CyberSecure Specialist

23 Mar

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Information

by Paul Ducklin DELETED DATA THAT JUST WON’T GO AWAY The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are…

Read More
23 Mar

Google suspends Pinduoduo app over malware concerns

Malware

Google has suspended Chinese agricultural e-commerce app Pinduoduo from Google Play after versions of the app found outside the Google store were flagged as having malware issues. A Google spokesperson told Reuters that the app had been suspended over “security concerns”, adding that “Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect”, in other words, software that prevents the installation of malicious or harmful…

Read More
23 Mar

Russian hacktivists deploy new AresLoader malware via decoy installers

Data Breaches, Malware, Social Engineering

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two…

Read More
23 Mar

CISA, NSA Issue Guidance for IAM Administrators

Information, News

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week announced new guidance for identity and access management (IAM) administrators. A framework for the management of digital identities, IAM covers the business processes, policies, and technologies that ensure user access to data. The basis for proper IAM involves inventorying, auditing, and tracking user identities and access, which represent daunting but necessary operations, especially with state-sponsored groups successfully exploiting vulnerabilities in…

Read More
23 Mar

ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

Attacks, Malware

Email-based security is one of the most effective methods to help prevent malware infections from occurring in the first place. Utilizing proper email security controls, such as AV scanning and sandboxing for attachments, is highly recommended to help prevent malicious files or URLs from being presented to an end user. In cases where a malicious item may make it through, having strong endpoint security controls, such as an EDR, can help prevent a compromise of…

Read More
23 Mar

Nexus Banking Trojan Affecting Android Devices

Attacks, Malware

To protect against Nexus and other Android banking trojans, users should only download apps from official app stores, keep their devices up to date with the latest security patches, and be cautious of suspicious emails and websites. Additionally, users should enable 2FA wherever possible to add an extra layer of security. https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html?&web_view=true

Read More
23 Mar

CISA Releases Industrial Control Systems Advisories

Attacks, Malware

The following ThinServer vulnerabilities are notable: CVE-2023-28756 (CVSS score: 7.5) and CVE-2023-28755 (CVSS score: 9.8), because they could enable an unauthenticated, remote attacker to upload any file to the directory where ThinServer.exe is installed. In addition, a threat actor might use the CVE-2023-28755 vulnerability to replace current executable files with trojanized versions. To reduce security risks, users are urged to update software to the following versions: 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6, and 13.0.2. Versions 6.x…

Read More
23 Mar

Security at the core of Intel’s new vPro platform

Data Breaches, Malware, Social Engineering

Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption to provide better virtualization-based security. In tests conducted by SE Labs and commissioned by Intel,…

Read More
23 Mar

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments

Attacks, Insights, Malware

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to: Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender…

Read More
23 Mar

JCDC Cultivates Pre-Ransomware Notification Capability

Attacks, Insights, Malware

In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including…

Read More