CyberSecure Specialist

22 Feb

What is Traffic Light Protocol? Here’s how it supports CISOs in sharing threat data

Data Breaches, Malware, Social Engineering

Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. The protocol was developed so that recipients of threat data could assess its sensitivity and determine how to share it…

Read More
21 Feb

Will ChatGPT start writing killer malware?

Information, Malware

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware? ChatGPT didn’t write this article – I did. Nor did I ask it to answer the question from the title – I will. But I guess that’s just what ChatGPT might say. Luckily, there are some grammar errors left to prove I’m not a robot. But that’s just the kind of thing ChatGPT might do…

Read More
21 Feb

Coinbase breached by social engineers, employee data stolen

Information, Social Engineering

by Paul Ducklin Popular cryptocurrency exchange Coinbase is the latest well-known online brand name that’s admitted to getting breached. The company decided to turn its breach report into an interesting mix of partial mea culpa and handy advice for others. As in the recent case of Reddit, the company couldn’t resist throwing in the S-word (sophisticated), which once again seems to follow the definition offered by Naked Secuity reader Richard Pennington in a recent comment,…

Read More
21 Feb

The ultimate guide to malware

Malware

What is malware? Malware is a fast-growing, ever-evolving threat to cyber security. In the first six months of 2022, over 2.8 billion malware attacks were reported worldwide. Beyond risks to their network, malware like ransomware can have real, monetary costs for businesses. In 2021, damages of ransomware alone cost US$20bn. This was a 6054 percent increase on the global cost of ransomware in 2015, which was $325mn. This is only predicted to increase, with the…

Read More
21 Feb

VMware Plugs Critical Carbon Black App Control Flaw

Information, News

Virtualization technology giant VMware on Tuesday pushed out a major security fix to cover a critical vulnerability in its enterprise-facing Carbon Black App Control product. A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system. “A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access…

Read More
21 Feb

Hardbit Ransomware Asks for Insurance Details

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as possible• Implement monitoring of security events on…

Read More
21 Feb

New Information Stealer, “Stealc,” Actively Used in the Wild

Attacks, Malware

Binary Defense has regularly covered info stealer malware. While the user experience for Stealc seems to be particularly well developed and therefore lends itself to rapid adoption as a Malware as a Service offering (MaaS), the techniques and behaviors this malware uses are not novel. Keeping Detection and Response systems (EDR/MDR/XDR/etc.) up-to-date will go a long ways discovering campaigns like this. Additionally, netflow analysis and DNS monitoring can help detect C2 and exfiltration activity. This…

Read More
21 Feb

Alcatraz AI streamlines facial recognition access control with mobile update

Data Breaches, Malware, Social Engineering

Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration. The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial  authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors…

Read More
21 Feb

Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023

Data Breaches, Malware, Social Engineering

Despite the billions of dollars poured annually into cybersecurity by investors, organizations, academia, and government, adequate and reliable cybersecurity remains an ever-elusive goal. The technological complexity and growing attack surface, along with a growing array of threat actors and increased interconnectivity, make securing digital systems and assets a perennial pipedream. Chief among the challenges for decision-makers and experts is simply identifying and comprehending society’s cybersecurity risks. One organization, the Washington, DC-based think tank Bipartisan Policy…

Read More
21 Feb

DNA Diagnostic Center fined $400,000 for 2021 data breach

Data Breaches, Malware, Social Engineering

DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general.  The company will also be required to implement improvements to its data security, including updating the asset inventory of its entire network and disabling or removing any assets identified that are not necessary for…

Read More