CyberSecure Specialist

16 Feb

Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report

Information, News

Published XIoT vulnerabilities are trending down and have been since 2021. At the same time, the percentage of vulnerabilities published by the device manufacturer rather than third-party researchers is trending up. The clear implication is device manufacturers are taking greater responsibility for the security of their own devices. The reason is probably twofold: government pressure and commercial reality. The introduction of SBOM’s has focused manufacturers’ attention on the software make-up of their devices, while the…

Read More
16 Feb

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Data Breaches, Malware, Social Engineering

The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current…

Read More
16 Feb

BEC groups are using Google Translate to target high value victims

Data Breaches, Malware, Social Engineering

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions…

Read More
16 Feb

How automation in CSPM can improve cloud security

Data Breaches, Malware, Social Engineering

With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization’s cloud infrastructure. A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of…

Read More
15 Feb

Security tool adoption jumps, Okta report shows

Data Breaches, Malware, Social Engineering

Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise. Okta survyed 17,000 customers globally, and found that zero trust usage among its  clients has increased from 10% two years ago…

Read More
15 Feb

Threat Actors Spoofing Emsisoft Certificates to Breach Networks

Attacks, Malware

This form of attack is not novel by any means and has been successfully leveraged by many groups in the past. Perhaps the best form of prevention is to ensure that all security analysts are aware of this form of attack. Apart from spreading awareness, an organization could also ensure that their security controls are set to block files with invalid signatures from running. Additionally, ensure that RDP ports are only open on devices where…

Read More
15 Feb

Microsoft Patch Tuesday Addresses Multiple Zero Days

Attacks, Malware

Due to the risks involved with these vulnerabilities, these updates should be tested and pushed to production environments as soon as policies allow. These attacks require initial access to be effective, and phishing emails are the most prominent method of gaining that first foothold. Ensuring that users know the risks of phishing emails and how to detect them can help protect an organization. Remote Code Execution and Privilege Escalation vulnerabilities are inevitable with the increasing…

Read More
15 Feb

PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal

Information, News

Cloud monitoring, log management and SIEM solutions provider Sumo Logic is set to become a private company after it has entered into a definitive agreement to be acquired by affiliates of private equity firm Francisco Partners for $1.7 billion. Francisco Partners is prepared to pay $12.05 per share in cash. The law firm Kahn Swick & Foti has announced that it’s investigating the deal to determine if the price is adequate. Sumo Logic offers cloud-native…

Read More
15 Feb

Microsoft: Exchange Server 2013 Reaches End of Support in April

Attacks, Malware

It is recommended to upgrade any instances of Exchange 2013 to a newer version of Exchange as soon as possible. Exchange 2013 servers can also be migrated to Microsoft’s hosted Exchange Online email and calendaring solution, available as an Office 365 subscription or as a stand-alone service. Once mailboxes, public folders, and other data are migrated, admins can remove on-premises Exchange servers and Active Directory. Microsoft recently urged customers to keep their on-premises Exchange servers…

Read More
15 Feb

China-based cyberespionage actor seen targeting South America

Data Breaches, Malware, Social Engineering

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team.  The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday.  DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance and lateral movement, and the use of Cobalt Strike — a penetration…

Read More