.com/attacks-breaches/ransomware-recovery-costs-near-$2m/d/d-id/1340837?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

KnowBe4 - FBI Obtains Authorization to Access US Servers to Remove Webshells Due to Exchange Vulnerability

Image
Your server could have been compromised and the FBI was trying to mitigate the issue without you even knowing it yet. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-obtains-authorization-to-access-us-servers-to-remove-webshells-due-to-exchange-vulnerability