Continuous Monitoring and Protection
CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where my CEO and CIO explained our new reality: We were going into quarantine and we had less than a week…
Read MoreBinary Defense and SentinelOne advise system administrators to set Windows UAC to “Always Notify,” with the caveat that this may be excessively intrusive for some organizations. For trusted filesystem paths with trailing spaces, administrators should keep an eye out for suspicious file creations and process executions, especially in directories containing the string “Windows”. https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/
Read MoreThere is no indication that this attack is being carried out in the wild. Microsoft has addressed the issue with a patch but warned that there are other workarounds if needed. For anyone that cannot apply the fix for some reason, Microsoft recommends reading all emails in plain text. Another workaround is to enable the Microsoft Office File Block Policy, which prevents Office apps from opening RTF documents from unknown origins. To do this, the…
Read MoreThis incident follows a series of Acer security breaches that happened over the previous few years. The REvil ransomware gang attacked the computer manufacturer in March 2021, demanding a record-breaking $50,000,000 ransom payment for a decryptor. The hacker group Desorden gained access to Acer’s after-sales systems in India. As a result, over 60GB of data was compromised, including information about thousands of customers, retailer records, and distributors. https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/
Read MoreOver the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries,” researchers from security firm Morphisec said in a…
Read MoreAkamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to help identify and eliminate threats. “An earlier version of Hunt was available through Guardicore to a limited set of customers,”…
Read MoreSecurity leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the…
Read MoreA pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which used previously compromised usernames and passwords to gain access to PayPal’s systems. PayPal’s notice to users whose personal information was…
Read MoreOrganizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.•…
Read MoreAccording to the German police, the five suspects have ties to Russia. The DoppelPaymer ransomware operation first appeared in 2019, focusing on critical infrastructure and major corporations. Europol reported that victims based in the United States alone paid the group at least $42.4 million between May 2019 and March 2021. German authorities have also reported 37 targeted companies by the ransomware gang. Among DoppelPaymer’s major victims are Dutch Research Council (NWO), Kia Motors America, laptop…
Read More