CyberSecurity Updates

08 Feb

Growing number of endpoint security tools overwhelm users, leaving devices unprotected

Data Breaches, Malware, Social Engineering

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.…

Read More
08 Feb

What is the difference between cyber risk management and cyber resilience?

Attacks, Data Breaches

Cyber Security Hub speaks to Sourabh Haldar, threat policy implementation lead of information and cyber security at Standard Chartered Bank about the importance of cyber resilience in the face of emerging threats. Cyber Security Hub: What do you think will be the biggest threat vector and/or threat target in 2023? Sourabh Haldar: From a sector-wide perspective, phishing and social engineering-based attacks are definitely a concern. Phishing is the easiest way for malicious actors to gain…

Read More
08 Feb

Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery

Data Breaches, Malware, Social Engineering

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added. Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a…

Read More
08 Feb

Surge of swatting attacks targets corporate executives and board members

Data Breaches, Malware, Social Engineering

At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned the police, fire, and emergency mutual aid of the nearby towns of Ipswich, Rowley, Topsfield, and Haverhill. Police evacuated neighboring…

Read More
07 Feb

CISA Releases ESXiArgs Ransomware Recovery Script

Attacks, Insights, Malware

Original release date: February 7, 2023 CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable. CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment. Organizations can access the recovery…

Read More
07 Feb

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Information, Insights

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media…

Read More
07 Feb

Online safety laws: What’s in store for children’s digital playgrounds?

Information

As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm Tomorrow is Safer Internet Day (SID), an annual awareness campaign that started in Europe in 2004 and that aims to highlight the need for people to enjoy the benefits of the internet while mitigating their exposure to online risks. Now in its 20th edition, SID has evolved into a landmark…

Read More
07 Feb

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

Information

by Paul Ducklin Cybersecurity news, in Europe at least, is currently dominated by stories about “VMWare ESXi ransomware” that is doing the rounds, literally and (in a cryptographic sense at least) figuratively. CERT-FR, the French government’s computer emergency response team, kicked off what quickly turned into a mini-panic at the tail end of last week, with a bulletin entitled simply: Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (Cyberattack exploiting a VMWare ESXi vulnerability). Although the…

Read More
07 Feb

VMware ESXi Servers Targeted by Linux Variant of Royal Ransomware

Attacks, Malware

Hypervisors like ESXi continue to become more ubiquitous due to the power and convenience of managing virtual machines rather than physical ones. Unfortunately, that power and convenience also attract threat actors. The compromise of a hypervisor also implies the compromise of every virtual machine housed within. In a single stroke, dozens to hundreds of critical virtual machines could be encrypted and held for ransom. ESXi servers are particularly vulnerable, inciting the recent trend of ransomware…

Read More
07 Feb

GoAnywhere MFT Zero-Day Exploit Proof-of-Concept Released

Attacks, Malware

Any users of GoAnywhere MFT should assume compromise, and remove public-facing internet access to the tool and rotate the master encryption key and any passwords used for access. The security bulletin released by the developer includes a stacktrace that administrators can look for in the logs to determine if the exploit was uses against the system. Additionally, administrators should deploy the security patch as soon as change management allows. Companies should endeavor to always bring…

Read More