Posts

Showing posts from September, 2021

Dark Reading - More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic

Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections. from Dark Reading https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

Threat Post - Google Emergency Update Fixes Two Chrome Zero Days

This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. from Threatpost https://threatpost.com/google-emergency-update-chrome-zero-days/175266/

Dark Reading - Akamai Acquires Guardicore in $600M Deal

In other acquisition news today, Arctic Wolf announced it will acquire Habitu8, a managed security awareness platform, for an undisclosed amount. from Dark Reading https://www.darkreading.com/cloud/akamai-acquires-guardicore-in-600m-deal

Dark Reading - 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations from Dark Reading https://www.darkreading.com/edge-slideshows/10-recent-examples-of-how-insider-threats-can-cause-big-breaches-and-damage

Dark Reading - FireEye Products & McAfee Enterprise Merge to Create $2B Entity

The combined company will have 5,000 employees, more than 40,000 customers, and nearly $2 billion in revenue, officials report. from Dark Reading https://www.darkreading.com/endpoint/fireeye-products-mcafee-enterprise-merge-to-create-2b-entity

Threat Post - Military’s RFID Tracking of Guns May Endanger Troops

RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.   from Threatpost https://threatpost.com/military-rfid-track-guns-endanger-troops/175260/

Threat Post - Tips & Tricks for Unmasking Ghoulish API Behavior

Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. from Threatpost https://threatpost.com/unmasking-ghoulish-api-behavior/175253/

Dark Reading - SecZetta Announces $20.5M Series B Funding

Oversubscribed round led by SYN Ventures, with participation from MassMutual Ventures and existing investors ClearSky and Rally Ventures. from Dark Reading https://www.darkreading.com/risk/seczetta-announces-20-5m-series-b-funding

Threat Post - Baby’s Death Alleged to Be Linked to Ransomware

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death. from Threatpost https://threatpost.com/babys-death-linked-ransomware/175232/

Threat Post - Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope. from Threatpost https://threatpost.com/proxy-phantom-fraud-ecommerce-accounts/175241/

Dark Reading - You're Going to Be the Victim of a Ransomware Attack

That's not admitting defeat. It's preparing for success. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/you-re-going-to-be-the-victim-of-a-ransomware-attack

Schneier - Hardening Your VPN

The NSA and CISA have released a document on how to harden your VPN. from Schneier on Security https://www.schneier.com/blog/archives/2021/09/hardening-your-vpn.html

Dark Reading - The New Security Basics: 10 Most Common Defensive Actions

Companies now commonly collect security metrics from their software development life cycle, implement basic security measures, and define their obligations to protect user data as part of a basic security strategy. from Dark Reading https://www.darkreading.com/application-security/the-new-security-basics-10-most-common-defensive-actions

Threat Post - Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. from Threatpost https://threatpost.com/apple-pay-visa-hacked-unlocked-iphones/175229/

Rapid 7 - The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Image
Late last week, the Open Web Application Security Project (OWASP) released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on securing web applications during the ever-evolving development process. In this post, we're going to discuss the 2021 OWASP Top 10 , how the list is evolving alongside the web application security discussion, and what you should take away from this year's Top 10. And if you want to learn more, stay tuned in the coming weeks for deeper dives into several of the main recommendations this year's OWASP team has identified. What is the OWASP Top 10? The OWASP Top 10 is an awareness document that highlights the top 10 most critical web application security risks. The risks are in a ranked order based on frequency, severity, and magnitude for impact. OWASP has maintained this lis...

Threat Post - The Top Ransomware Threats Aren’t Who You Think

Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. from Threatpost https://threatpost.com/the-top-ransomware-threats-arent-who-you-think/175164/

Recorded Future - The World’s Largest Event for Intelligence-Led Security

Image
The anticipation is building. In less than two weeks we’ll kick off Recorded Future’s annual Predict Summit. What started as a small user conference, known as RFUN, today is the world’s largest event for intelligence-led security. We have close to 7,000 cybersecurity professionals registered already. We hope you’ll join us too. To register, go here.   In this brief video, Recorded Future’s Charity Wright, Threat Intelligence Analyst, shares some of the sessions she’s looking most forward to.  Why are so many people interested in Predict?  The speakers: A former international spy, a former thief, CISOs from private and public sector, intelligence analysts, researchers, practitioners. More than 70 speakers will take the virtual stage to discuss the role of intelligence to mitigate risk in today’s uncertain world.  The sessions: From expert use cases to adversary trends and tactics to boardroom discussions, you’ll have more than 40 sessions to choose from.  ...

KnowBe4 - Europol: Italian Mafia Tied to Cybercriminals Responsible for €10 Million in Cyberattacks

Image
The recent dismantling of a cybercriminal gang has uncovered ties to the Italian Mafia, demonstrating that even traditional organized crime is moving to cyber. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/europol-italian-mafia-tied-to-cybercriminals-responsible-for-10-million-in-cyberattacks

KnowBe4 - 5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

Image
A simple social engineered Business Email Compromise attack resulted in fraud that the cyber insurer contended was not covered under the policy. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/5th-circuit-court-finds-cyber-insurer-must-pay-for-1-million-social-engineering-attack

KnowBe4 - Phishing Kits and Phishing-as-a-Service Responsible for Over 300,000 URLs Used in Phishing Attacks

Image
Lowering the barrier to market even more, this new Phishing as a Service (PhaaS) spotted by Microsoft puts quality phishing templates and sites into the hands of any would-be cyber attacker. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-kits-and-phishing-as-a-service-responsible-for-over-300000-urls-used-in-phishing-attacks

Threat Post - Thousands of University Wi-Fi Networks Expose Log-In Credentials

Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users. from Threatpost https://threatpost.com/misconfiguration-university-wifi-login-credentials/175157/

Threat Post - Keep Attackers Out of VPNs: Feds Offer Guidance

The NSA and CISA issued guidance on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. from Threatpost https://threatpost.com/keep-attackers-out-of-vpns-feds-offer-guidance/175150/

Dark Reading - Shades of SolarWinds Attack Malware Found in New 'Tomiris' Backdoor

Malware contains similarities that suggest a possible link to malware that Russia's DarkHalo group used in its massive supply chain attack, researchers say. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/shades-of-solarwinds-attack-malware-found-in-new-tomiris-backdoor

Dark Reading - Startup Beyond Identity Now Offers Passwordless Multifactor Authentication for Consumers

The announcement comes two weeks after Microsoft gave users the option to fully remove passwords from their accounts. from Dark Reading https://www.darkreading.com/endpoint/startup-beyond-identity-now-offers-passwordless-multifactor-authentication

Dark Reading - 50% of Servers Have Weak Security Long After Patches Are Released

Many servers remain vulnerable to high-severity flaws in Microsoft Exchange Server, VMware vCenter, Oracle WebLogic, and other popular products and services. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released

Threat Post - Apple AirTag Zero-Day Weaponizes Trackers

Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. from Threatpost https://threatpost.com/apple-airtag-zero-day-trackers/175143/

Dark Reading - Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

New threat research from the Salt Labs Security research team details Elastic Stack injection exploit that can result in DoS attacks and cascading API threats from Dark Reading https://www.darkreading.com/application-security/salt-security-finds-widespread-elastic-stack-api-security-vulnerability-that-exposes-customer-and-system-data

Dark Reading - Dell Technologies Addresses Modern Support and Security

Services and security updates deliver customized IT support and secure PC experiences for work-from-anywhere employees. from Dark Reading https://www.darkreading.com/endpoint/dell-technologies-addresses-modern-support-and-security

Dark Reading - 1Password and Fastmail Partner to Boost Online Privacy

Allows users to securely generate unique email aliases, adding an extra layer of online privacy. from Dark Reading https://www.darkreading.com/endpoint/1password-and-fastmail-partner-to-boost-online-privacy

Rapid 7 - [Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

Image
In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell's Cyber Symposium, where he claimed packet captures would reveal incontrovertible evidence of widespread fraud in the 2020 US presidential election. (Spoiler alert: Nothing resembling that description actually occurred at Lindell's event.) An expert on packet captures, Graham recounts the Kafkaesque forensic logic behind the Cyber Symposium data — some of which was presented in a file type only known to a single living person — as well as the value of having real experts attend highly dubious events like this one. Stick around for the Rapid Rundown, where Tod and Jen discuss Microsoft's plan to turn off Basic Auth in Exchange Online next year and the Autodiscover bug that may have prompted the change. Robert Graham Rob Graham is a well-known cybersecurity expert. He created the BlackICE personal firewall, the first IPS, side...

Threat Post - GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. from Threatpost https://threatpost.com/grifthorse-money-stealing-trojan-android/175130/

Dark Reading - Cyberspace, Cybergames, and Cyberspies

How cyberspace has become a global cybergames stage, where all of us are actors. from Dark Reading https://www.darkreading.com/threat-intelligence/cyberspace-cybergames-and-cyberspies

Dark Reading - Russian Officials Arrest Group-IB CEO, Accuse Him of Treason

Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months. from Dark Reading https://www.darkreading.com/risk/russian-officials-arrest-group-ib-ceo-accuse-of-treason

Threat Post - Conti Ransomware Expands Ability to Blow Up Backups

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. from Threatpost https://threatpost.com/conti-ransomware-backups/175114/

Black Hills InfoSec - Talkin’ About Infosec News – 9/29/2021

ORIGINALLY AIRED ON SEPTEMBER 27, 2021 Articles discussed in this episode: 01:20 – Story # 1: https://ift.tt/3i4bcuh 02:14 – Story # 1b: https://ift.tt/2Xzx1KK 02:54 – Story # 1c: https://ift.tt/3hU2pek 04:03 – Story #1d: https://ift.tt/3o8jPrH 09:42 – A Wild Noah Has Joined the Chat 13:24 – The Wildest, Grayson & Tenille, Have Joined the Chat 13:45 […] The post Talkin’ About Infosec News – 9/29/2021 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-9-29-2021/

Dark Reading - Why Should I Care About HTTP Request Smuggling?

HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/why-should-i-care-about-http-request-smuggling-

Dark Reading - DAST to the Future: Shifting the Modern AppSec Paradigm

NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen — in production. from Dark Reading https://www.darkreading.com/application-security/dast-to-the-future-shifting-the-modern-appsec-paradigm

Threat Post - SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. from Threatpost https://threatpost.com/tomiris-backdoor-solarwinds-malware/175091/

Dark Reading - Sneaky Android Trojan Siphons Millions Using Premium SMS

More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars. from Dark Reading https://www.darkreading.com/application-security/sneaky-android-trojan-siphons-millions-using-premium-sms

Dark Reading - 3 Security Initiatives AWS's New CEO Should Prioritize

As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority. from Dark Reading https://www.darkreading.com/cloud/3-security-initiatives-aws-new-ceo-should-prioritize

Threat Post - Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. from Threatpost https://threatpost.com/telegram-bots-compromise-paypal/175099/

KnowBe4 - Someone's Impersonating the California DMV in Texts

Image
The California DMV has warned of an ongoing smishing campaign seeking customers’ personal and financial information, Pasadena Now reports. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/someones-impersonating-the-california-dmv-in-texts

Krebs - The Rise of One-Time Password Interception Bots

Image
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. An ad for the OTP interception service/bot “SMSRanger.” Many websites now require users to supply both a password and a numeric code/OTP token sent via text message, or one generated by mobile apps like Authy and Google Authenticator . The idea is that even if the user’s password gets stolen, the attacker still can’t access the user’s account without that second factor — i.e. without access to the victim’s mobile device or phone number. The OTP interception service featured earlier this year — Otp[.]agency — advertised a web-based bot designed to trick targets into giving up OT...

Dark Reading - 75K Email Inboxes Hit in New Credential Phishing Campaign

Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says. from Dark Reading https://www.darkreading.com/attacks-breaches/75k-email-inboxes-impacted-in-new-credential-phishing-campaign

Dark Reading - Outsourced Software Pose Greater Risks to Enterprise Application Security

In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to the organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report. from Dark Reading https://www.darkreading.com/edge-threat-monitor/outsourced-software-pose-greater-risks-to-enterprise-application-security

Threat Post - How to Prevent Account Takeovers in 2021

Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. from Threatpost https://threatpost.com/protect-account-takeover-cyberattacks/175090/

Dark Reading - Most Large Enterprises Fail to Protect Their Domain Names

Of the largest 2,000 companies in the world, 81% fail to take simple security measures, such as locking their domain with the registrar, leaving them open to domain shenanigans. from Dark Reading https://www.darkreading.com/cloud/large-enterprises-fail-to-implement-domain-protection-measures

Dark Reading - NSA, CISA Issue Guidelines for Selecting and Securing VPNs

Joint document includes configuration recommendations for hardening VPNs, and recommendations on how to select the most secure ones. from Dark Reading https://www.darkreading.com/operations/nsa-cisa-issue-vpn-hardening-and-selection-guidelines

Recorded Future - The Business of Fraud: Laundering Funds in the Criminal Underground

Image
Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Recorded Future analyzed current data from the Recorded Future® Platform, dark web, and open-source intelligence (OSINT) sources to review money laundering services within underground sourcing and the methodology and operations used by threat actors. This report expands upon findings addressed in the first report of the Insikt Group’s Fraud Series, “ The Business of Fraud: An Overview of How Cybercrime Gets Monetized ” .  Executive Summary Money laundering services within the dark web facilitate a combination of activities through which threat actors can conceal the origins of their money, transfer cryptocurrency, have funds sent to a bank account or payment cards, or exchange to physical cash via online payment solution platforms like WebMoney or PerfectMoney. Many of these services are linked to the use of cryptocurrency and rely on othe...

Threat Post - Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts

The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. from Threatpost https://threatpost.com/gamers-malware-steam-epic-ea-origin-accounts/175081/

US-CERT - CISA and NSA Release Guidance on Selecting and Hardening VPNs

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/cisa-and-nsa-release-guidance-selecting-and-hardening-vpns

Dark Reading - Master Lock Introduces New Bluetooth ProSeries Padlocks

New high-security padlocks integrate with easy-to-use software solution to offer security and cloud-based simplicity. from Dark Reading https://www.darkreading.com/physical-security/master-lock-introduces-new-bluetooth-proseries-padlocks

Dark Reading - US Extradites CardPlanet Operator Back to Russia

Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud. from Dark Reading https://www.darkreading.com/threat-intelligence/us-extradites-cardplanet-operator-back-to-russia

Threat Post - SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. from Threatpost https://threatpost.com/finspy-surveillance-kit/175068/

Dark Reading - Washington's New Cyber Focus Raises the Bar for IT Pros Across Supply Chains

Rather than fight against tighter security regulations, MSPs and IT pros should step up to lead conversations about the future of their industry. from Dark Reading https://www.darkreading.com/risk/washington-s-new-cyber-focus-raises-the-bar-for-it-pros-across-supply-chains

Krebs - Apple Airtag Bug Enables ‘Good Samaritan’ Attack

Image
The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. The Airtag’s “Lost Mode” lets users alert Apple when an Airtag is missing. Setting it to Lost Mode generates a unique URL at https://found.apple.com, and allows the user to enter a personal message and contact phone number. Anyone who finds the Airtag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner’s message. When scanned, an Airtag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. Bu...

US-CERT - RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260

Black Hills InfoSec - Webcast: Shellcode Execution with GoLang

In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, high performance, multi-threaded, and unlike C/C++ includes garbage collection! It has the advantage of compiling to native machine code, unlike .NET C# which is dependent […] The post Webcast: Shellcode Execution with GoLang appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-shellcode-execution-with-golang/

Dark Reading - Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation

FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation. from Dark Reading https://www.darkreading.com/endpoint/notorious-spyware-tool-found-hiding-beneath-four-layers-of-obfuscation

Threat Post - Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. from Threatpost https://threatpost.com/working-exploit-vmware-vcenter-cve-2021-22005/175059/

Recorded Future - 4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan

Image
Insikt Group has detected separate intrusion activity targeting a mail server of Roshan , one of Afghanistan’s largest telecommunications providers, linked to 4 distinct Chinese state-sponsored threat activity groups. This includes activity we attribute to the Chinese state-sponsored groups RedFoxtrot and Calypso APT , as well as 2 additional clusters using the Winnti and PlugX backdoors that we have been unable to link to established groups at this time. Notably, data exfiltration activity for these intrusions, particularly the Calypso APT activity and the unknown threat actor using the Winnti malware, spiked throughout August and September 2021, coinciding with major geopolitical events such as the withdrawal of US troops and a resurgence in Taliban control. This focus on intelligence gathering targeting one of Afghanistan’s largest telecommunications providers is likely in part driven by the Chinese Communist Party’s (CCP) purported desire to expand influence within Afg...

Schneier - Check What Information Your Browser Leaks

These two sites tell you what sorts of information you’re leaking from your browser. from Schneier on Security https://www.schneier.com/blog/archives/2021/09/check-what-information-your-browser-leaks.html

Threat Post - SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. from Threatpost https://threatpost.com/solarwinds-active-directory-servers-foggyweb-backdoor/175056/

Dark Reading - Modern Security Breaches Demand Diligent Planning and Executive Support

Teams that remain reactive will always be on the back foot — take an active stance. from Dark Reading https://www.darkreading.com/attacks-breaches/modern-security-breaches-demand-diligent-planning-and-executive-support

KnowBe4 - CyberheistNews Vol 11 #38 [EYE OPENER] Over 100 Million Lost to Romance/Crypto Scams in First Seven Months

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-11-38-eye-opener-over-100-million-lost-to-romance/crypto-scams-in-first-seven-months

KnowBe4 - Google Ads Abused to Deliver Malware

Image
Cybercriminals are using malicious Google Ads to deliver the ZLoader banking Trojan, ZDNet reports. Researchers at Microsoft stated on Twitter that attackers are purchasing Google Ads that point to compromised websites, then redirect the user to a malicious website that delivers the malware. The criminals use the ads to target people who search Google for certain keywords. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/google-ads-abused-to-deliver-malware

Threat Post - Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more. from Threatpost https://threatpost.com/credential-spear-phishing-uses-spoofed-zix-encrypted-email/175044/

Dark Reading - CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely

Attackers can use the vulnerability to remotely execute arbitrary code. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/cisa-says-wide-exploitation-likely-of-new-vmware-center-server-flaw

Dark Reading - Women and People of Color Experience More Cyber Threats

Researchers explore how people across different demographics feel about their privacy and security online, with worrying results. from Dark Reading https://www.darkreading.com/risk/women-and-people-of-color-experience-more-cyber-threats

Dark Reading - Microsoft Adds Emergency Threat Mitigation to its Exchange Server Software

The built-in service automates mitigations to known Exchange Server threats. from Dark Reading https://www.darkreading.com/endpoint/microsoft-adds-emergency-mitigation-tool-for-exchange-server

Dark Reading - Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers

The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services. from Dark Reading https://www.darkreading.com/threat-intelligence/microsoft-warns-of-foggyweb-malware-targeting-ad-fs-servers

Threat Post - 5 Steps to Securing Your Network Perimeter

Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. from Threatpost https://threatpost.com/securing-network-perimeter/175043/

Dark Reading - 7 Ways to Thwart Malicious Insiders

Malicious insider incidents are less frequent than inadvertent user missteps, but they can cost organizations big time. from Dark Reading https://www.darkreading.com/edge-slideshows/7-ways-to-prevent-malicious-insider-risks-at-your-company-

Dark Reading - Thoma Bravo Completes Strategic Investment in Intel 471

Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments. from Dark Reading https://www.darkreading.com/threat-intelligence/thoma-bravo-completes-strategic-investment-in-intel-471

Recorded Future - Correspondent Dina Temple-Raston Joins The Record

Our guest this week is veteran journalist and author Dina Temple-Raston, the newest member of the team at The Record by Recorded Future. Her distinguished career has included assignments at Bloomberg , The New York Sun , and most recently NPR , where she was a member of their Breaking News Investigations team. She shares her own professional story, why she chose to join the team at The Record, and how she sees cybersecurity journalism shaping up in the coming years.      This podcast was produced in partnership with the CyberWire . The post Correspondent Dina Temple-Raston Joins The Record appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-227/

Threat Post - Women, Minorities Are Hacked More Than Others

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests. from Threatpost https://threatpost.com/women-minorities-hacked/175038/

Dark Reading - BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms

Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin. from Dark Reading https://www.darkreading.com/attacks-breaches/bloodystealer-advanced-new-trojan-targets-accounts-of-popular-online-gaming-platforms

Dark Reading - Cloudflare Ventures into Simplifying Email Security

The company adds complex email security technologies — including the alphabet soup of SPF, DKIM, and DMARC — as part of its service. from Dark Reading https://www.darkreading.com/cloud/cloudflare-ventures-into-simplifying-email-security

Dark Reading - Aunalytics Unveils Secure Managed Services with Integrated Security

New service stack combines mission critical IT services leveraging zero trust end-to-end security to ensure people and data are protected regardless of location. from Dark Reading https://www.darkreading.com/operations/aunalytics-unveils-secure-managed-services-with-integrated-security

Dark Reading - Zero Trust Comes to Industry's Broadest Cybersecurity Platform

Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making. from Dark Reading https://www.darkreading.com/operations/zero-trust-comes-to-industry-s-broadest-cybersecurity-platform

Dark Reading - Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance

FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management. from Dark Reading https://www.darkreading.com/risk/telos-splunk-stackarmor-aws-announce-fasttr-initiative-to-accelerate-compliance

Threat Post - EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany

It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia. from Threatpost https://threatpost.com/eu-russia-ghostwriter-germany/175025/

US-CERT - Vulnerability Summary for the Week of September 20, 2021

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb21-270

Threat Post - 3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.   from Threatpost https://threatpost.com/clubhouse-facebook-data-sale/175023/

Dark Reading - How to Get Started With Zero Trust in a SaaS Environment

Given current business conditions and the prevalence of SaaS technologies, now is the time to take steps toward zero trust. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/how-to-get-started-with-zero-trust-in-a-saas-environment

Rapid 7 - To the Left: Your Guide to Infrastructure as Code for Shifting Left

Image
It's the cloud's world now, and we're all just living in it. The mass migration of organizational infrastructure to the cloud isn't slowing down any time soon — and really, why would it? Cloud computing has allowed developers to move at vastly greater speeds than ever before. And this in turn lets businesses move at greater speeds than ever before. What could go wrong? If you're reading this blog, you probably already know the answer: data security and regulatory compliance. With so much development, testing, and deployment happening all the time, it's far too easy for infrastructure misconfigurations, compliance violations, or other risks to slip through the cracks. Right now, these risks are most often found and addressed at runtime, after the proverbial barn door has already been left open and the horses are long gone. It's obviously not ideal to have developers racing around trying to fix security issues that have already gone live and put the organiz...

SBS CyberSecurity - In The Wild 242

Image
     In The Wild - CyberSecurity Newsletter Welcome to the 242 nd  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            {DOWNLOAD} 5 KEY QUESTIONS TO CONSIDER WHEN RESEARCHING A VCISO SOLUTION SBS Educational Resources Consistent breaches, demand...