- Microsoft: Two New 0-Day Flaws in Exchange Server
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
- Fake CISO Profiles on LinkedIn Target Fortune 500s
Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
- Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it."
- SIM Swapper Abducted, Beaten, Held for $200k Ransom
A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen's captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.
- Botched Crypto Mugging Lands Three U.K. Men in Jail
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies.
- Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.
- Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday
This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.
- Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors
Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.To read this article in full, please click here
- Enterprises embrace devsecops practices against supply chain attacks
For enterprise security professionals alarmed about the rising number of supply chain attacks, a report released this week by Google and supply chain security firm Chainguard has good news: Devsecops best practices are becoming more and more common.The recent prevalence of supply chain attacks—most notably the SolarWinds attack, which affected numerous large companies in 2021—has brought the topic into prominence. The Google-Chainguard report, though, found that many supply chain security practices recommended by the major frameworks are already in place among software developers, based on an ongoing “snowball” survey of 33,000 such developers over the past eight years.To read this article in full, please click here
- Top cybersecurity M&A deals for 2022
The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.To read this article in full, please click here
- Malware builder uses fresh tactics to hit victims with Agent Tesla RAT
A recently discovered malware builder sold on the dark web, Quantum Builder, is being used in a new campaign featuring fresh tactics to deliver the Agent Tesla .NET-based keylogger and remote access trojan (RAT), according to an alert issued by the ThreatLabz research unit of cybersecurity company Zscaler.To read this article in full, please click here
- Most hackers need 5 hours or less to break into enterprise environments
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience and specializations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.To read this article in full, please click here
- 22 notable government cybersecurity initiatives in 2022
Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.Here are 22 notable cybersecurity initiatives introduced around the world in 2022.February Israel commits to IDB cybersecurity initiative in Latin America, Caribbean The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel’s funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel’s representative on the IDB’s Board.To read this article in full, please click here
- Recent cases highlight need for insider threat awareness and action
On September 1, a crew of US government offices launched the fourth-annual National Insider Threat Awareness Month (NITAM). The goal of the month-long event is to educate the government and industry about the dangers posed by insider threats and the role of insider threat programs. This year’s campaign focuses on the importance of critical thinking to help workforces guard against risk in digital spaces.The NITAM launch announcement cited recent examples of insider threats in the digital space:To read this article in full, please click here
- Hack Puts Latin American Security Agencies on Edge
A massive trove of emails from Mexico’s Defense Department is among electronic communications taken by a group of hackers from military and police agencies across several Latin American countries, Mexico’s president confirmed Friday. read more
- Canon Medical Product Vulnerabilities Expose Patient Information
Trustwave is warning healthcare organizations of two cross-site scripting (XSS) vulnerabilities in Canon Medical’s popular medical imaging sharing tool Vitrea View. read more
- What's Going on With Cybersecurity VC Investments?
- CISA Issues Guidance on Transitioning to TLP 2.0
The US Cybersecurity and Infrastructure Security Agency (CISA) this week published a user guide to help organizations prepare for the November 1, 2022, move from Traffic Light Protocol (TLP) version 1.0 to TLP 2.0. read more
- DoD Announces Final Results of 'Hack US' Bug Bounty Program
The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022. read more
- Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks. The tech giant is working on patches. read more
- Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks
Chinese cyberespionage group Witchetty has been observed updating its toolset in recent attacks targeting entities in the Middle East and Africa, Symantec reports. Also referred to as LookingFrog, Witchetty is believed to be part of Cicada, the Chinese advanced persistent threat (APT) actor also known as APT10 and Stone Panda. read more