CyberSecure Specialist

11 Jan

Cybercriminals bypass Windows security with driver-vulnerability exploit

Data Breaches, Malware, Social Engineering

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a…

Read More
11 Jan

NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services

Attacks, Insights, Malware

Original release date: January 11, 2023 The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations. The post discusses the trade-offs involved as well as specific security checks…

Read More
11 Jan

StrongPity APT Group Distributing Fake Shagle App

Attacks, Malware

Binary Defense strongly recommends that Android users source their apps from a trusted source such as the Google Play store. Extreme caution should be used when installing an APK from any other source. https://www.bleepingcomputer.com/news/security/hackers-target-android-users-with-fake-shagle-video-chat-app/

Read More
11 Jan

Over 1,300 Fake AnyDesk Sites Push Vidar Info-Stealing Malware

Attacks, Malware

Users are advised to bookmark official sites used for downloading software, avoid clicking on promoted results (ads) in Google Search, and find the official URL of a software project from their official website, documentation, or your OS’s package manager. https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/

Read More
11 Jan

Dark Pink APT Group Targets Government and Military Entities with Custom Malware

Attacks, Malware

While this threat actor has been seen making use of custom malware, Dark Pink, like most threat actors, is still relying on phishing to gain their initial access into an environment. Phishing is one of the most prominent tactics used by threat actors, with the frequency and volume of phishing-related attacks on the rise every year. To protect against phishing, it is recommended to provide sufficient user training and education, as well as implementing an…

Read More
11 Jan

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Data Breaches, Malware, Social Engineering

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like…

Read More
11 Jan

Cyber Incident Hits UK Postal Service, Halts Overseas Mail

Information, News

Britain’s postal service said it was hit Wednesday by a “cyber incident” that is temporarily preventing it from sending letters or parcels to other countries. Royal Mail reported on its website that international export services were “experiencing severe service disruption” without providing further details. “We are temporarily unable to dispatch items to overseas destinations,” the service said, adding that it recommended customers hold on to mail destined for outside the country while it works on…

Read More
11 Jan

Timeline of the latest LastPass data breaches

Data Breaches, Malware, Social Engineering

On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing…

Read More
10 Jan

Hybrid work: Turning business platforms into preferred social spaces

Information

Hybrid work and hybrid play now merge into hybrid living, but where is the line between the two? Is there one? That the COVID-19 pandemic brought a new normal to businesses, educational institutions, and our everyday lives is an understatement. Many interactions, whether work-related or personal, moved online or at least gained a virtual mirror. This virtual migration began alongside the pandemic when most people and businesses first turned to tried-and-tested communications solutions, such as…

Read More
10 Jan

Cracked it! Highlights from KringleCon 5: Golden Rings

Information

Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum’s foul plan and recover the five golden rings This is my first year participating in the SANS Holiday Hack Challenge and it was a blast. Through a series of 16 challenges ranging from easy to difficult, I practiced analyzing suspicious network traffic and PowerShell logs, writing Suricata rules, breaking…

Read More