Home

Dark Reading

27 June 2022

• Threat Intelligence Services Are Universally Valued by IT Staff
  Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
• Why We're Getting Vulnerability Management Wrong
  Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
• APT Groups Swarming on VMware Servers with Log4Shell
  CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
• Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
  A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
• 7 Steps to Stronger SaaS Security
  Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
• The Cybersecurity Talent Shortage Is a Myth
  We have a tech innovation problem, not a staff retention (or recruitment) problem.
• Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
  Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
• Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
  Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.
• Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings
  Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.
• ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
  ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."

Threatpost

• Google Warns Spyware Being Deployed Against Android, iOS Users
  The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
• Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
  The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
• Gamification of Ethical Hacking and Hacking Esports
  Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
• Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
  Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.
• Elusive ToddyCat APT Targets Microsoft Exchange Servers
  The threat actor targets institutions and companies in Europe and Asia.
• Kazakh Govt. Used Spyware Against Protesters
  Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.
• Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
  A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.
• Voicemail Scam Steals Microsoft Credentials
  Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.
• China-linked APT Flew Under Radar for Decade
  Evidence suggests that a just-discovered APT has been active since 2013.
• State-Sponsored Phishing Attack Targeted Israeli Military Officials
  Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.

The Hacker News

27 June 2022

• Critical Security Flaws Identified in CODESYS ICS Automation Software
  26 June 2022
  CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code
• What Are Shadow IDs, and How Are They Crucial in 2022?
  26 June 2022
  Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool
• Italy Data Protection Authority Warns Websites Against Use of Google Analytics
  26 June 2022
  Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that
• Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons
  26 June 2022
  A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected
• Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
  24 June 2022
  In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you

Naked Security

• OpenSSL issues a bugfix for the previous bugfix
  Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
• S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
  Latest epsiode - listen (or read) now!
• Capital One identity theft hacker finally gets convicted
  It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
• Interpol busts 2000 suspects in phone scamming takedown
  Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
• S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
  Lastest epsiode - listen now!
• Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
  We tried it out to make sure, so you don't have to.
• Murder suspect admits she tracked cheating partner with hidden AirTag
  O! What a tangled web we weave, when first we practise to deceive.
• You’re invited! Join us for a live walkthrough of the “Follina” story…
  Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
• S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
  Latest episode - listen (or read) now!
• SSNDOB Market domains seized, identity theft “brokerage” shut down
  The online identity "brokerage" SSNDOB Market didn't want people to be in any doubt what it was selling.