Continuous Monitoring and Protection
All macOS users are highly recommended to not download or use pirated apps that claim to be an authentic app at a highly discounted rate. When researching apps, users should only download the app from the legitimate Apple store and from the original author of the app. https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html
Read MoreThe threat of leaking data if a ransom is not paid is a common tactic amongst ransomware actors. In this case, the group would still leak data even if ransom was paid. By using this model, the group was setting themselves up to not get paid by anyone because there would be no benefit to paying. Although this is a risk taken by companies paying a ransom, most groups do not follow this model to…
Read MoreThis new recommendation from Microsoft demonstrates how adding over-encompassing AV exclusions can negatively impact and organization’s security. Especially in the current threat landscape, many actors make use of PowerShell and malicious IIS extensions to perform their attacks. Having these exclusions in place allows for a large gap in visibility where the threat actors can go unnoticed. On top of removing these exclusions and following the other recommendations from Microsoft, it is also recommended to frequently…
Read MoreAs security teams look to foundational strategies to protect corporate assets, the reduction of attack surface throughout the organization has taken center stage. All sessions from SecurityWeek’s 2023 Attack Surface Management Summit are now available to watch on demand. If you missed any sessions, you can watch them now in the virtual conference center: Fireside Chat With Jason Chan, Former Netflix Security Chief What Our 2022 Data Reveals About the Most Pressing Exposures on Your Attack…
Read MoreMarking the first anniversary of Russia’s war against Ukraine, several cybersecurity companies have published reports summarizing the impact of various types of cyber operations, just as the United States has issued a fresh warning for the West. In the weeks before and immediately after Russia launched its war against Ukraine on February 24, 2022, Russia appeared to intensify its attacks in cyberspace, with distributed denial-of-service (DDoS) attacks, disruptive wiper malware, and misinformation campaigns. While everyone…
Read MoreThe biggest military cyberwarfare exercise in Western Europe took place recently in Estonia. A total of 34 teams from 11 countries took part in a live-fire cyber battle. Countries such as the US, UK, Japan, India, Italy, Estonia, Ukraine, Ghana, Kenya and Oman were represented by 750 experts at the Defence Cyber Marvel 2 (DCM2) exercise. Many of them participated remotely. The seven-day event, led by the British Army, tested the response of participants to…
Read MoreContent delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Interface (WAAP) to its network security offering. Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through its scrubbing point-of-presence (PoP) and only sending the “clean” traffic back to the customer’s infrastructure, according to Richard Yew, senior…
Read MoreThe targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group ESET researchers have discovered one of the payloads of the Wslink downloader that we uncovered back in 2021. We named this payload WinorDLL64 based on its filename WinorDLL64.dll. Wslink, which had the filename WinorLoaderDLL64.dll, is a loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in…
Read Moreby Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or…
Read MoreProof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As…
Read More