CyberSecure Specialist

07 Dec

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Information

by Naked Security writer A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in the trade as SIM swapping, also known as number porting. Migrating your phone number As you’ll…

Read More
07 Dec

New Zealand government compromised in third-party cyber attack

Attacks, Data Breaches

An IT managed service provider that supports a range of organizations across New Zealand including several within its government has suffered a cyber attack, compromising access to its data and systems. Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora – Health New Zealand, although health service delivery has not been affected.  The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack…

Read More
07 Dec

Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation

Data Breaches, Malware, Social Engineering

Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in a Brooks Jon Hocut, director of information security for Brooks ssailants’ crosshairs—representing 23.2% of the global attacks remediated last year by IBM Security’s X-Force, according to the company’s Threat Intelligence Index 2022 report. With news like this, it is not surprising that “ransomware is the threat that keeps me up the most at night,” says Jon…

Read More
06 Dec

Ransomware attack knocks Rackspace’s Exchange servers offline

Data Breaches, Malware, Social Engineering

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected. Rackpsace offers migration to…

Read More
06 Dec

Threat Actors Abuse PRoot Linux Utility to Simplify Malware Deployment

Attacks, Malware

Threat actors observed using this technique have been able to utilize free file sharing services like Google Drive, Dropbox, or OneDrive to host their compressed filesystem containing their malware, making them readily accessible from victim devices. Organizations should be sure to monitor for connections to these file sharing services, especially ones that are not commonly used for an organization’s business processes.Organizations may also find it useful to monitor for the execution of the PRoot tool,…

Read More
06 Dec

CISA Order Agencies to Patch Google Chrome Vulnerability

Attacks, Malware

This is the ninth high severity bug for which Chrome has released a patch during 2022. CISA has given three weeks to its agencies to patch their systems. Because of this timeline, it is likely we will not see technical details of this vulnerability until after this date. It is highly recommended that any organization with users running Google Chrome should use CISA’s requirements as a guideline for themselves, and endeavor to have all systems…

Read More
06 Dec

Three BMC Vulnerabilities Impact Manufacturers Industrywide

Attacks, Malware

Much of the risk of these vulnerabilities can be mitigated by controlling access to remote management interfaces. Companies should endeavor to never leave these exposed to the internet, and further limit which devices or networks can access these interfaces. User behavior analysis can help identify exploitation of vulnerabilities like these; mass password reset requests and root-level activities that differ from baseline can be reliable indicators of a compromise. https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

Read More
06 Dec

Three Ways to Improve Defense Readiness Using MITRE D3FEND

Information, News

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture. MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior. Using D3FEND To Bolster Defensive Readiness D3FEND gives organizations a…

Read More
06 Dec

Flaws in MegaRAC baseband management firmware impact many server brands

Data Breaches, Malware, Social Engineering

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable. BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are…

Read More
06 Dec

Action1 launches threat actor filtering to block remote management platform abuse

Data Breaches, Malware, Social Engineering

Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or…

Read More