- When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.
- Sounding the Alarm on Emergency Alert System Flaws
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.
- It Might Be Our Data, But It’s Not Our Breach
A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn't theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.
- The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site you're signing up at -- lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here's a look at the pros and cons of adopting a unique alias for each website.
- Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
- Class Action Targets Experian Over Account Security
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.
- Scammers Sent Uber to Take Elderly Lady to the Bank
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
- Google updates Chronicle to climb on managed detection and response train
Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform, placing the company into the ranks of the contenders in the fast-growing managed detection and response market (MDR).Chronicle’s new curated detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.To read this article in full, please click here
- Ransomware safeguards for small- to medium-sized businesses
The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks. It focuses on the identify, protect, respond, and recover format that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. IST’s guidelines do not include one item from the NIST framework: the detect function. The authors recommends that SMBs should work with a cybersecurity services provider for that function.To read this article in full, please click here
- What is zk-SNARK?
Zk-SNARK, which stands for zero-knowledge succinct non-interactive argument or knowledge, is the most popular zero-knowledge protocol. This a space of increasing importance, as zero knowledge systems are an area of active development that stand to disrupt how authentication works. While the math is intense, the overall ideas are not hard to understand. What is zero knowledge? Zero knowledge is the attempt to use the smallest amount of information possible when verifying a statement. It works to devise proofs that avoid transfer of extra data.Ground zero for this field is the paper Knowledge Complexity of Interactive Proof Systems, which appeared in a few editions during the 1980’s. As the name implies, the paper undertakes to get an understanding of how knowledge behaves in proving statements between interacting systems. To read this article in full, please click here
- "Evil PLC Attack" weaponizes PLCs to infect engineering workstations
Most attack scenarios against industrial installations, whether in manufacturing or in critical infrastructure, focus on compromising programmable logic controllers (PLCs) to tamper with the physical processes they control and automate. One way to get malicious code running on PLCs is to first compromise a workstation that engineers use to manage and deploy programs on them, but this can be a two-way street: A hijacked PLC can also be used to compromise engineering workstations, and this opens the door to powerful lateral movement attacks.In a new paper released over the weekend, researchers from industrial control systems (ICS) cybersecurity firm Claroty documented proof-of-concept "Evil PLC Attacks" against engineering software from seven ICS manufacturers: Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.To read this article in full, please click here
- Safe Security debuts two free risk assessment tools for businesses
Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them.Both tools—an interactive cost calculator for cyberattacks and a cyberinsurance assessment app—are available as free-to-use web pages, created by Safe Security and based on the company’s institutional knowledge and in-house research into cybersecurity risk factors.Risk tools measure financial impact of cyberthreats The cost calculator for cyberattacks takes into account general data—like revenue, number of employees, vertical, headquarters location and the types of records stores—to arrive at an “annual loss expectancy” figure, according to vice president of AI and cyber insurance at Safe Security, Pankaj Goyal. This measures the likelihood of an attack against the potential financial impact, breaking the potential harms down by the type of attack—currently ransomware, data breach, and business email compromise, but with more types on the way, according to Goyal.To read this article in full, please click here
- Exposed VNC instances threatens critical infrastructure as attacks spike
New research from threat intelligence and cybersecurity company Cyble has identified a peak in attacks targeting virtual network computing (VNC) – a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to control another machine remotely – in critical infrastructure sectors. By analyzing the data from its Global Sensor Intelligence (CGSI), Cyble researchers noticed a spike in attacks on port 5900 (the default port for VNC) between July 9 and August 9, 2022. Most attacks originated from the Netherlands, Russia, and Ukraine, according to the firm, and highlight the risks of exposed VNC in critical infrastructure.Exposed VNC putting ICS at risk, assets frequently distributed on cybercrime forums According to a blog posting detailing Cyble’s findings, organizations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled. Cyble also found that exposed assets connected via VNCs are frequently sold, bought, and distributed on cybercrime forums and market.To read this article in full, please click here
- The 12 biggest data breach fines, penalties, and settlements so far
Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here
- Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches
Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches. read more
- 81% of Malware Seen on USB Drives in Industrial Facilities Can Disrupt ICS: Honeywell
- SEC Charges 18 Over Scheme Involving Hacked Brokerage Accounts
The US Securities and Exchange Commission this week announced charges against 18 individuals and entities for their roles in a pump-and-dump scheme that involved account hacking. read more
- Iranian Group Targeting Israeli Shipping and Other Key Sectors
Mandiant has been tracking an activity cluster from what it believes is a single Iranian threat group that has been targeting Israeli interests, especially the shipping industry. The activity was first noted in late 2020 and is ongoing in mid-2022. Mandiant has named the group UNC3890. read more
- Quarterly Security Patches Released for Splunk Enterprise
Splunk this week announced the release of a new set of quarterly patches, to address multiple vulnerabilities in Splunk Enterprise. The most important of the bugs – based on its severity rating – is a high-severity TLS certificate validation issue in the Ingest Actions user interface. read more
- The Future of Endpoint Management
Making each endpoint resilient is paramount to implementing a successful defense strategy read more
- Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications
A team of researchers from various companies has analyzed Electron-based desktop applications and ended up discovering vulnerabilities in several widely used pieces of software. read more