CyberSecurity Updates

26 Jan

Mastodon vs. Twitter: Know the differences

Information

Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other. From restructuring their workforces to facing big fines, big tech companies have been on a roller coaster ride recently – but certainly none quite as much as Twitter. Indeed, Twitter has entered a whole new era since Elon Musk became the company’s owner and CEO last October, and you can bet…

Read More
26 Jan

UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

Information, News, Uncategorized

The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups. The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster and Phosphorus).  The NCSC noted that the two groups covered by the advisory have similar tactics, techniques and…

Read More
26 Jan

Recent legal developments bode well for security researchers, but challenges remain

Data Breaches, Malware, Social Engineering

Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers. This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy…

Read More
26 Jan

9 API security tools on the frontlines of cybersecurity

Data Breaches, Malware, Social Engineering

Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current form without APIs holding everything together or managing much of backend functionality. Because of their reliability and simplicity, APIs have become ubiquitous across the computing landscape. Most organizations probably don’t even know how many APIs…

Read More
25 Jan

Experian Glitch Exposing Credit Files Lasted 47 Days

Data Breaches, Information, Insights

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between…

Read More
25 Jan

Attackers move away from Office macros to LNK files for malware delivery

Data Breaches, Malware, Social Engineering

For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders…

Read More
25 Jan

LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised

Attacks, Malware

The company did not disclose how many users were impacted, but said it’s directly contacting the victims to provide additional information and recommend certain “actionable steps” to secure their accounts. GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it’s migrating their accounts to an enhanced identity management platform that claims to offer more robust security. Individuals who have been compromised…

Read More
25 Jan

New Stealthy Python RAT Malware Targets Windows in Attacks

Attacks, Malware

As with many campaigns, this malware is spread through phishing techniques. This demonstrates the benefit of employing an email monitoring solution in an enterprise environment. Additionally, it demonstrates the need for constant – and recurring – user education on common phishing tactics and how to detect and protect against them. Apart from these general statements that can apply to most new campaigns, this RAT also demonstrates a few different techniques that are possible to monitor.…

Read More
25 Jan

Vulnerable LearnPress Plugin for WordPress Impacts 75k Sites

Attacks, Malware

LearnPass site administrators should update the plugin to version 4.2 or above as soon as possible. It is critical for maintainers of WordPress websites to continuously update both WordPress core and all installed plugins. Binary Defense highly recommends WordPress users enable auto-updates wherever possible. https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Read More
25 Jan

Emotet Evolving with New Attack and Evasion Techniques

Attacks, Malware

Keeping Endpoint Detection and Response (EDR) systems up-to-date and properly tuned can help companies identify process injection attacks. To help prevent the macro bypass, companies should limit write access to the default Templates directories for Microsoft Office. The SMB spreader can be detected by collecting a baseline of standard SMB netflow traffic and alerting against deviations from that, though this requires a well-staffed security team. https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Read More