BuzzSec

Image via Keeper Right Now, Get 30% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That’s why using a strong, unique from The Hacker News https://thehackernews.com/2022/07/stop-putting-your-accounts-at-risk-and.html

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via from The Hacker News https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name  from The Hacker News https://thehackernews.com/2022/07/north-korean-hackers-using-malicious.html

The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams. from Dark Reading https://www.darkreading.com/application-security/security-teams-overwhelmed-bugs-patch-prioritization

In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. from Dark Reading https://www.darkreading.com/black-hat/why-bug-bounty-programs-failing-everyone

The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week. from Dark Reading https://www.darkreading.com/dr-tech/amazon-adds-malware-detection-to-guardduty-tdr-service

It's been 23 years of celebrating all of our fellow System Administrators! Your hard work on daily maintenance of your company's day-to-day computer operations definitely deserves kudos. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/happy-23rd-annual-sysadmin-day-from-knowbe4

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras.  Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the from The Hacker News https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a from The Hacker News https://thehackernews.com/2022/07/researchers-warns-of-increase-in.html

Check out the thirteen new pieces of training content added in July, alongside the always fresh content update highlights and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-july-2022

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to from The Hacker News https://thehackernews.com/2022/07/spanish-police-arrest-2-nuclear-power.html

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain from The Hacker News https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html

Welcome back to The Lost Bots! In this episode, our hosts Jeffrey Gardner, Detection and Response (D&R) Practice Advisor, and Steven Davis, Lead D&R Sales Technical Advisor, walk us through the most hilariously bad and surprisingly accurate depictions of cybersecurity in popular film and television. They chat about back-end inaccuracies, made-up levels of encryption, and pulled power plugs that somehow end cyberattacks. Then they give a shout-out to some of the cinematic treatments that get it right — including a surprising nod to the original 1993 "Jurassic Park." For Season 2, we're publishing new episodes of The Lost Bots on the last Thursday of every month. Check back with us on Thursday, August 31, for Episode 3! Additional reading: 5 SOAR Myths Debunked Simplify SIEM Optimization With InsightIDR 4 Key Statistics to Build a Business Case for an MDR Partner Gimme! Gimme! Gimme! (More Data): What Security Pros Are Saying NEVER MISS A BLOG Get the l

Fresh data on data breach costs from IBM show phishing , business email compromise, and stolen credentials are the longest data breaches to identify and contain. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-based-data-breaches-take-295-days-to-contain-as-data-breaches-soar-to-4.91-million

Malicious USB keys have always been a problem. There is almost no professional penetration testing team that does not drop a handful of USB keys outside of any targeted organization and see success from employees plugging them in and opening boobytrapped documents or running malicious executables. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/beware-of-sophisticated-malicious-usb-keys

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said. from The Hacker News https://thehackernews.com/2022/07/google-delays-blocking-3rd-party.html

The Vulnerability Management team kicked off Q2 by remediating the instances of Spring4Shell (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) vulnerabilities that impacted cybersecurity teams worldwide. We also made several investments to both InsightVM and Nexpose throughout the second quarter that will help improve and better automate vulnerability management for your organization. Let’s dive in! New dashboard cards based on CVSS v3 Severity (InsightVM) CVSS (Common Vulnerability Scoring System) is an open standard for scoring the severity of vulnerabilities; it’s a key metric that organizations use to prioritize risk in their environments. To empower organizations with tools to do this more effectively, we recently duplicated seven CVSS dashboard cards in InsightVM to include a version that sorts the vulnerabilities based on CVSS v3 scores.The v3 CVSS system made some changes to both quantitative and qualitative scores. For example, Log4Shell had a score of 9.3 (high) in v

With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its from The Hacker News https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the from The Hacker News https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html

MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn’t an easy balance to maintain. Customers from The Hacker News https://thehackernews.com/2022/07/top-mssp-ceos-share-7-must-do-tips-for.html

New research from IBM shows four reasons why phishing attacks are still effective and remains the primary attack vector in 41% of cyberattacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ibm-phishing-is-the-most-common-way-to-gain-access-to-victim-networks

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. Both links have lots of technical details; the second contains a list of previously discovered UFEI rootkits. Also relevant are the NSA’s capabilities —now a decade old—in this area. from Schneier on Security https://www.schneier.com/blog/archives/2022/07/new-ufei-rootki

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity from The Hacker News https://thehackernews.com/2022/07/how-to-combat-biggest-security-risks.html

The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. Tracked as CVE-2022-26305, the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of from The Hacker News https://thehackernews.com/2022/07/libreoffice-releases-software-security.html

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or from The Hacker News https://thehackernews.com/2022/07/us-offers-10-million-reward-for.html

We're here with the final installment in our Pain Points: Ransomware Data Disclosure Trends report blog series, and today we're looking at a unique aspect of the report that clarifies not just what ransomware actors choose to disclose, but who discloses what, and how the ransomware landscape has changed over the last two years. Firstly, we should tell you that our research centered around the concept of double extortion. Unlike traditional ransomware attacks, where bad actors take over a victim's network and hold the data hostage for ransom, double extortion takes it a step further and extorts the victim for more money with the threat (and, in some cases, execution) of the release of sensitive data. So not only does a victim experience a ransomware attack, they also experience a data breach, and the additional risk of that data becoming publicly available if they do not pay. According to our research, there have been a handful of major players in the double extortion f

New careers in IT open up for former footballers. from Dark Reading https://www.darkreading.com/careers-and-people/first-cohort-graduates-from-psm-cyber-stars-program-at-liverpool-fc

. from Dark Reading https://www.darkreading.com/attacks-breaches/no-more-ransom-helped-more-than-1-5-million-people-decrypt-their-devices

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure from The Hacker News https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html

Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or from The Hacker News https://thehackernews.com/2022/07/taking-risk-based-approach-to.html

Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target from The Hacker News https://thehackernews.com/2022/07/malicious-iis-extensions-gaining.html

Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook. from Dark Reading https://www.darkreading.com/attacks-breaches/norton-consumer-cyber-safety-pulse-report-phishing-for-new-bait-on-social-media

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/experts-find-similarities-between.html

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/4-steps-financial-industry-can-take-to.html

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […] The post Impacket Defense Basics With an Azure Lab  appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/impacket-defense-basics-with-an-azure-lab/

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/hackers-increasingly-using-webassembly.html

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware. At launch, Lockdown Mode includes the following protections: Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled. Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless t

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html

An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html

With employees reluctant to return to the office following the COVID-19 pandemic, the concept of a well-defined network perimeter has become a thing of the past for many organizations. Attack surfaces continue to expand, and as a result, threat intelligence has taken on even greater importance. Earlier this year, the International Organization for Standardization (ISO) released ISO 27002 , which features a dedicated threat intelligence control (Control 5.7). This control is aimed at helping organizations collect and analyze threat intelligence data more effectively. It also provides guidelines for creating policies that limit the impact of threats. In short, ISO 27002’s Control 5.7 encourages a proactive approach to threat intelligence. Control 5.7 specifies that threat intelligence must be “relevant, perceptive, contextual, and actionable” in order to be effective. It also recommends that organizations consider threat intelligence on three levels: strategic, operational, and tactic

     In The Wild - CyberSecurity Newsletter Welcome to the 285 th     issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Blog: The Golden Rule Of Email SBS Educational Resources Because of the mass amounts of phishing emails targeting victims every day, it is more important now than ever to remembe