Jan 26 2022

Open-source Threat Intelligence Feeds

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 10:56 pm

Table of Contents

Threat intelligence feeds are a critical part of modern cybersecurity. Widely available online, these feeds record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. Open source threat intelligence feeds can be extremely valuable—if you use the right ones. While these collections are plentiful, there are some that are better than others. Being an actively updated database doesn’t guarantee that it is a highly reliable or detailed one either, as some of the best online haven’t necessarily been updated in a few months.

We will try to keep our own tally of some of the better open source threat intelligence feeds below, regularly updating it with new feeds and more details about each one. A share of the entries will be managed by private companies that have premium, or at least closed-source, offerings as well. This list is meant to cover free and open source security feed options.

1. Emerging Threats

Developed and offered by Proofpoint in both open source and a premium version, The Emerging Threats Intelligence feed (ET) is one of the highest rated threat intelligence feeds. ET classifies IP addresses and domain addresses associated with malicious activity online and tracks recent activity by either. The feed maintains 40 different categories for IPs and URLs, as well as a constantly updated confidence score.

2. FBI InfraGard

This being backed by the Federal Bureau of Investigation definitely gives it some clout. It’s actually a collaboration between the FBI and the private sector, with its information freely available to private companies and public sector institutions to keep appraised on threats relevant to 16 specific categories of infrastructure identified by the Cybersecurity and Infrastructure Security Agency (a department of the US Department for Homeland Security). Sectors include energy and nuclear power, communications, chemicals, agriculture, healthcare, IT, transportation, emergency services, water and dams, as well as manufacturing and financial.

3. Dan.me.uk

Dan is a collection of 10 tools that together report on IP and domain information. It includes info on IP subnets, the TOR status of IP addresses, DNS blacklists, IP address checking for autonomous systems, and node lists.

4. CINS Score

The CINS Score is supported by Sentinel. Like ET’s confidence score, the CINS Score rates IP addresses according to their trustworthiness. They add data about suspected or confirmed attacks from those IPs in the form of frequency, nature and breadth. They also try to create ‘personas’ around the sorts of attacks those IPs are tied to: scanning, network or remote desktop vulnerabilities, malware bots, or command-and-control servers.

5. Blocklist.de

Blocklist.de pays attention to server attacks from SSH, FTP, email and webserver sources. Their site claims to report an average of 70,000 attacks every 12 hours using a combo of the abusix.org database, Ripe-Abuse-Finder, and Whois information.

6. hpHosts

hpHosts is a searchable database and hosts file that is community managed. While it was last updated in August 2019, it is considered one of the more reliable data stores of malicious IPs online. It can also be sorted by PSH and FSA-only.

7. AlienVault OTX

AlienVault Open Threat Exchange (OTX) is the company’s free, community-based project to monitor and rank IPs by reputation. It generates alert feeds called “pulses,” which can be manually entered into the system, to index attacks by various malware sources. While some pulses are generated by the community, AlienVault creates its own as well that automatically subscribes all OTX’s users. Most pulses are automatically API-generated and submitted via the OTX Python SDK. This example, SSH bruteforce logs 2016-06-09, shows the indicators, geoip of the attacks, and a full list of the IPs used. It also links to reports in other pulses that include the same IPs.

8. Abuse.ch Feodo Tracker

This abuse.ch offering focuses on botnets and command-and-control infrastructure (C&C). The blocklist is an amalgamation of several minor blocklists with attention paid to Heodo and Dridex malware bots. There were 5,374 entries as of 03-03-2020.

Of course, the name itself is a direct response to an older trojan virus called Feodo, which was a successor to the Cridex e-banking trojan. (to which both Dridex and Heodo both trace their source code). Feodo Tracker also tracks an associative malware bot, TrickBot.

9. Abuse.ch URLhaus

The first of two projects from Swiss website abuse.ch, URLhaus is a depository of malicious domains tied to distributing malware. The database can be accessed via a URLhaus API, allowing you to download CSV collections of flagged URLs, those site’s respective statuses, the type of threat associated with them, and more. Ready-made downloads include periods of recent additions (going back 30 days), or all active URLs.

The full URLhaus dataset—as updated every 5 minutes—is automatically and immediately available for CSV download. It also includes a ruleset suited for use in Suricata or Snort. URLhaus also offers a DNS firewall dataset that includes all marked URLs for blocking. 

source: https://logz.io/blog/open-source-threat-intelligence-feeds/

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: Open-source Threat Intelligence Feeds


Jan 13 2022

Threat actors abuse public cloud services to spread multiple RATs

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 10:05 am

Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems.

The malware campaign was spotted by Cisco Talos in October 2021, most of the victims were located in the United States, Italy and Singapore.

Threat actors leverages cloud services like Azure and AWS because they can be easily set up with minimal efforts making it more difficult for defenders to detect and mitigate the campaigns.

The attackers used complex obfuscation techniques in the downloader script.

The attack chains starts with a phishing email using a malicious ZIP attachment that contain an ISO image with a loader in the form of JavaScript, a Windows batch file or Visual Basic script. Upon executing the initial script, the victim’s machine download the next stage from the C2 server, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance.

“To deliver the malware payload, the actor registered several malicious subdomains using DuckDNS, a free dynamic DNS service. The malware families associated with this campaign are variants of the Netwire, Nanocore and AsyncRAT remote access trojans.” reads the analysis published by Talos. “Organizations should be inspecting outgoing connections to cloud computing services for malicious traffic. The campaigns described in this post demonstrate increasing usage of popular cloud platforms for hosting malicious infrastructure.”

Once installed the malware on the target system, it can be used to steal confidential data or to deliver additional payloads such as ransomware attacks. Threat actors can also sell the access to other cybercrime gangs, including ransomware affiliates.

“Organizations should deploy comprehensive multi-layered security controls to detect similar threats and safeguard their assets. Defenders should monitor traffic to their organization and implement robust rules around the script execution policies on their endpoints. It is even more important for organizations to improve email security to detect and mitigate malicious email messages and break the infection chain as early as possible.” concludes the report that also includes Indicators of Compromise (IoCs).

Tags: Cyber-Security Threats, public cloud services, RATs


Jan 11 2022

Small businesses are most vulnerable to growing cybersecurity threats

Category: Cyber ThreatsDISC @ 10:50 am

While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, the dangers for smaller businesses could not be more acute, especially since the businesses’ operators and employees are often uninformed about common cybersecurity threats.

By understanding the threats they face and implementing a few relatively low-effort but highly effective protection measures, SMBs can leap into the next phase of growth with their digital assets secured.

Unique threats to SMBs

The scope of cybersecurity threats to small companies is no less varied than the threats large multinational corporations face, but SMBs’ size and lack of infrastructure often leaves them more vulnerable to targeted hacking schemes and threats. Hackers often opt for schemes that require less preparation and risk and find easier targets in SMBs.

One major vulnerability is the disadvantage SMBs face because they often do not control every aspect of their supply chain. A bad actor can conduct a software supply chain hack, isolating smaller vendors and suppliers as weak points with little to no cybersecurity protection, forcing them to unwittingly pass on malware that can disable an entire chain of businesses. SMBs in the logistics and operations industries are particularly vulnerable targets since they are connected to many other companies and will likely be more willing to pay the ransom to quickly resume operations at 100% capacity.

In addition, an entirely new slew of cyber threats has cropped up along with the hybrid work model. In a rush to digitize at the start of the pandemic, many SMBs relied on single systems that they perceived to be safe, including migrating their files and processes to the cloud. They hoped that the cloud’s decentralized nature would prevent them from being victimized by cyber attackers. However, even cloud software providers can be infiltrated, as all it takes is one bug to create a vulnerability. Yet most SMBs fail to acknowledge the new vulnerabilities remote work creates and are now even more vulnerable since they are complacently conducting business through unsecured systems.

All these threats represent a growing danger to SMBs’ success – and some SMBs are more vulnerable than others. Many of the industries (e.g., agriculture) that never thought they would be targeted and therefore eschewed any type of basic cybersecurity are years behind in their cyber protection measures.

wolf

Regulations add another complication

Cybersecurity for Small and Midsize Businesses

Cybersecurity for Small and Midsize Businesses by [Marlon Bermudez]

Tags: Cybersecurity for Small and Midsize Businesses, Cybersecurity for SMBs, SMB


Dec 28 2021

External attackers can penetrate most local company networks

Category: Cyber Threats,Insider Threat,Threat detectionDISC @ 9:54 am

These are the results of a new research report by Positive Technologies, analyzing results of the company’s penetration testing projects carried out in the second half of 2020 and first half of 2021.

The study was conducted among financial organizations (29%), fuel and energy organizations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors.

During the assessment of protection against external attacks, Positive Technologies experts managed to breach the network perimeter in 93% of cases. According to the company’s researchers, this figure has remained high for many years, confirming that criminals are able to breach almost any corporate infrastructure.

“In 20% of our pentesting projects, clients asked us to check what unacceptable events might be feasible as a result of a cyberattack. These organizations identified an average of six unacceptable events each, and our pentesters set out to trigger those. According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information pose the greatest danger,” said Ekaterina Kilyusheva, Head of Research and Analytics, Positive Technologies.

“In total, Positive Technologies pentesters confirmed the feasibility of 71% of these unacceptable events. Our researchers also found that a criminal would need no more than a month to conduct an attack which would lead to the triggering of an unacceptable event. And attacks on some systems can be developed in a matter of days,” Kilyusheva added.

Despite the fact that financial organizations are considered to be among the most protected companies, as part of the verification of unacceptable events in each of the banks we tested, our specialists managed to perform actions that could let criminals disrupt the bank’s business processes and affect the quality of the services provided. For example, they obtained access to an ATM management system, which could allow attackers to steal funds.

An attacker’s path from external networks to target systems begins with breaching the network perimeter. According to our research, on average, it takes two days to penetrate a company’s internal network. Credential compromise is the main way criminals can penetrate a corporate network (71% of companies), primarily because of simple passwords used, including for accounts used for system administration.

Microservices Security in Action: Design secure network and API endpoint security for Microservices applications

Tags: External attackers


Dec 28 2021

Threat actors are abusing MSBuild to implant Cobalt Strike Beacons

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 9:30 am

Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines.

MSBuild is a free and open-source build toolset for managed code as well as native C++ code and was part of .NET Framework. It is used for building apps and gives users an XML schema that controls how the build platform processes and builds software to deliver malware using callbacks.

Morphus Labs security researcher and SANS Internet Storm Center (ISC) handler Renato Marinho revealed to have uncovered two different malicious campaigns that were abusing MSBuild for code execution.

The malicious MSBuild project employed in the attacks was designed to compile and execute specific C# code that in turn decodes and executes Cobalt Strike payload.

“Now, let’s look at the malicious MSBuild project file in Figure 3. Using the same principle, when called by MSBuild, it will compile and execute the custom C#, decode and execute the Cobalt Strike beacon on the victim’s machine.” wrote Marinho.

malicious msbuild project

In the attack scenario described by the researcher, the attackers initially gained access to the target environment using a valid remote desktop protocol (RDP) account, then leveraged remote Windows Services (SCM) for lateral movement, and MSBuild to execute the Cobalt Strike Beacon payload.

The Beacon was used to decrypt the communication with the C2 server, which was SSL encrypted.

Cobalt Strike, a Defender’s Guide

Cobalt Strike, a Defender’s Guide (The DFIR Report's 2021 Intrusions) by [The DFIR Report]

Tags: Cobalt Strike, Cobalt Strike Beacons, MSBuild


Dec 17 2021

SANS 2021 Top New Attacks and Threat Report

SANS 2021 Top New Attacks and Threat Report Download

System Security Threats | Computer Science Posters

Tags: SANS 2021, System Security Threats


Dec 11 2021

Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE

Category: Cyber Threats,Cyberweapons,Web SecurityDISC @ 12:48 pm

Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library.

The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam.

A remote, unauthenticated attacker can exploit the CVE-2021-44228 to execute arbitrary code on a vulnerable system leading to a complete system takeover.

The vulnerability was discovered by researchers from Alibaba Cloud’s security team that notified the Apache Foundation on November 24. According to the experts, the vulnerability is easy to exploit and does not require special configuration, for this reason, it received a CVSSv3 score of 10/10. Researchers pointed out that Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability.

Now researchers from cybersecurity firm Cybereason have released a script that works as a “vaccine”(dubbed Logout4Shell) that allows remotely mitigating the Log4Shell vulnerability by turning off the “trustURLCodebase” setting in vulnerable instances of the library.

“While the best mitigation against this vulnerability is to patch log4j to 2.15.0 and above, in Log4j version (>=2.10) this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or by removing the JndiLookup class from the classpath. Additionally, if the server has Java runtimes >= 8u121, then by default, the settings com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase are set to “false”, mitigating this risk. However, enabling these system property requires access to the vulnerable servers as well as a restart.” reads the GitHub Page set up for the Log4Shell project.

Cyberreson experts pointed out that enabling these system property requires access to the vulnerable servers, and the servers have to be restarted. 

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Defensive Security Handbook: Best Practices for Securing Infrastructure

Tags: Apache patch, Defensive Security, Log4j, Log4shell


Dec 06 2021

2022 and the threat landscape: The top 5 future cybersecurity challenges

2022 is going to be a year of building greater resiliency and integrating this into all aspects of business operations. This will require organizations of all levels to review how they are responding to a larger scale of sophisticated threats. To build on the efforts of 2021, CISOs need to address how they can implement innovation into their business without making themselves more vulnerable to damaging attacks.

There are five big trends that I see defining the market in 2022 that security professionals should pay attention to:

. The rise of the “assume-breach” mindset

Zero trust applies the principle of fundamentally not trusting anything on or off your network and deploys a “assume-breach” mindset. 

. Innovation and new risk in 5G

. Customization, personalization and getting personal with phishing tactics

. Hackers will go for gold at the Beijing Olympics

. The enterprise API ecosystem will show its vulnerabilities

The Ransomware Threat Landscape: Prepare for, recognize and survive ransomware attacks

Tags: threat landscape


Nov 09 2021

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

Category: Cyber ThreatsDISC @ 6:29 am

Tags: Sophos 2022 Threat Report, Threat Report


Nov 03 2021

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Category: Access Control,Cyber Threats,CybercrimeDISC @ 9:02 am

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.

Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. 

These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.

Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.

Intel 471 experts monitored the activities on the Dark Web over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.

The experts provided multiple examples of the offers they have found:

Disrupting Logistics: Startups, Technologies, and Investors Building Future Supply Chains – “This book presents readers with a straightforward and comprehensive assessment of supply chain innovation and trends and their impact on the industry. With contributions from several industry leaders, it provides critical knowledge and insight that supply chain and logistics managers need to implement disruptive technologies strategically.” 

Tags: dark net, dark web, shipping and logistics


Oct 27 2021

The 9th edition of the ENISA Threat Landscape (ETL) report is out!

Category: Cyber ThreatsDISC @ 9:02 am

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape.

This edition reports events and analyses related to the period between April 2020 up to July 2021.

The bad news is the cybersecurity threats are on the rise, and ransomware attacks rank as a prime threat for the period. Supply-chains attacks also rank among the most dangerous threats due to the catastrophic cascading effects. The document identified threats, attack techniques, notable incidents, and related trends, it also provides recommendations to mitigate the risk of exposure.

“Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.” states EU Agency for Cybersecurity Executive Director, Juhan Lepassaar.

The level of sophistication of attacks and their impact continues to increase. The experts highlight an increase in the surface of attacks of organizations due to an ever-growing online presence.

Below are the 9 threat groups analyzed in details in the report over the reporting period:

  1. Ransomware;
  2. Malware;
  3. Cryptojacking;
  4. E-mail related threats;
  5. Threats against data;
  6. Threats against availability and integrity;
  7. Disinformation – misinformation;
  8. Non-malicious threats;
  9. Supply-chain attacks.

Tags: ENISA, ENISA Threat Landscape, ETL


Oct 05 2021

Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.

What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky.

How to Prevent Cheating on Workplace Exams - HR Daily Advisor

Cheating on Tests: How To Do It, Detect It, and Prevent It

Tags: Bluetooth, cheating, Cheating on Tests, India, schools


Sep 30 2021

Supply Chain Emerging as Cloud Security Threat

Category: Cloud computing,Cyber ThreatsDISC @ 9:20 am

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes.

These were the results of a report from Palo Alto Networks’ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider.

Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.

If an attacker (like an APT) compromises third-party developers, it’s possible to infiltrate thousands of organizations’ cloud infrastructures, the report warned.

Supply Chain Flaws in the Cloud

Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.

“Our researchers estimated that the typical cloud-native application is built upon hundreds of these packages,” he said. “Let’s call them ‘Legos.’ Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.”

The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to “shift security left.”

“Shifting security left is about moving security as close to development as possible,” said Chiodi. “Historically, security and development teams have operated independently of each other.” He added that development teams like to move quickly and try new things and security is more often the opposite.

“The concept of ‘shift left’ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,” Chiodi said. “If security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.”

He pointed out the first wave of migrations to the cloud was marked by “lift and shift,” meaning that organizations simply took existing applications as-is and moved them to the cloud.

“When they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,” he said.

Being Truly Cloud-Native

supply chain data secure

Tags: cloud security, cloud security threat, supply chain


Sep 20 2021

“Back to basics” as courier scammers skip fake fees and missed deliveries

Category: Cyber Threats,Cybercrime,Information SecurityDISC @ 9:24 am

These scams can take many different forms, including:

  • A fake gift sent by an online “friend” is delayed by customs charges. This is a common ruse used by romance scammers, who sucker you into an online friendship, for example by stealing other people’s profile data from online data sites, courting you online, and then “sending” you a “gift”, often jewellery or something they know you would appreciate if it were real. The scammer then pretends to be the courier company handling the “delivery”, correctly identifying the item, its value and its made-up shipping code. Finally, there’s a customs or tax payment to make before the item can be released in your country (something that often happens with genuine deliveries via geniune courier companies). Some unfortunate victims pay out this fee, in cash, in good faith. In this sort of scam, the crooks are directly after your money.
  • A fake order will be delivered once you have confirmed the purchase. These fake orders range from low-value subscriptions that have auto-renewed, all the way to expensive new mobile phones or gaming consoles that will ship imminently. Given that it’s easier to guess what you haven’t just bought than what you have, these crooks are banking that you will click the link or phone the “customer support” number they’ve helpfully provided in order to cancel or dispute the charge. Once they have you on the hook, skilled social scammers in a call centre operated by the crooks offer to “help” you to cancel the bogus order or subscription (something that can be annoyingly hard for legitimate goods and services). In this sort of scam, the crooks are after as much personal information as they can persuade you to hand over, notably including full credit card data, phone number and home address.
  • A fake delivery failed and the item was returned to the depot. These fake delivery notices typically offer to help you reschedule the missed delivery (something that is occasionally necessary for legitimate deliveries of geniune online orders), but before you can choose a new date you usually need to login to a fake “courier company” website, hand over credit card data, or both. The credit card transactions are almost always for very small amounts, such as $1 or $2.99, and some crooks helpfully advise that your card “won’t be charged until the delivery is complete”, as a way of making you feel more comfortable about committing to the payment. In this sort of scam, the crooks won’t bill you $2.99 now, but they will almost certainly sell your credit card details on to someone else to rack up charges later on.

KISS – Keep It Simple and Straightforward

Tags: Cyber Scam, Scam Me If You Can, scammers


Sep 01 2021

Threats Grow as Digital Wallets Gain Popularity

Category: Crypto,Cyber ThreatsDISC @ 11:35 am

The pandemic, as well as users’ personal preferences, have helped enable the rapid emergence of digital payment applications and digital wallets, which compete with credit cards and cash as preferred payment options.

The growing popularity of digital wallets such as Google Pay, Samsung Pay and Apple Pay is making them a bigger target for malicious actors, according to a report from security analytics software specialist Cognyte.

The study, which collected and analyzed threat actors’ conversations about digital wallets from 2016 through 2020, found the number of threat actors’ interactions around the topic almost doubled from 2017 to 2018.

By 2019, this number grew by 456%, reaching 31,878 interactions and by 2020 it grew by another 292%, reaching 96,363 interactions.

Increase in Popularity and Threats

Next Generation Crypto Hardware Wallet

Trezor Model T - Next Generation Crypto Hardware Wallet with LCD Color Touchscreen and USB-C, Store your Bitcoin, Ethereum, ERC20 and more with Total Security

Tags: Digital Wallets


Aug 30 2021

Men, Executives Pose Higher Cybersecurity Risk

Category: Cyber Threats,Phishing,social engineeringDISC @ 1:12 pm

When it comes to online behaviors, women are far safer than men, according to a wide-ranging survey from SecurityAdvisor.

Despite the fact that women made up 42% of the sample data, they account for 48% of the top safe users and only 26% of risky users. Men, on the other hand, account for 74% of risky users: A big driver of these risky behaviors stems from men’s and women’s online behaviors.

According to SecurityAdvisor’s data, men are more likely to visit dangerous adult websites, use P2P software and watch pirated content than women.

SecurityAdvisor analyzed more than 500,000 malicious emails and an additional 500,000+ dangerous website visits by enterprise employees in more than twenty countries. Employees range from entry-level to executives and operate across many industries, including health care, financial services, communications, professional services, energy and utilities, retail and hospitality.

“Our partner here, Kelley McElhaney from Berkeley University, noted that women are more aware of long-term ramifications of risky behaviors,” SecurityAdvisor CEO Sai Venkataraman said. “Also, society tends to tolerate failures by dominant groups better, hence men don’t fear the consequences or fear consequences less.”

He also pointed out that men, from an early age, are socialized to take risks and win, hence they are less afraid of a potential negative outcome and engage in riskier behaviors.

cybersecurity alert fatigue

C-Level Executives are Prime Targets

CYBER SECURITY FOR TOP EXECUTIVES: Everything you need to know about Cybersecurity by [Alejandra Garcia]
CYBER SECURITY FOR TOP EXECUTIVES

Tags: Higher Cybersecurity Risk


Aug 26 2021

Samsung can remotely disable their TVs worldwide using TV Block

Category: cyber security,Cyber Spy,Cyber ThreatsDISC @ 1:39 pm
Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.

“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.

“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”

As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”

How TV Block works

Tags: Samsung can remotely disable, Smart TV, Smart TV Security, TV Block


Jun 22 2021

Threat actors in January attempted to poison the water at a US facility

Category: Cyber ThreatsDISC @ 12:00 am

Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility…

Cyber Threats and Nuclear Weapons

“The technology controlling United States nuclear weapons predates the Internet. Updating the technology for the digital era is necessary, but it comes with the risk that anything digital can be hacked. Moreover, using new systems for both nuclear and non-nuclear operations will lead to levels of nuclear risk hardly imagined before. This book is the first to confront these risks comprehensively. With Cyber Threats and Nuclear Weapons, Herbert S. Lin provides a clear-eyed breakdown of the cyber risks to the U.S. nuclear enterprise. Featuring a series of scenarios that clarify the intersection of cyber and nuclear risk, this book guides readers through a little-understood element of the risk profile that government decision-makers should be anticipating. What might have happened if the Cuban Missile Crisis took place in the age of Twitter, with unvetted information swirling around? What if an adversary announced that malware had compromised nuclear systems, clouding the confidence of nuclear decision-makers? Cyber Threats and Nuclear Weapons, the first book to consider cyber risks across the entire nuclear enterprise, concludes with crucial advice on how government can manage the tensions between new nuclear capabilities and increasing cyber risk. This is an invaluable handbook for those ready to confront the unique challenges of cyber nuclear risk”–

Tags: cyber threats, Cyber Threats and Nuclear Weapons, threats


Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (cybersecurityventures.com)

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Cybersecurity Stats


Apr 14 2021

The FBI Is Now Securing Networks Without Their Owners’ Permission

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 10:30 am

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.

On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.

Tags: Securing Networks


« Previous PageNext Page »