CyberSecure Specialist

22 Nov

Cybercriminals Increasingly Using Aurora Stealer Malware

Attacks, Malware

Companies can detect Aurora and malware like it by implementing command line logging and looking for unusual WMIC and PowerShell commands. Additionally, implementing Canary files can help detect file grabber activity, and user behavioral analysis on netflow data can help detect anomalous network activity, such as connections to strange external ports. Application allowlisting can also help prevent the loader activity seen in Aurora. https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/

Read More
22 Nov

Microsoft Azure launches DDoS IP protection for SMBs

Data Breaches, Malware, Social Engineering

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft’s Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that’s attractive to SMBs, Microsoft said. With the new product, Microsoft’s Azure DDoS Protection family now has two…

Read More
22 Nov

Leaked Algolia API Keys Exposed Data of Millions of Users

Information, News

Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users. Organizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API is used by over 11,000 companies, including Lacoste, Slack, Medium, and Zendesk. CloudSEK says it has identified 1,550 applications that leaked Algolia API…

Read More
22 Nov

Meta fires employees for allegedly hacking into user’s accounts

Attacks, Data Breaches

Meta has allegedly fired and/or discipled more than 12 employees for hacking into users’ Facebook and Instagram accounts on the behalf of hackers. According to the Wall Street Journal (WSJ), which broke the story on November 17, some of the hacking cases involved bribery, with employees being paid thousands of dollars to hack into the accounts.  According to an internal investigation into the account hijacking, those fired by Meta included contractors employed at the company’s…

Read More
22 Nov

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

Data Breaches, Malware, Social Engineering

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it…

Read More
21 Nov

How social media scammers buy time to steal your 2FA codes

Information

by Paul Ducklin Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers associate usernames and passwords with specific web pages. This makes it hard for password managers to betray you to bogus…

Read More
21 Nov

New Ransomware Encrypts Files, Then Steals Discord Accounts

Attacks, Malware

While this ransomware generally targets consumers rather than the enterprise, it could still pose a significant threat to large communities. Therefore, users that are impacted by AxLocker should immediately change Discord passwords, as it will invalidate the token stolen by the ransomware. While this may not help recover files, it will prevent further compromise of accounts, data, and Discord communities. https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/

Read More
21 Nov

Google Wins Court Case Against Russians Linked to Glupteba Botnet

Attacks, Malware

Starovikov and Filippov, who claim to have been software engineers for an organization known as Valtron LLC, are accused of seeking to mislead the court and acting to deny Google access to discoverable data. According to a settlement submitted to Google, the actors demanded $1 million each from the company and $110,000 in legal costs in exchange for providing the private keys to Bitcoin addresses linked to the Glupteba botnet. However, the Mountain View-based company…

Read More
21 Nov

California County Says Personal Information Compromised in Data Breach

Information, News

The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach. The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and…

Read More