Continuous Monitoring and Protection
As IT spending on the cloud continues to grow, organizations need to make sure they’re also reviewing their security sets to ensure they can handle new, cloud-related obstacles. Source: https://www.axios.com/2023/03/07/hackers-cloud-breaches-cybersecurity?&web_view=true
Read MoreEspionage groups using social engineering tactics on government and military officials are nothing new. This campaign demonstrates the risks associated with downloading apps outside of app stores that are maintained by a trusted source. Furthermore, this highlights the importance of segmenting personal and professional devices. Compromising a personal phone, while impactful, could have a greatly reduced impact if that device doesn’t contain confidential information that an attacker could be seeking out. Source: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html
Read MoreWhile many of the capabilities of this malware framework are rather typical, this “Radio Silence” mode is somewhat novel and is not seen displayed by many malware implants. Many times, malware in an environment can be identified through abnormal communications, such as a large number of connections from a host over the weekend that is typically dormant. With this feature, however, the operators can pick and choose when they want their communications to be sent,…
Read MoreSANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, while an Aspen Digital Tech Policy report from the same year found that only 9% of cybersecurity experts are Black,…
Read MoreThe number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains. Hard-coded secrets pose significant security risks because they are often stored in plain text, making it…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability CVE-2022-35914 Teclib GLPI Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in…
Read MoreCISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where my CEO and CIO explained our new reality: We were going into quarantine and we had less than a week…
Read MoreBinary Defense and SentinelOne advise system administrators to set Windows UAC to “Always Notify,” with the caveat that this may be excessively intrusive for some organizations. For trusted filesystem paths with trailing spaces, administrators should keep an eye out for suspicious file creations and process executions, especially in directories containing the string “Windows”. https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/
Read MoreThere is no indication that this attack is being carried out in the wild. Microsoft has addressed the issue with a patch but warned that there are other workarounds if needed. For anyone that cannot apply the fix for some reason, Microsoft recommends reading all emails in plain text. Another workaround is to enable the Microsoft Office File Block Policy, which prevents Office apps from opening RTF documents from unknown origins. To do this, the…
Read MoreThis incident follows a series of Acer security breaches that happened over the previous few years. The REvil ransomware gang attacked the computer manufacturer in March 2021, demanding a record-breaking $50,000,000 ransom payment for a decryptor. The hacker group Desorden gained access to Acer’s after-sales systems in India. As a result, over 60GB of data was compromised, including information about thousands of customers, retailer records, and distributors. https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/
Read More