CyberSecurity Updates

15 Nov

KmsdBot Exploiting Weak Login Credentials to Spread Cryptominers and Launch DDoS Attacks

Attacks, Malware

Companies can best protect themselves from this sort of attack by blocking all SSH traffic from external sources. When SSH must be exposed to public internet, use SSH keys instead of passwords, and limit which public IP addresses can establish connections. Additionally, companies should consider blocking all inbound and outbound FTP traffic and limit which public IP addresses can establish FTP sessions if FTP must be allowed. For detecting C2, companies can use tools like…

Read More
15 Nov

Kerberos Authentication Issues After Novembers Patch Tuesday

Attacks, Malware

Systems administrators can look for the “Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text,” according to Microsoft. The below text reads “While processing an AS request for target service , the account did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1)”. Users can find more specific information about possible signs of this…

Read More
15 Nov

42,000 Websites used to Trap Victims

Attacks, Malware

The group is suspected to be based out of China, based on observations researchers have made regarding the language used by the threat group. Approximately 300 new domains are registered by the group daily, which can have detrimental effects on the customers of these legitimate brands as well as values of the targeted brands themselves. Companies should ensure they are monitoring for these fraudulent domains being created. By using a service such as the Binary…

Read More
15 Nov

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Information, Insights

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland. Tank was the day-to-day manager of a cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses. Penchukov…

Read More
15 Nov

Zendesk Vulnerability Could Have Given Hackers Access to Customer Data

Information, News

An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports. Zendesk Explore is the analytics and reporting service of Zendesk, a popular customer support software-as-a-service solution. According to Varonis, two vulnerabilities in Zendesk Explore could have allowed an attacker to access conversations, comments, email addresses, tickets, and other information stored in Zendesk accounts with Explore enabled. The two issues, however, were…

Read More
15 Nov

Global 2000 companies failing to adopt key domain security measures

Data Breaches, Malware, Social Engineering

Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC’s Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020. The data follows Akamai…

Read More
15 Nov

Meta’s new kill chain model tackles online threats

Data Breaches, Malware, Social Engineering

In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs). The authors of the paper argued that by leveraging the knowledge of how these adversaries operate, cyber defenders “can create an intelligence feedback loop, enabling defenders to…

Read More
15 Nov

Build a mature approach for better cybersecurity vendor evaluation

Data Breaches, Malware, Social Engineering

Seasoned CISO Mike Manrod knows the value of a good cybersecurity vendor evaluation. He recalls that in a past job he inherited some very expensive vaporware under a long-term services agreement. His predecessor had purchased an “innovative” beta identity and access management platform but hadn’t done any analysis on the product, simply accepting the vendor’s claims of its efficacy. It was a dud. Inversely, as CISO at his current company Grand Canyon Education, Manrod set…

Read More
14 Nov

Ukraine Says Russian Hacktivists Use New Somnia Ransomware

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More
14 Nov

“Gucci Master” business email scammer Hushpuppi gets 11 years

Information

by Naked Security writer He was sentenced under his real-life name of Ramon, but in back in his boastful days of pretending to be a seriously successful real estate agent based in Dubai, you may have seen and heard of him as Ray, or, to give him his full nickname, Ray Hushpuppi. To be clear, Ramon Olorunwa Abbas wasn’t pretending to have lots of money, but he was pretending to have acquired his money by…

Read More