CyberSecure Specialist

09 May

7 VPN alternatives for securing remote network access

Data Breaches, Malware, Social Engineering

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, it has become the norm for large numbers of employees to regularly work from home, with many only going to the office…

Read More
08 May

RSA Conference 2023 – How AI will infiltrate the world

Information

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications Okay, so there’s this ChatGPT thing layered on top of AI – well, not really, it seems even the practitioners responsible for some of the most impressive machine learning (ML) based products don’t always stick to the basic terminology of their fields of expertise… At RSAC, the niceties of…

Read More
08 May

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

Information

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated Thousands of security professionals descended on San Francisco this week to attend RSA Conference, the world’s leading gathering of the security community. What was the hottest topic at the event? You guessed it – ChatGPT and large language models (LLMs) as such. But while these emerging technologies may have many benefits, they also…

Read More
08 May

APT groups muddying the waters for MSPs

Information

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers ESET telemetry from Q4 2022 saw the start of a new campaign by MuddyWater, a cyberespionage group linked to Iran’s Ministry of Intelligence and Security (MOIS) and active since at least 2017. The group (primarily) targets victims in the Middle East, Asia, Africa, Europe, and North America, focusing on telecommunications companies, governmental organizations, and…

Read More
08 May

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Information, Uncategorized

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they were up to, which would at least help to round out the story. Our approach has therefore been simply to…

Read More
08 May

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

Information, Malware

by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to help would-be cybercriminals target Mac users. The malware peddlers’ focus on Apple fans was clearly reflected in the name they…

Read More
08 May

Tracked by hidden tags? Apple and Google unite to propose safety and security standards…

Information

by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a…

Read More
08 May

New ransomware group CACTUS abuses remote management tools for persistence

Data Breaches, Malware, Social Engineering

A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) tools to achieve persistence on the network. “The name ‘CACTUS’ is derived from the filename provided within the ransom note,…

Read More
08 May

Google Releases Open Source Bazel Plugin for Container Image Security

Information, News

Google last week announced the general availability of ‘rules_oci’, an open source Bazel plugin for building container images. Bazel improves supply chain trust by using dependencies’ integrity hashes. Google uses this build and test tool for creating Distroless base images for Docker. Distroless images too are meant to improve supply chain security, as they are minimal base images that include only what is necessary for applications to run. “Using minimal base images reduces the burden…

Read More
08 May

Review your on-prem ADCS infrastructure before attackers do it for you

Data Breaches, Malware, Social Engineering

Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure.  Recent investigations show that the Department of Justice may have been aware of the potential for a breach months before it happened.…

Read More