CyberSecurity Updates

23 Nov

How to reset a Kerberos password and get ahead of coming updates

Data Breaches, Malware, Social Engineering

Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you’ve followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes. While many of you may be waiting to install the…

Read More
23 Nov

Online retailers should prepare for a holiday season spike in bot-operated attacks

Data Breaches, Malware, Social Engineering

With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic. According to a recent report from application and data security company Imperva, bots account for more than 40% of traffic to online retail websites on average, with around 24% of traffic coming from “bad bots” that engage in various forms of…

Read More
22 Nov

Life in pursuit of answers: In the words of Ada Yonath

Information

From a little girl financially helping her family in Jerusalem to a Nobel Prize laureate. That is the exceptional life of Ada Yonath in a nutshell. The first female Israeli Nobel Laureate and the fourth woman in the world to be awarded the Nobel Prize in Chemistry, Ada Yonath has dedicated her life to the pursuit of answers to the most crucial scientific questions and to advancing progress in her field. Her curiosity and her…

Read More
22 Nov

How to hack an unpatched Exchange server with rogue PowerShell code

Information, Uncategorized

by Paul Ducklin Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution (RCE) on the Exchange server itself. The first…

Read More
22 Nov

DraftKings Sports App Hacked

Attacks, Malware

DraftKings said that almost 300 thousand dollars was stolen from user accounts. According to some of the victims, when they took to Twitter to get help from DraftKings, there were many twitter accounts commenting aabout getting free money using various techniques, but none of them could be identified as the actual attacker. Attacks like these highlight the reasons why it is important to not reuse passwords, especially on websites that credit card information is being…

Read More
22 Nov

Cybercriminals Increasingly Using Aurora Stealer Malware

Attacks, Malware

Companies can detect Aurora and malware like it by implementing command line logging and looking for unusual WMIC and PowerShell commands. Additionally, implementing Canary files can help detect file grabber activity, and user behavioral analysis on netflow data can help detect anomalous network activity, such as connections to strange external ports. Application allowlisting can also help prevent the loader activity seen in Aurora. https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/

Read More
22 Nov

Microsoft Azure launches DDoS IP protection for SMBs

Data Breaches, Malware, Social Engineering

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft’s Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that’s attractive to SMBs, Microsoft said. With the new product, Microsoft’s Azure DDoS Protection family now has two…

Read More
22 Nov

Leaked Algolia API Keys Exposed Data of Millions of Users

Information, News

Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users. Organizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API is used by over 11,000 companies, including Lacoste, Slack, Medium, and Zendesk. CloudSEK says it has identified 1,550 applications that leaked Algolia API…

Read More
22 Nov

Meta fires employees for allegedly hacking into user’s accounts

Attacks, Data Breaches

Meta has allegedly fired and/or discipled more than 12 employees for hacking into users’ Facebook and Instagram accounts on the behalf of hackers. According to the Wall Street Journal (WSJ), which broke the story on November 17, some of the hacking cases involved bribery, with employees being paid thousands of dollars to hack into the accounts.  According to an internal investigation into the account hijacking, those fired by Meta included contractors employed at the company’s…

Read More
22 Nov

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

Data Breaches, Malware, Social Engineering

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it…

Read More