Malware

30 Nov

AWS’ Inspector offers vulnerability management for Lambda serverless functions

Data Breaches, Malware, Social Engineering

Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie. Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes…

Read More
30 Nov

AWS launches new cybersecurity service Amazon Security Lake

Data Breaches, Malware, Social Engineering

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement.  “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources…

Read More
30 Nov

5 top qualities you need to become a next-gen CISO

Data Breaches, Malware, Social Engineering

Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won’t suffice…

Read More
30 Nov

What is Ransom Cartel? A ransomware gang focused on reputational damage

Data Breaches, Malware, Social Engineering

Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil. The group employs double extortion, combining data encryption with data theft and subsequent threats to…

Read More
30 Nov

TikTok “Invisible Challenge” porn malware puts us all at risk

Information, Malware

by Paul Ducklin Researchers at secure coding company Checkmarx have warned of porn-themed malware that’s been attracting and attacking sleazy internet users in droves. Unfortunately, the side-effects of this malware, dubbed Unfilter or Space Unfilter, apparently involve plundering data from the victim’s computer, including Discord passwords, thus indirectly exposing the victim’s contacts – such as colleagues, friends and family – to spams and scams from cybercriminals who can now pose as someone those people know.…

Read More
29 Nov

TikTok Trend Abused to Lure Users Into Installing Malware

Attacks, Malware

The report released by Checkmarx in regards to this attack states: “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”When installing any software from open-source resources such as PyPI or GitHub, it is crucial to be skeptical and to perform due diligence by doing things like reviewing the code base, ensuring proper spelling of packages to avoid…

Read More
29 Nov

Android App Being used to Power Account Creation Service

Attacks, Malware

Most websites have adopted a mandatory verification through SMS message for account creation and authentication. Because of these requirements, threat groups have had to become crafty, deploying new methods in order to bypass these security features. At first, criminal actors primarily relied upon Google Voice numbers and “burner phone” numbers. However, with websites also advancing, most of those options are no longer valid when setting up an account. Due to the current situation, the only…

Read More
29 Nov

CISA Adds Oracle Access Manager Exploit to Known Exploited Vulnerabilities Catalog

Attacks, Malware

A proof-of-concept (PoC) has existed as early as March 2022, so companies running vulnerable versions of OAM should patch as soon as their patch management program allows. Additionally, since the exploit has existed for so long, it is reasonable to assume active exploitation has been taking place since then, and all vulnerable OAM systems should be treated as such. https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

Read More
29 Nov

CISA Releases Seven Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: November 29, 2022 CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-333-01 Mitsubishi Electric GOT2000 ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products ICSA-22-333-04 Moxa UC Series ICSA-22-333-05…

Read More
29 Nov

How to build a public profile as a cybersecurity pro

Data Breaches, Malware, Social Engineering

Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips for those who want to build their public profile. Some of these professionals have been known for their work for…

Read More