Posts

Showing posts from April, 2022

Dark Reading - Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack

QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/critical-vulnerabilities-qnap-synology-nas-rce

Dark Reading - Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say. from Dark Reading https://www.darkreading.com/attacks-breaches/cloudflare-flags-largest-https-ddos-attack-it-s-ever-recorded

Schneier - Video Conferencing Apps Sometimes Ignore the Mute Button

New research: “ Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to analyze users’ understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio in many popular VCAs as it traverses the app from the audio driver to the net...

Dark Reading - Take a Diversified Approach to Encryption

Encryption will break, so it's important to mix and layer different encryption methods. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/take-a-diversified-approach-to-encryption

Dark Reading - Ambient.ai Expands Computer Vision Capabilities for Better Building Security

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds. from Dark Reading https://www.darkreading.com/emerging-tech/ambient-ai-expands-computer-vision-capabilities-for-better-building-security

Threat Post - Security Turbulence in the Cloud: Survey Says…

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. from Threatpost https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/

Threat Post - Cyberespionage APT Now Identified as Three Separate Actors

The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets. from Threatpost https://threatpost.com/apt-id-3-separate-actors/179435/

Dark Reading - Explainable AI for Fraud Prevention

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability especially when machine learning models appear in high-risk environments. from Dark Reading https://www.darkreading.com/analytics/explainable-ai-for-fraud-prevention

Threat Post - Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. from Threatpost https://threatpost.com/github-repos-stolen-oauth-tokens/179427/

KnowBe4 - Criminal Gang Impersonates Russian Government in Phishing Campaign

Image
Researchers at IBM Security X-Force are tracking a financially motivated cybercriminal group called “Hive0117” that’s impersonating a Russian government agency to target users in Eastern Europe. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/criminal-gang-impersonates-russian-government-in-phishing-campaign

Dark Reading - A Peek into Visa's AI Tools Against Fraud

Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low. from Dark Reading https://www.darkreading.com/edge-articles/a-peek-into-visa-s-ai-tools-against-fraud

Threat Post - Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure. from Threatpost https://threatpost.com/cyberwar-ukraine-military/179421/

Dark Reading - How Industry Leaders Should Approach Open Source Security

Here's how to reduce security risk and gain the benefits of open source software. from Dark Reading https://www.darkreading.com/risk/how-industry-leaders-should-approach-open-source-security

Threat Post - Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. from Threatpost https://threatpost.com/java-apps-vulnerable-log4shell/179397/

Threat Post - Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. from Threatpost https://threatpost.com/hackers-target-journalists-goldbackdoor/179389/

Threat Post - Lapsus$ Hackers Target T-Mobile

No government and customer data was accessed. from Threatpost https://threatpost.com/lapsus-hackers-target-t-mobile/179384/

Schneier - SMS Phishing Attacks are on the Rise

SMS phishing attacks — annoyingly called “smishing” — are becoming more common . I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.” from Schneier on Security https://www.schneier.com/blog/archives/2022/04/sms-phishing-attacks-are-on-the-rise.html

Dark Reading - Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management

. from Dark Reading https://www.darkreading.com/operations/fortress-information-security-receives-125m-strategic-investment-from-goldman-sachs-asset-management

Dark Reading - Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020. from Dark Reading https://www.darkreading.com/attacks-breaches/comcast-business-2021-ddos-threat-report-ddos-becomes-a-bigger-priority-as-multivector-attacks-are-on-the-rise

Dark Reading - Creating Cyberattack Resilience in Modern Education Environments

From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/creating-cyberattack-resilience-in-modern-education-environments

Threat Post - Zero-Trust For All: A Practical Guide

How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. from Threatpost https://threatpost.com/zero-trust-guide/179377/

Schneier - Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […] ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid. […] For the process to work correctly, neither R nor S can ever be a zero. That’s because one side of the equation is R, and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 = 0 X (other values from the private key and hash), which will be true regardless o...

Threat Post - Skeletons in the Closet: Security 101 Takes a Backseat to 0-days

Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches. from Threatpost https://threatpost.com/security-101-takes-a-backseat-to-0-days/179374/

KnowBe4 - UK Information Commissioner: Many Cybersecurity Incidents are “Preventable”

Image
In a recent article about the largest cyberthreats currently facing the UK , John Edwards – the UK’s newly-appointed information commissioner- talks about the need for a security culture in the workplace. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/uk-information-commissioner-many-cybersecurity-incidents-preventable

Dark Reading - 3 Ways We Can Improve Cybersecurity

To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/3-ways-we-can-improve-cybersecurity

KnowBe4 - Critical: CISA Warns of Potential Attacks on Infrastructure by Russian State-Sponsored and Criminal Cyber Gangs

Image
In a joint multi-country cybersecurity advisory (CSA), governments are warning their respective critical infrastructure organizations to be vigilant against increased malicious cyber threat activity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cisa-warns-of-potential-russian-cybercrime-infrastructure-attacks

Dark Reading - Adversaries Look for "Attackability" When Selecting Targets

A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff. from Dark Reading https://www.darkreading.com/edge-threat-monitor/adversaries-look-for-attackability-when-selecting-targets

Schneier - Long Article on NSO Group

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists. from Schneier on Security https://www.schneier.com/blog/archives/2022/04/long-article-on-nso-group.html

Dark Reading - Backward-Compatible Post-Quantum Communications Is a Matter of National Security

When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive. from Dark Reading https://www.darkreading.com/edge-articles/backward-compatible-post-quantum-communications-is-a-matter-of-national-security

Dark Reading - From Passive Recovery to Active Readiness

This is the shift that companies need to make after a cyberattack. from Dark Reading https://www.darkreading.com/threat-intelligence/from-passive-recovery-to-active-readiness

Schneier - Clever Cryptocurrency Theft

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own. A clever hacker used a “flash loan” feature of another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then approved a $182 million transfer to his own wallet. It is insane to me that cryptocurrencies are still a thing. from Schneier on Security https://www.schneier.com/blog/archives/2022/04/clever-cryptocurrency-theft.html

Dark Reading - Fortress Tackles Supply Chain Security, One Asset at a Time

Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information. from Dark Reading https://www.darkreading.com/emerging-tech/fortress-tackles-supply-chain-security-one-asset-at-a-time

Threat Post - Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. from Threatpost https://threatpost.com/google-2021-0-days/179355/

Dark Reading - Verica Launches Prowler Pro to Make AWS Security Simpler for Customers

The enterprise grade solution will provide enhanced cloud security and provide new open-source tools. from Dark Reading https://www.darkreading.com/cloud/verica-launches-prowler-pro-to-make-aws-security-simpler-for-customers

KnowBe4 - Social Engineering Campaign against African Banks

Image
A phishing campaign is targeting African banks with a technique called “HTML smuggling” to bypass security filters, according to threat researchers at HP . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/social-engineering-campaign-against-african-banks

KnowBe4 - “Being Annoying” as a Social Engineering Approach

Image
Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are using this technique. Researchers at Mandiant observed the Russian state-sponsored actor Cozy Bear launching repeated MFA prompts until the user accepted the request. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/being-annoying-as-a-social-engineering-approach

SBS CyberSecurity - In the Wild 271

Image
     In The Wild - CyberSecurity Newsletter Welcome to the 271 st  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Behind the Hack: How Employee Handling of Phishing Emails Can Allow a Hacker Inside Your Network SBS Educational Resources Dur...