CyberSecurity Updates

25 Oct

Cryptomining Campaign Abuses Free DevOps solutions

Attacks, Malware

While this campaign targets free services, Binary Defense researchers have observed an uptick in the number of compromises of cloud services like AWS or Azure to mine cryptocurrency. These attacks are effectively theft and can leave organizations with a large bill.For example, a developer in Seattle incurred a bill for over $53,000 which was normally a $100-$150 per month. In another case, a California College student was sent a bill for $55,000.It is highly recommended…

Read More
25 Oct

Google Chrome Announces End of Support for Windows 7 and 8.1

Attacks, Malware

Ensuring that systems are up to date and stay up to date is a key component of staying protected from cyber threats. When notices such as end of support are released, it is important that anyone running affected systems ensure that they are aware of the timeframe they face and begin the proper steps in upgrading affected systems to newer versions. Anyone that keeps running outdated and unsupported versions maintains a higher risk for becoming…

Read More
25 Oct

CISA Has Added One Known Exploited Vulnerability to Catalog    

Attacks, Insights, Malware

Original release date: October 25, 2022 CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.       Binding Operational Directive…

Read More
25 Oct

CISA Releases Eight Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 25, 2022 CISA has released eight (8) Industrial Control Systems (ICS) advisories on October 25, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSMA-22-298-01 AliveCor KardiaMobile •    ICSA-22-298-01 Haas Controller •    ICSA-22-298-02 HEIDENHAIN Controller TNC •    ICSA-22-298-03 Siemens Siveillance Video Mobile Server •    ICSA-22-298-04 Hitachi Energy…

Read More
25 Oct

CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!

Attacks, Insights, Malware

Original release date: October 25, 2022 On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR replaces TLP:WHITE for publicly releasable information. TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information  may be shared with the recipient’s organization only. CISA…

Read More
25 Oct

Why Employers Should Embrace Competency-Based Learning in Cybersecurity

Insights

Credit: Shutterstock/EtiAmmos There is a growing movement toward increasing the use of competency and skills-based education and hiring practices in both the public and private sectors. For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls upon the Federal Government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position”—resulting in “merit-based reforms…

Read More
25 Oct

Akamai to boost network-layer DDoS protection with new scrubbing centers

Data Breaches, Malware, Social Engineering

Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers. The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and…

Read More
25 Oct

Blockchain security companies tackle cryptocurrency theft, ransom tracing

Data Breaches, Malware, Social Engineering

According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value. Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency,…

Read More
25 Oct

8 hallmarks of a proactive security strategy

Data Breaches, Malware, Social Engineering

CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs are seeking to take more proactive steps to balance out reactive ones. “On the proactive side, you’re trying to predict…

Read More
24 Oct

ESET research into new attacks by Lazarus – Week in security with Tony Anscombe

Information

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 This week, the ESET Research team has published the results of their analysis of recent attacks carried out by the Lazarus APT group. Using spear-phishing emails that contained malicious Amazon-themed documents, the group targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. Notably, one of the tools…

Read More