CyberSecurity Updates

09 Feb

What is business email compromise?

Attacks, Data Breaches

In this article, Cyber Security Hub explores how cyber attackers use threat vectors like phishing, social engineering and ransomware to enact business email compromise (BEC). Cybercrime is an ever-growing issue across virtually every industry. Expected to have a global cost as much as US$10trn by 2025, companies must fight to combat malicious actors seeking to gain from cyber attacks against them. Threat actors increasingly use multiple threat vectors during attacks to overwhelm companies and make…

Read More
09 Feb

How to unleash the power of an effective security engineering team

Data Breaches, Malware, Social Engineering

Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers. The collective security/security engineering team mindset is also that of a builder, quite different from that of a penetration tester or third-party…

Read More
09 Feb

Yes, CISOs should be concerned about the types of data spy balloons can intercept

Data Breaches, Malware, Social Engineering

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the…

Read More
08 Feb

OpenSSL fixes High Severity data-stealing bug – patch now!

Information

by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium support. (Getting into a position where you no longer need to pay for support is probably better for you, even…

Read More
08 Feb

Threat group targets over 1,000 companies with screenshotting and infostealing malware

Data Breaches, Malware, Social Engineering

Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers. Tracked as TA866 by researchers from security firm Proofpoint, the group’s tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even…

Read More
08 Feb

CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

Attacks, Insights, Malware

Original release date: February 8, 2023 Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers and deploy ESXiArgs ransomware. The ransomware encrypts configuration files on ESXi servers, potentially rendering…

Read More
08 Feb

New QakNote Attacks Push Qakbot Malware via Microsoft OneNote Files

Attacks, Malware

Since the disabling of Office macros by Microsoft, a variety of new techniques have arisen to gain remote code execution on a host, with OneNote attachments becoming one of the more prominent techniques seen. As it is rather uncommon for OneNote files to be sent through email, many researchers recommend blocking these extensions altogether. However, for organizations where that is not possible, other options are available. One potential monitoring solution would be to monitor all…

Read More
08 Feb

Research Reveals 12% of Online Stores Expose Backup Data

Attacks, Malware

Administrators of websites, and especially online stores, should regularly evaluate possible data exposure on their sites. Any time sensitive data is found by an administrator, passwords should be rotated for not only users but databases as well. Enabling two-factor authentication (2FA) can help mitigate any exposure of administrator login information. Analyzing logs for the web-server software in use can reveal unusually high activity from individual IP addresses. Rate limiting based on IP addresses and using…

Read More
08 Feb

CISA Releases Recovery Script for ESXiArgs Ransomware Victims

Attacks, Malware

To assist users in recovering their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process. “CISA is aware that some organizations have reported success in recovering files without paying ransoms. CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac,” explains CISA. “This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware.” While the GitHub…

Read More
08 Feb

Skybox Security Raises $50M, Hires New CEO

Information, News

Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings the total raised to $335 million. The private equity-backed Skybox said investors in the latest round include CVC Growth Funds,…

Read More