CyberSecure Specialist

08 May

APT groups muddying the waters for MSPs

Information

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers ESET telemetry from Q4 2022 saw the start of a new campaign by MuddyWater, a cyberespionage group linked to Iran’s Ministry of Intelligence and Security (MOIS) and active since at least 2017. The group (primarily) targets victims in the Middle East, Asia, Africa, Europe, and North America, focusing on telecommunications companies, governmental organizations, and…

Read More
08 May

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Information, Uncategorized

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they were up to, which would at least help to round out the story. Our approach has therefore been simply to…

Read More
08 May

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

Information, Malware

by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to help would-be cybercriminals target Mac users. The malware peddlers’ focus on Apple fans was clearly reflected in the name they…

Read More
08 May

Tracked by hidden tags? Apple and Google unite to propose safety and security standards…

Information

by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a…

Read More
08 May

New ransomware group CACTUS abuses remote management tools for persistence

Data Breaches, Malware, Social Engineering

A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) tools to achieve persistence on the network. “The name ‘CACTUS’ is derived from the filename provided within the ransom note,…

Read More
08 May

Google Releases Open Source Bazel Plugin for Container Image Security

Information, News

Google last week announced the general availability of ‘rules_oci’, an open source Bazel plugin for building container images. Bazel improves supply chain trust by using dependencies’ integrity hashes. Google uses this build and test tool for creating Distroless base images for Docker. Distroless images too are meant to improve supply chain security, as they are minimal base images that include only what is necessary for applications to run. “Using minimal base images reduces the burden…

Read More
08 May

Review your on-prem ADCS infrastructure before attackers do it for you

Data Breaches, Malware, Social Engineering

Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure.  Recent investigations show that the Department of Justice may have been aware of the potential for a breach months before it happened.…

Read More
07 May

Using Discord? Don’t play down its privacy and security risks

Information

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut There are several tools or software applications that enable us to stay connected with our fellow teammates even during gameplay, with the best of them having a low impact on our network connection while allowing important elements like tap-to-talk or messaging capabilities. Discord is one of the online services…

Read More
07 May

Creating strong, yet user‑friendly passwords: Tips for your business password policy

Information

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization When engineer Bill Burr from the U.S. National Institute of Standards and Technology (NIST) wrote in 2003 what would soon become the world’s gold standard for password security, he advised people and organizations to protect their accounts by inventing long and ‘chaotic’ lines of characters, numbers, and…

Read More
07 May

APTs target MSP access to customer networks – Week in security with Tony Anscombe

Information

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers Managed service providers (MSPs) that don’t consider themselves targets for state-aligned threat actors may need to think again. While many people may associate advanced persistent threat (APT) groups with cyberespionage targeting only state agencies and large corporations, the fact is that…

Read More