Home

Dark Reading

28 September 2022

• Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continue to Grow
  ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.
• Most Attackers Need Less Than 10 Hours to Find Weaknesses
  Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
• Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings
  Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.
• Amid Sweeping Change, Cyber Defenders Face Escalating Visibility — and Pressure
  Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.
• FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports
  Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
• Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop
  Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.
• Lessons From the GitHub Cybersecurity Breach
  This Tech Tip outlines three steps security teams should take to protect information stored in Salesforce.
• 4 Data Security Best Practices You Should Know
  There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.
• Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods According to NETSCOUT Report
  TCP-based, DNS water-torture, and carpet-bombing attacks dominate the DDoS threat landscape, while Ireland, India, Taiwan, and Finland are battered by DDoS attacks resulting from the Russia/Ukraine war.
• Netography Upgrades Platform to Provide Scalable, Continuous Network Security and Visibility
  Netography Fusion® gives security and cloud operations teams visibility and control of network traffic and context across users, applications, data, and devices.

Threatpost

• Student Loan Breach Exposes 2.5M Records
  2.5 million people were affected, in a breach that could spell more trouble down the line.
• Watering Hole Attacks Push ScanBox Keylogger
  Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
• Ransomware Attacks are on the Rise
  Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
• Twitter Whistleblower Complaint: The TL;DR Version
  Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
• Firewall Bug Under Active Attack Triggers CISA Warning
  CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
• Fake Reservation Links Prey on Weary Travelers
  Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
• iPhone Users Urged to Update to Patch 2 Zero-Days
  Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
• Google Patches Chrome’s Fifth Zero-Day of the Year
  An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

The Hacker News

28 September 2022

• Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware
  28 September 2022
  A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for €
• Improve your security posture with Wazuh, a free and open source XDR
  28 September 2022
  Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of
• Hackers Using PowerPoint Mouseover Trick to Infect System with Malware
  28 September 2022
  The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a
• Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China
  28 September 2022
  Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes
• Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely
  28 September 2022
  WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and

Naked Security

• WhatsApp “zero-day exploit” news scare – what you need to know
  Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
• Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?
  Is this the same suspect as before? Is he part of LAPSUS$? Is this the man who hacked Uber and Rockstar? And, if so, who else?
• Morgan Stanley fined millions for selling off devices full of customer PII
  Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...
• S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
  Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...
• Interested in cybersecurity? Join us for Security SOS Week 2022!
  Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.
• LastPass source code breach – incident response report released
  Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.
• S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]
  Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."
• UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you
  Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"
• S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]
  Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
• Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!
  Simple but super-sneaky - use a picture of a browser, and convince people it's real...