CyberSecure Specialist

08 Feb

New QakNote Attacks Push Qakbot Malware via Microsoft OneNote Files

Attacks, Malware

Since the disabling of Office macros by Microsoft, a variety of new techniques have arisen to gain remote code execution on a host, with OneNote attachments becoming one of the more prominent techniques seen. As it is rather uncommon for OneNote files to be sent through email, many researchers recommend blocking these extensions altogether. However, for organizations where that is not possible, other options are available. One potential monitoring solution would be to monitor all…

Read More
08 Feb

Research Reveals 12% of Online Stores Expose Backup Data

Attacks, Malware

Administrators of websites, and especially online stores, should regularly evaluate possible data exposure on their sites. Any time sensitive data is found by an administrator, passwords should be rotated for not only users but databases as well. Enabling two-factor authentication (2FA) can help mitigate any exposure of administrator login information. Analyzing logs for the web-server software in use can reveal unusually high activity from individual IP addresses. Rate limiting based on IP addresses and using…

Read More
08 Feb

CISA Releases Recovery Script for ESXiArgs Ransomware Victims

Attacks, Malware

To assist users in recovering their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process. “CISA is aware that some organizations have reported success in recovering files without paying ransoms. CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac,” explains CISA. “This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware.” While the GitHub…

Read More
08 Feb

Skybox Security Raises $50M, Hires New CEO

Information, News

Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings the total raised to $335 million. The private equity-backed Skybox said investors in the latest round include CVC Growth Funds,…

Read More
08 Feb

Growing number of endpoint security tools overwhelm users, leaving devices unprotected

Data Breaches, Malware, Social Engineering

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.…

Read More
08 Feb

What is the difference between cyber risk management and cyber resilience?

Attacks, Data Breaches

Cyber Security Hub speaks to Sourabh Haldar, threat policy implementation lead of information and cyber security at Standard Chartered Bank about the importance of cyber resilience in the face of emerging threats. Cyber Security Hub: What do you think will be the biggest threat vector and/or threat target in 2023? Sourabh Haldar: From a sector-wide perspective, phishing and social engineering-based attacks are definitely a concern. Phishing is the easiest way for malicious actors to gain…

Read More
08 Feb

Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery

Data Breaches, Malware, Social Engineering

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added. Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a…

Read More
08 Feb

Surge of swatting attacks targets corporate executives and board members

Data Breaches, Malware, Social Engineering

At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned the police, fire, and emergency mutual aid of the nearby towns of Ipswich, Rowley, Topsfield, and Haverhill. Police evacuated neighboring…

Read More
07 Feb

CISA Releases ESXiArgs Ransomware Recovery Script

Attacks, Insights, Malware

Original release date: February 7, 2023 CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable. CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment. Organizations can access the recovery…

Read More
07 Feb

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Information, Insights

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media…

Read More