Information

08 Dec

Removing the Barriers to Security Automation Implementation

Information, News

Implementation of security automation can be overwhelming, and has remained a barrier to adoption Previously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a recent survey (PDF) found that while trust in security automation is rising, technology is the top barrier to adoption. And in Twitter poll, Allie Mellen,…

Read More
08 Dec

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

Information

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for its destructive operations. In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli…

Read More
08 Dec

TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Information, News

TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children. The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting…

Read More
07 Dec

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Information

by Naked Security writer A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in the trade as SIM swapping, also known as number porting. Migrating your phone number As you’ll…

Read More
06 Dec

Three Ways to Improve Defense Readiness Using MITRE D3FEND

Information, News

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture. MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior. Using D3FEND To Bolster Defensive Readiness D3FEND gives organizations a…

Read More
06 Dec

Tractors vs. threat actors: How to hack a farm

Information

Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers’ Union (NFU) meeting in southern England. Right after I started my talk, one farmer immediately raised his hand and told me that his cows had recently…

Read More
06 Dec

Ping of death! FreeBSD fixes crashtastic bug in network tool

Information

by Paul Ducklin One of the first low-level network tools that any computer user learns about is the venerable ping utility. Named after the eponymous sound effect from any and every old-school war movie scene involving submarines, the command is a metaphorical echo (see what we did there?) of the underwater version of RADAR known as SONAR. You send out a p-i-n-g (more like a d-o-i-n-n-n-n-g noise, in reality) into the briny depths, and by…

Read More
05 Dec

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Information, Insights

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and…

Read More
05 Dec

Apple Faces Critics Over Its Privacy Policies

Information, News

Apple presents itself as a white knight on the subject of privacy, but critics say its own advertising ambitions are built on anti-competitive practices.  Two developers going by the name ‘Mysk’ claimed last month that Apple was tracking users’ every tap on the App Store, with no way of disabling the function.  A class action lawsuit was subsequently filed in California, claiming that Apple’s “promises regarding privacy are utterly false”.  The company has not commented…

Read More
05 Dec

Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

Information

by Paul Ducklin It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. The company said nothing more about that bug than to describe it as a “heap buffer overflow in GPU” [sic], and to report that it was already being used in real-world attacks. Google left all of the following questions unanswered: How might…

Read More