CyberSecurity Updates

09 Jan

CircleCI – code-building service suffers total credential compromise

Information

by Paul Ducklin If you’re a programmer, whether you code for a hobby or professionally, you’ll know that creating a new version of your project – an official “release” version that you yourself, or your friends, or your customers, will actually install and use – is always a bit of a white-knuckle ride. After all, a release version depends on all your code, relies on all your default settings, goes out only with your published…

Read More
09 Jan

Facebook Phishing Campaign Uses Copyright Infringement Lure

Attacks, Malware

Users looking to protect themselves from these types of attacks should do the following: • Always hover all URLs before clicking• Always double-check sender addresses• Log into the Facebook account directly to check the status of the account instead of clicking on the URL in the email https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing

Read More
09 Jan

Malicious PyPI Packages Utilizing Cloudflare Tunnels to Bypass Firewalls

Attacks, Malware

This tunnel technique is a unique tactic used by the threat actor. The idea is to leverage the tunnel to remotely access the compromised computer via a Flask-based app, which contains a trojan dubbed xrat (but codenamed poweRAT by Phylum). The malicious program allows threat actors to execute arbitrary Python code, download and run remote files on the host, exfiltrate files and entire directories, run shell commands, and more. The Flask application supports a “live”…

Read More
09 Jan

Hive Ransomware Gang Leaked 550 GB Stolen from Consulate Health Care

Attacks, Malware

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if ther i’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen.…

Read More
09 Jan

Microsoft Flags Ransomware Problems on Apple’s macOS Platform

Information, Malware, News

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. In a blog post documenting its research into four known macOS ransomware families, Microsoft’s Security Threat Intelligence team published IOCs and technical details to show how ransomware actors target users on macOS-powered devices. “While these malware families are old,…

Read More
09 Jan

Identity Thieves Bypassed Experian Security to View Credit Reports

Data Breaches, Information, Insights

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address,…

Read More
09 Jan

11 top XDR tools and how to evaluate them

Data Breaches, Malware, Social Engineering

Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.…

Read More
09 Jan

If governments are banning TikTok, why is it still on your corporate devices?

Data Breaches, Malware, Social Engineering

TikTok, the viral app resident on millions of devices, was recently banned from executive branch devices in the United States, as set out in in the recent Omnibus Bill signed by President Joe Biden. The Omnibus Bill, as detailed in CSO Online’s overview, highlighted that the “legislation required the Office of Management and Budget in consultation with the administrator of general services, the director of CISA, the director of national intelligence, and the secretary of…

Read More
06 Jan

Ransomware target list – Week in security with Tony Anscombe

Information

Why schools, hospitals, local governments and other public sector organizations are in a sweet spot for ransomware attacks Why are schools, hospitals and local governments firmly in the crosshairs of cybercriminals and why do public-sector entities fall into a sweet spot for ransomware attacks? What are the latest trends on the ransomware scene? A report released this week looks at publicly disclosed ransomware incidents in the United States in 2022 in order to help organizations…

Read More
06 Jan

RSA crypto cracked? Or perhaps not!

Information

by Paul Ducklin There’s been a bit of a kerfuffle in the technology media over the past few days about whether the venerable public-key cryptosystem known as RSA might soon be crackable. RSA, as you probably know, is short for Rivest-Shamir-Adleman, the three cryptographers who devised what turned into an astonishingly useful and long-lived encryption system by means of which two people can communicate securely… …without meeting up first to agree on a secret encryption…

Read More