CyberSecure Specialist

11 Feb

Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe

Information

What is behind the drop in ransomware and what should still be done for containing the ransomware scourge? Ransomware detections fell by 20% between 2021 and 2022, according to ESET’s latest Threat Report. What is behind the drop, why is ransomware still a huge problem, and what has yet to be done before the ransomware scourge is contained? Watch the video to learn not just about the latest trends in ransomware, but also about, for…

Read More
11 Feb

US Blacklists 6 Chinese Entities Over Balloon Program

Information, News

The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace. The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult for the five companies and one research institute to obtain American technology exports. The move is likely to further escalate…

Read More
10 Feb

Alexa, who else is listening?

Information

Your smart speaker is designed to listen, but could it be eavesdropping too? Ever since Amazon came under fire for being able to potentially listen in on people through its Echo smart speakers, and even transcribe what they were saying, I have been intrigued by the idea of how IoT could be used to snoop on us, unbeknown to the victims. Big tech companies behind Alexa-enabled and other similar devices have since taken steps towards…

Read More
10 Feb

Reddit admits it was hacked and data stolen, says “Don’t panic”

Information

by Paul Ducklin Popular social media site Reddit – “orange Usenet with ads”, as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen. In recent weeks, LastPass and GitHub have confessed to similar experiences, with cyercriminals apparently breaking and entering in much the same way: by figuring out a live access code or password for an individual staff…

Read More
10 Feb

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks

Data Breaches, Malware, Social Engineering

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers. Industrial cybersecurity firm Otorio released a report this…

Read More
10 Feb

Indigo Bookstore Website Shuts Down After Cyberattack

Attacks, Malware

It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It…

Read More
10 Feb

Attackers Breach Reddit to Steal Source Code and Internal Data

Attacks, Malware

All organizations should provide phishing awareness and defense training to all of their employees/users. A simple defense technique would be adopting a zero-trust attitude toward outside communication. For email, the zero-trust model means not allowing the delivery of messages unless they originate from a sender who can be authenticated and who has been granted explicit permission to deliver messages to that inbox. https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/

Read More
10 Feb

North Korean Ransomware Attacks on Healthcare Fund Government Operations

Attacks, Malware

In this campaign, the North Korean ransomware operators made use of numerous vulnerabilities, tools, and TTPs to accomplish their goals. To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics, such as trojanized software on typo-squatted domains. Additionally, it is recommended to ensure that all software/hardware is up to date, as the operators made use of numerous vulnerabilities that relied on outdated applications. Further, it…

Read More
10 Feb

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

Original release date: February 10, 2023 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More
10 Feb

Microsoft OneNote Abuse for Malware Delivery Surges

Information, News

Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they do not benefit from the Mark-of-the-Web (MOTW) protection, along with the fact that files can be attached to OneNote notebooks…

Read More