Posts

Showing posts from December, 2021

Schneier - Friday Squid Blogging: Deep-Dwelling Squid

We have discovered a squid — (Oegopsida, Magnapinnidae, Magnapinna sp.) — that lives at 6,000 meters deep. :They’re really weird,” says Vecchione. “They drift along with their arms spread out and these really long, skinny, spaghetti-like extensions dangling down underneath them.” Microscopic suckers on those filaments enable the squid to capture their prey. But the squid that Jamieson and Vecchione saw in the footage captured 6,212 meters below the ocean’s surface is a small one. They estimate that its mantle measured 10 centimeters long — ­about a third the size of the largest-known magnapinnid. And the characteristically long extensions observed on other magnapinnids were nowhere to be seen in the video. That could mean, says Vecchione, that this bigfin squid was a juvenile. Research paper . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security http...

Schneier - Apple AirTags Are Being Used to Track People and Cars

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen. Unlike similar tracking products from competitors such as Tile, Apple added features to prevent abuse, including notifications like the one Ms. Estrada received and automatic beeping. (Tile plans to release a feature to prevent the tracking of people next year, a spokeswoman for that company said.) […] A person who doesn’t own an iPhone might have a harder time detecting an unwanted AirTag. AirTags aren’t compatible with Android smartphones. Earlier this month, Apple released an Android app that can scan for AirTags — but you have to be vigilant enough to download it and proactively use it. Apple declined to s...

Threat Post - What the Rise in Cyber-Recon Means for Your Security Strategy

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. from Threatpost https://threatpost.com/rise-cyber-recon-security-strategy/177317/

Dark Reading - Getting Started With Threat-Informed Security Programs

Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks. from Dark Reading https://www.darkreading.com/edge-articles/getting-started-with-threat-informed-security-programs

Threat Post - APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. from Threatpost https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/

Dark Reading - Zero Trust and Access: Protecting the Keys to the Kingdom

Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges. from Dark Reading https://www.darkreading.com/operations/zero-trust-and-access-protecting-the-keys-to-the-kingdom

Dark Reading - In the Fight Against Cybercrime, Takedowns Are Only Temporary

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy. from Dark Reading https://www.darkreading.com/threat-intelligence/takedowns-prove-temporary-tactic-in-cybercrime-fight

Dark Reading - 7 Steps for Navigating a Zero-Trust Journey

Don't think of zero trust as a product. Think of it as "how you actually practice security." from Dark Reading https://www.darkreading.com/edge-slideshows/7-steps-for-navigating-a-zero-trust-journey-

Threat Post - 5 Cybersecurity Trends to Watch in 2022

Here’s what cybersecurity watchers want infosec pros to know heading into 2022.   from Threatpost https://threatpost.com/5-cybersecurity-trends-2022/177273/

Dark Reading - The Log4j Flaw Will Take Years to be Fully Addressed

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team. from Dark Reading https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed

Threat Post - That Toy You Got for Christmas Could Be Spying on You

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. from Threatpost https://threatpost.com/toy-christmas-spying/177288/

KnowBe4 - The Impacts of Phishing Attacks

Image
More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a malware phishing attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-impacts-of-phishing-attacks

Dark Reading - An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks

Ransomware demands a new approach to incident response. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/an-adaptive-security-strategy-is-critical-for-stopping-advanced-attacks

Threat Post - 2021 Wants Another Chance (A Lighter-Side Year in Review)

The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. from Threatpost https://threatpost.com/2021-log4j-year-review-funny-cybersecurity/177215/

Dark Reading - 6 Security-Tech Innovations We're Excited to See in 2022

The details on cybersecurity technologies that we expect to advance rapidly in the coming year. from Dark Reading https://www.darkreading.com/dr-tech/6-security-tech-innovations-we-re-excited-to-see-in-2022

Schneier - Friday Squid Blogging: Squid-Headed Statue Appears in Dallas

Someone left it in a cemetery . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/12/friday-squid-blogging-squid-headed-statue-appears-in-dallas.html

Dark Reading - Log4j: A CISO's Practical Advice

Working together is going to make getting through this problem a lot easier. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/log4j-a-ciso-s-practical-advice

Threat Post - Telegram Abused to Steal Crypto-Wallet Credentials

Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. from Threatpost https://threatpost.com/telegram-steal-crypto-wallet-credentials/177266/

Threat Post - ‘Spider-Man: No Way Home’ Download Installs Cryptominer

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. from Threatpost https://threatpost.com/spider-man-no-way-home-download-installs-cryptominer/177254/

Dark Reading - The Future of Work Has Changed, and Your Security Mindset Needs to Follow

VPNs have become a vulnerability that puts organizations at risk of cyberattacks. from Dark Reading https://www.darkreading.com/attacks-breaches/the-future-of-work-has-changed-and-your-security-mindset-needs-to-follow

KnowBe4 - Having an Efficient Security Awareness Training Program

Image
I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test what scams a worker will easily recognize and which ones they need more education on. KnowBe4’s product helps administrators figure out exactly who needs more education and on what topics. We know that customers who more consistently and frequently educate and test their co-workers reduce cybersecurity risk lower than those who do not. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/having-an-efficient-security-awareness-training-program

Dark Reading - 7 of the Most Impactful Cybersecurity Incidents of 2021

There was a lot to learn from breaches, vulnerabilities, and attacks this year. from Dark Reading https://www.darkreading.com/attacks-breaches/6-of-the-most-impactful-cybersecurity-incidents-of-2021

US-CERT - Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/alerts/aa21-356a

US-CERT - Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities

Dark Reading - Future of Identity-Based Security: All-in-One Platforms or Do-It-Yourself Solutions?

The functionality of all-in-one platforms is being deconstructed into a smorgasbord of services that can be used to develop bespoke end-user security procedures for specific work groups, lines of businesses, or customer communities. from Dark Reading https://www.darkreading.com/operations/future-of-identity-based-security-all-in-one-platforms-or-do-it-yourself-solutions-

Threat Post - Four Bugs in Microsoft Teams Left Platform Vulnerable Since March

Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. from Threatpost https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/

Threat Post - Half-Billion Compromised Credentials Lurking on Open Cloud Server

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. from Threatpost https://threatpost.com/half-billion-compromised-credentials-cloud-server/177202/

Threat Post - Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. from Threatpost https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/

Recorded Future - China’s Narrative War on Democracy

Image
“Battles are won with kinetics, but wars are won with influence.” -Ajit Maan China’s entire propaganda system is working at full force in the largest Chinese state-sponsored overt influence campaign to date observed by Recorded Future. The narrative warfare operation, which aims to reshape global definitions of democracy, criticize American democracy, and position China as a democracy itself, has been amplified by nearly every Chinese state-affiliated media outlet and spokesperson and dozens of state-hired influencers. With thousands of social media posts, dozens of cartoons and memes, news articles and academic reports, panel discussions, and videos that criticize US democracy, the narrative they are pushing is simple: US democracy is harming the world; trust China’s “whole-process people’s democracy” instead. This ongoing messaging, which began on December 2, 2021, is particularly aimed at global, English-language audiences outside of China and likely began as a preemptive defen...

US-CERT - Vulnerability Summary for the Week of December 13, 2021

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb21-355

Dark Reading - How is Zero Trust Evolving to be More Continuous in Verifying Trust?

For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/how-is-zero-trust-evolving-to-be-more-continuous-in-verifying-trust-

Recorded Future - DDoS Defenses Divide and Conquer

Image
Distributed Denial of Services attacks continue to grow in size, frequency and sophistication, and it’s in every organization’s best interest to properly prepare themselves against this sort of online attack.  The team at Cloudflare recently published their 2021 Q3 report on DDoS, outlining their observations and recommendations for mitigating DDoS attacks. Joining us is John Graham-Cumming, CTO at Cloudflare , to share his insights on the state of the DDoS threat, and where things may be headed.               This podcast was produced in partnership with the CyberWire . The post DDoS Defenses Divide and Conquer appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-239/

KnowBe4 - Spam Calling Rates Spike Globally

Image
Spam calls in the US spiked in October, according to Truecaller’s annual Global Spam Report . The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spam-calling-rates-spike

Dark Reading - BlackBerry Launches New Managed Extended Detection and Response (XDR) Service

Company partners with Exabeam to launch update to its BlackBerry Guard managed detection and response (MDR) service. from Dark Reading https://www.darkreading.com/attacks-breaches/blackberry-launches-new-managed-extended-detection-and-response-xdr-service

Dark Reading - SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security

While the shipping industry's cyber posture was better than companies in the Forbes Global 2000, the industry performed lower in key risk group factors. from Dark Reading https://www.darkreading.com/attacks-breaches/securityscorecard-research-reveals-cyber-vulnerabilities-pose-a-threat-to-u-s-maritime-security

Dark Reading - Trend Micro Crowns Champions of 2021 Capture the Flag Competition

Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning. from Dark Reading https://www.darkreading.com/careers-and-people/trend-micro-crowns-champions-of-2021-capture-the-flag-competition

Dark Reading - Reblaze Appoints New CEO

Ziv Oren previously held the position of chief operations officer at the company. from Dark Reading https://www.darkreading.com/application-security/reblaze-appoints-new-ceo

Dark Reading - Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022

Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar. from Dark Reading https://www.darkreading.com/operations/four-out-of-five-organizations-are-increasing-cybersecurity-budgets-for-2022

Recorded Future - Are Ransomware Attacks Slowing Down? It Depends on Where You Look

Image
I need to get a few disclaimers out of the way first: Ransomware attacks in 2021 are going to surpass the number of attacks in 2020 significantly. This data is preliminary and based on publicly reported data, but it does show interesting trends. There are always observability problems with ransomware. No one sees the full picture of ransomware attacks. 2021 has seen unprecedented global law enforcement action taken against ransomware groups. The 30-nation ransomware task force led by the United States appears to be seeing early success with almost weekly announcements against ransomware groups, some of which are shown in Figure 1:  Figure 1 : Some of the law enforcement action taken against ransomware groups in 2021 (Source: Recorded Future)   While there is little doubt that continued and consistent law enforcement action against ransomware groups is needed, there have been questions about whether these actions would slow down ransomware attacks.  It is too...

KnowBe4 - Whitelisting On Known Headers Not Recommended

Image
We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/whitelisting-on-known-headers-not-recommended

Threat Post - Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. from Threatpost https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/

Dark Reading - Lights Out: Cyberattacks Shut Down Building Automation Systems

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them. from Dark Reading https://www.darkreading.com/attacks-breaches/lights-out-cyberattacks-shut-down-building-automation-systems

Dark Reading - Zero Trust Shouldn’t Mean Zero Trust in Employees

Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure. from Dark Reading https://www.darkreading.com/endpoint/zero-trust-shouldn-t-mean-zero-trust-in-employees

Rapid 7 - Metasploit Wrap-Up

Image
Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. This module has been successfully tested with: Apache Solr Apache Struts2 Spring Boot Example usage: msf6 > use auxiliary/scanner/http/log4shell_scanner msf6 auxiliary(scanner/http/log4shell_scanner) > set RHOSTS 192.168.159.128 RHOSTS => 192.168.159.128 msf6 auxiliary(scanner/http/log4shell_scanner) > set SRVHOST 192.168.159.128 SRVHOST => 192.168.159.128 msf6 auxiliary(scanner/http/log4shell_scanner) > set R...

Dark Reading - PseudoManuscrypt Malware Targeted Government & ICS Systems in 2021

The "PseudoManuscrypt" operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry. from Dark Reading https://www.darkreading.com/threat-intelligence/pseudomanuscrypt-malware-targeted-government-ics-systems-in-2021

Dark Reading - Time to Reset the Idea of Zero Trust

CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge. from Dark Reading https://www.darkreading.com/crowdstrike/time-to-reset-the-idea-of-zero-trust

Dark Reading - CISA Issues Emergency Directive on Log4j

The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it. from Dark Reading https://www.darkreading.com/threat-intelligence/cisa-issues-emergency-directive-on-log4j

US-CERT - CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache

Threat Post - Convergence Ahoy: Get Ready for Cloud-Based Ransomware

Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. from Threatpost https://threatpost.com/cloud-ransomware-convergence/177112/

Dark Reading - Is Data Security Worthless if the Data Life Cycle Lacks Clarity?

If you cannot track, access, or audit data at every stage of the process, then you can't claim your data is secure. from Dark Reading https://www.darkreading.com/risk/is-data-security-worthless-if-the-data-lifecycle-lacks-clarity-

Recorded Future - 5 Common Ransomware ATT&CK Techniques

Image
Editor’s Note : The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Insikt Group determined MITRE ATT&CK TTPs used by ransomware. The intended audiences for this report are SOC analysts and those interested in threat hunting. Executive Summary Ransomware continues to evade detection and infect enterprise networks of every industry. Defenders need to continually mature their dynamic detections, such as Sigma rules, to detect and stop a ransomware attack. Insikt Group analyzed common techniques used by ransomware operators, mapped them to the MITRE ATT&CK framework, and developed 5 Sigma rules to detect these techniques, which are available to Recorded Future clients.  The ATT&CK techniques highlighted in this research align with Insikt Group’s 2020 Top MITRE ATT&CK Techniques report, where the Defense Evasion tactic was the most commonly seen tactic in 2020.  The 5 ransomware techn...

Recorded Future - Using Intelligence to Defend Two of the World’s Largest Cities

Image
How do you protect the two most populous cities in the United States? New York City and Los Angeles have a combined population of over 12 million people and cover vast swaths of land. The differences between the two cities are well documented—cultural, weather, geography, etc.—but when it comes to securing the cities against threats the two cities are more alike than different.  During Predict 21: The Intelligence Summit , hosted by Recorded Future, a discussion was held with Geoff Brown, Chief Information Security Officer for the City of New York, and Timothy Lee, Chief Information Security Officer for the City of Los Angeles. The session was moderated by Niloofar Razi Howe, an executive, investor, and entrepreneur who served as Chief Strategy Officer and Senior Vice President of Strategy and Operations at RSA. To start the discussion both Brown and Lee kicked off with a description of the breadth of the threats they face, as well as the impact they have.  “The vision fo...

KnowBe4 - [EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful

Image
A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together with a company that remained anonymous. The company did not inform their employees about the simulated phishing program they were going to be part of. The four goals of the study were to determine: from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eye-opener-new-eu-phishing-study-shows-that-crowd-sourcing-phishing-defense-is-successful

Threat Post - Conti Gang Suspected of Ransomware Attack on McMenamins

The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. from Threatpost https://threatpost.com/conti-gang-ransomware-attack-mcmenamins/177119/

Dark Reading - Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API

The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic. from Dark Reading https://www.darkreading.com/dr-tech/mobile-app-developers-keep-fraudulent-traffic-at-bay-with-anti-fraud-api

Krebs - NY Man Pleads Guilty in $20 Million SIM Swap Theft

Image
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court. In May 2019, the jury awarded Terpin a $75.8 million judgment against Truglia. In January 2020, a New York gr...