Home

Dark Reading

20 March 2023

• How CISOs Can Work With the CFO to Get the Best Security Budget
  CISOs can and should push back when they're presented with budget costs that affect the business. Here's how.
• Microsoft Azure Warns on Killnet's Growing DDoS Onslaught Against Healthcare
  DDoS cyberattack campaigns from the pro-Russian group have spiked significantly.
• Prancer Announces Integration With ChatGPT for Enhanced Security Assessments
• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug
  Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.
• Technology Firms Delivering Much-Sought Encryption-in-Use
  If the approaches stand up to scrutiny, companies may soon be able to encrypt most databases in a way that allows using data without needing to decrypt to plaintext.
• The Ethics of Network and Security Monitoring
  The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity.
• Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation
  The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.
• Meta Proposes Revamped Approach to Online Kill Chain Frameworks
  A more holistic model beyond MITRE et al is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says.
• Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks
  Attackers are increasingly staying under the radar by using your own tools against you. Only behavioral AI can catch these stealthy attacks.
• $3B Crypto-Mixer Money Laundering Operation Seized by Cops
  The 'ChipMixer' cryptocurrency service for cybercriminals was shut down by law enforcement, and its alleged operator has been charged.

Threatpost

• Student Loan Breach Exposes 2.5M Records
  2.5 million people were affected, in a breach that could spell more trouble down the line.
• Watering Hole Attacks Push ScanBox Keylogger
  Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
• Ransomware Attacks are on the Rise
  Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
• Twitter Whistleblower Complaint: The TL;DR Version
  Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
• Firewall Bug Under Active Attack Triggers CISA Warning
  CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
• Fake Reservation Links Prey on Weary Travelers
  Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
• iPhone Users Urged to Update to Patch 2 Zero-Days
  Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
• Google Patches Chrome’s Fifth Zero-Day of the Year
  An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

The Hacker News

20 March 2023

• Emotet Rises Again: Evades Macro Security via OneNote Attachments
  20 March 2023
  The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A 
• Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
  18 March 2023
  The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim
• Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
  18 March 2023
  U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators were seen
• THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
  18 March 2023
  Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do
• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions
  18 March 2023
  U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,"

Naked Security

• Dangerous Android phone 0-day bugs revealed – patch or work around them now!
  Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
• S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
  Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
• Microsoft fixes two 0-days on Patch Tuesday – update now!
  An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
• Firefox 111 patches 11 holes, but not 1 zero-day among them…
  In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
• Linux gets double-quick double-update to fix kernel Oops!
  Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
• SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
  It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes
• S3 Ep125: When security hardware has security holes [Audio + Text]
  Lastest episode - listen now! (Full transcript inside.)
• Serious Security: TPM 2.0 vulns – is your super-secure data at risk?
  Security bugs in the very code you've been told you must have to improve the security of your computer...
• DoppelPaymer ransomware supsects arrested in Germany and Ukraine
  Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
• Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
  Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?