Posts

Showing posts from October, 2021

Krebs - ‘Trojan Source’ Bug Threatens the Security of All Code

Image
Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode , which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis). Specifically, the weakness involves Unicode’s bi-directional or “ Bidi” algorithm , which handles

Dark Reading - Enterprises Allocating More IT Dollars on Cybersecurity

Enterprises are allocating more IT dollars towards implementing a multilayered approach to securing data and applications against new threats, data shows. from Dark Reading https://www.darkreading.com/tech-trends/enterprises-allocating-more-it-dollars-on-cybersecurity

Dark Reading - Snyk Agrees to Acquire CloudSkiff, Creators of driftctl

New capabilities allow Snyk Infrastructure as Code customers to more effectively detect infrastructure drift. from Dark Reading https://www.darkreading.com/application-security/snyk-agrees-to-acquire-cloudskiff-creators-of-driftctl

Schneier - Friday Squid Blogging: Squid Game Has a Cryptocurrency

In what maybe peak hype, Squid Game has its own cryptocurrency . Not in the fictional show, but in real life. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/10/friday-squid-blogging-squid-game-has-a-cryptocurrency.html

Dark Reading - APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm

A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors. from Dark Reading https://www.darkreading.com/threat-intelligence/apts-teleworking-and-advanced-vpn-exploits-the-perfect-storm

Dark Reading - Cybercriminals Take Aim at Connected Car Infrastructure

While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs. from Dark Reading https://www.darkreading.com/attacks-breaches/cybercriminals-take-aim-at-connected-car-infrastructure

Dark Reading - Russian National Accused of Role in Trickbot Is Extradited to US

Court documents say Vladimir Dunaev is alleged to have been a malware developer for the Trickbot Group. from Dark Reading https://www.darkreading.com/attacks-breaches/russian-national-accused-of-role-in-trickbot-is-extradited-to-us

Rapid 7 - Metasploit Wrap-Up

Image
OMIGOD It's RCE We are excited to announce that we now have a module for the OMIGOD vulnerability that exploits CVE-2021-38647 courtesy of our very own Spencer McIntyre! Successful exploitation will allow an unauthenticated attacker to gain root level code execution against affected servers. Given that this has seen exploitation in the wild by the Mirai botnet, we hope you're patched, lest your servers decide to join the zombie horde this Halloween! Sophos Contributes to the RCE Pile Continuing the trend of unauthenticated RCE exploits that grant root level code execution, this week we also have an exploit for CVE-2020-25223 , an unauthenticated RCE within the Sophos UTM WebAdmin service. Whilst we haven't yet seen exploitation in the wild of this bug, this is definitely one to patch given its severity. Stay frosty folks! Guess Who’s Back, Back Again, Apache's Back, Tell a Friend Whilst not a marshalling bug (I'm sorry, it's Halloween some puns are need

KnowBe4 - Multi-Stage Vishing Attacks are Coming to an Inbox Near You

Image
New attacks initially coming in via email are directing victims to make phone calls to attacker-controlled call centers in order to provide banking and credit card details. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/multi-stage-vishing-attacks-are-coming-to-an-inbox-near-you

KnowBe4 - Eight Romance Phishing Scammers with Ties to Nigerian Organized Crime Arrested After Stealing Nearly $7 Million

Image
This latest arrest by the South African Police Service (SAPS) demonstrates how romance scams that have been around for decades remain alive and well… and profitable. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eight-romance-phishing-scammers-with-ties-to-nigerian-organized-crime-arrested-after-stealing-nearly-7-million

KnowBe4 - Over Half of all Impersonation Attacks Target Non-Executive Employees

Image
A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/over-half-of-all-impersonation-attacks-target-non-executive-employees

Dark Reading - Cybercriminals Take Aim at Connected Car Infrastructure

While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs. from Dark Reading https://www.darkreading.com/iot/cybercriminals-take-aim-at-connected-car-infrastructure

Threat Post - Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency. from Threatpost https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/

Dark Reading - What Exactly Is Secure Access Service Edge (SASE)?

Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/what-exactly-is-secure-access-service-edge-sase-

US-CERT - Google Releases Security Updates for Chrome

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/google-releases-security-updates-chrome

KnowBe4 - KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data [INFOGRAPHIC]

Image
KnowBe4's latest quarterly report on top-clicked   phishing   email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and 'in the wild' attacks . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/q3-2021-top-clicked-phishing-report-infographic-with-global-data

US-CERT - GoCD Authentication Vulnerability

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/gocd-authentication-vulnerability

Dark Reading - A Treehouse of Security Horrors

True-life horrors from conversations with software engineers and developers. D'oh! from Dark Reading https://www.darkreading.com/vulnerabilities-threats/a-treehouse-of-security-horrors

Dark Reading - Finding the Right Approach to Cloud Security Posture Management (CSPM)

Cloud security is maturing — it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM. from Dark Reading https://www.darkreading.com/cloud/finding-the-right-approach-to-cloud-security-posture-management-cspm-

Rapid 7 - 2022 Planning: Straight Talk on Zero Trust

Image
“Zero trust" is increasingly being heralded as the ultimate solution for organizational cyber safety and resilience — but what does it really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022? In this post, we'll answer those questions by taking a look at what problems the concept of zero trust is trying to solve, what types of people, process, and technology are necessary for successful zero-trust implementations, and what mindset changes your organization many need to make to be fully ready for this new defender paradigm in the year to come. What is zero trust? At the core, the concept of zero trust is just what those two words suggest: every human, endpoint, mobile device, server, network component, network connection, application workload, business process, and flow of data is inherently untrusted . As such, they each must be authenticated and authorized continuously as each transaction is performed,

Dark Reading - 6 Ways to Rewrite the Impossible Job Description

It's hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates. from Dark Reading https://www.darkreading.com/edge-slideshows/6-ways-to-rewrite-the-impossible-job-description

Threat Post - All Sectors Are Now Prey as Cyber Threats Expand Targeting

Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It's time for everyone to strengthen the kill chain. from Threatpost https://threatpost.com/cyber-threats-targeting-all-sectors/175873/

Dark Reading - Top Hardware Weaknesses List Debuts

CWE list aimed at designers and programmers to avoid key hardware weaknesses early in product development. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/top-hardware-weaknesses-list-debuts

Dark Reading - SEO Poisoning Used to Distribute Ransomware

This tactic - used to distribute REvil ransomware and the SolarMarker backdoor - is part of a broader increase in such attacks in recent months, researchers say. from Dark Reading https://www.darkreading.com/attacks-breaches/seo-poisoning-used-to-distribute-ransomware

Dark Reading - ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round

The $200M Series D represents the company's largest funding round to date. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/ics-security-firm-dragos-reaches-1-7b-valuation-in-latest-funding-round

Dark Reading - Ordr Unveils Cybersecurity Innovations and Ransom-Aware Rapid Assessment Service to Expand Its Leadership In Connected Device Security

Enhanced ransomware detection, visualization of ransomware communications, and risk customization helps organizations respond to cyberattacks in minutes. from Dark Reading https://www.darkreading.com/attacks-breaches/ordr-unveils-cybersecurity-innovations-and-ransom-aware-rapid-assessment-service-to-expand-its-leadership-in-connected-device-security

Dark Reading - NSA-CISA Series on Securing 5G Cloud Infrastructures

CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. from Dark Reading https://www.darkreading.com/cloud/nsa-cisa-series-on-securing-5g-cloud-infrastructures

Dark Reading - Tech Companies Create Security Baseline for Enterprise Software

The Minimum Viable Secure Product is written as a checklist of minimum-security requirements for business-to-business software. from Dark Reading https://www.darkreading.com/application-security/tech-companies-create-security-baseline-for-enterprise-software

Threat Post - Suspected REvil Gang Insider Identified

German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang. from Threatpost https://threatpost.com/revil-ransomware-core-member/175863/

Dark Reading - US to Create Diplomatic Bureau to Lead Cybersecurity Policy

As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy. from Dark Reading https://www.darkreading.com/risk/us-to-create-diplomatic-bureau-to-lead-cybersecurity-policy

Dark Reading - Stop Zero-Day Ransomware Cold With AI

AI can help recognize ransomware attacks and stop them at computer speed. from Dark Reading https://www.darkreading.com/emerging-tech/stop-zero-day-ransomware-cold-with-ai

Krebs - Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Image
In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number. The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information. When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company. In a written response, Signe

Rapid 7 - Sneaking Through Windows: Infostealer Malware Masquerades as Windows Application

Image
This post also includes contributions from Reese Lewis, Andrew Christian, and Seth Lazarus. Rapid7's Managed Detection and Response (MDR) team leverages specialized toolsets, malware analysis, tradecraft, and collaboration with our colleagues on the Threat Intelligence and Detection Engineering (TIDE) team to detect and remediate threats. Recently, we identified a malware campaign whose payload installs itself as a Windows application after delivery via a browser ad service and bypasses User Account Control (UAC) by abusing a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privileges. The malware is classified as a stealer, which intends to steal sensitive data from an infected asset (such as browser credentials and cryptocurrency), prevent browser updates, and allow for arbitrary command execution. Detection The MDR SOC first became aware of this malware campaign upon analysis of “UAC Bypass - Disk Cleanup Utility” and

Recorded Future - Termination of Federal Unemployment Programs Represents Turning Point for Fraudsters

Image
Since early 2020, Recorded Future has continued to witness prominent changes within underground communities in response to COVID-19 including an interest in defrauding government entities via fraudulent unemployment benefit applications. As detailed in our general reporting on the threat landscape of unemployment fraud earlier this year, criminals continued to use a variety of methods with relative ease, contributing to a growing marketplace that saw topics such as Pandemic Unemployment Assistance (PUA) appear as a sub-category within underground marketplaces that offered fraudulent tutorials or methods for aspiring criminals. In addition to these tutorials, we occasionally observed the sale of compromised account information that came bundled with tutorials on how to best profit off the stolen information. This past month, however, has served as a critical turning point for this general landscape with The CARES Act and other federal programs that provided unemployment benefits for