Nov 03 2021

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Category: Access Control,Cyber Threats,CybercrimeDISC @ 9:02 am
Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.

Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. 

These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.

Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.

Intel 471 experts monitored the activities on theĀ Dark WebĀ over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.

The experts provided multiple examples of the offers they have found:

Disrupting Logistics: Startups, Technologies, and Investors Building Future Supply Chains – “This book presents readers with a straightforward and comprehensive assessment of supply chain innovation and trends and their impact on the industry. With contributions from several industry leaders, it provides critical knowledge and insight that supply chain and logistics managers need to implement disruptive technologies strategically.ā€Ā 

Tags: dark net, dark web, shipping and logistics

Oct 27 2021

The 9th edition of the ENISA Threat Landscape (ETL) report is out!

Category: Cyber ThreatsDISC @ 9:02 am
The 9th edition of the ENISA Threat Landscape (ETL) report is out!

The Europen Agency for cybersecurity ENISA releases itsĀ ENISA Threat Landscape 2021Ā (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape.

This edition reports events and analyses related to the period between April 2020 up to July 2021.

The bad news is the cybersecurity threats are on the rise, and ransomwareĀ attacks rank as a prime threat for the period.Ā Supply-chains attacksĀ also rank among the most dangerous threatsĀ due to the catastrophic cascading effects. The document identified threats, attack techniques, notable incidents, and related trends, it also provides recommendations to mitigate the risk of exposure.

ā€œGiven the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.ā€ states EU Agency for Cybersecurity Executive Director, Juhan Lepassaar.

The level of sophistication of attacks and their impact continues to increase. The experts highlight an increase in the surface of attacks of organizations due to an ever-growing online presence.

Below are the 9 threat groups analyzed in details in the report over the reporting period:

  1. Ransomware;
  2. Malware;
  3. Cryptojacking;
  4. E-mail related threats;
  5. Threats against data;
  6. Threats against availability and integrity;
  7. Disinformation ā€“ misinformation;
  8. Non-malicious threats;
  9. Supply-chain attacks.

Tags: ENISA, ENISA Threat Landscape, ETL

Oct 05 2021

Cheating on Tests

Category: Cyber surveillance,Cyber Threats,Physical Security,Smart PhoneDISC @ 12:09 pm
Cheating on Tests

InterestingĀ storyĀ of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.

Whatā€™s interesting is how this cheating was discovered. Itā€™s not that someone noticed the communication devices. Itā€™s that the proctors noticed that cheating test takers were actingĀ hinky.

How to Prevent Cheating on Workplace Exams - HR Daily Advisor

Cheating on Tests: How To Do It, Detect It, and Prevent It

Tags: Bluetooth, cheating, Cheating on Tests, India, schools

Sep 30 2021

Supply Chain Emerging as Cloud Security Threat

Category: Cloud computing,Cyber ThreatsDISC @ 9:20 am
Supply Chain Emerging as Cloud Security Threat

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victimsā€™ software development processes.

These were the results of a report from Palo Alto Networksā€™ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider.

Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.

If an attacker (like an APT) compromises third-party developers, itā€™s possible to infiltrate thousands of organizationsā€™ cloud infrastructures, the report warned.

Supply Chain Flaws in the Cloud

Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.

ā€œOur researchers estimated that the typical cloud-native application is built upon hundreds of these packages,ā€ he said. ā€œLetā€™s call them ā€˜Legos.ā€™ Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.ā€

The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to ā€œshift security left.ā€

ā€œShifting security left is about moving security as close to development as possible,ā€ said Chiodi. ā€œHistorically, security and development teams have operated independently of each other.ā€ He added that development teams like to move quickly and try new things and security is more often the opposite.

ā€œThe concept of ā€˜shift leftā€™ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,ā€ Chiodi said. ā€œIf security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.ā€

He pointed out the first wave of migrations to the cloud was marked by ā€œlift and shift,ā€ meaning that organizations simply took existing applications as-is and moved them to the cloud.

ā€œWhen they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,ā€ he said.

Being Truly Cloud-Native

supply chain data secure

Tags: cloud security, cloud security threat, supply chain

Sep 20 2021

ā€œBack to basicsā€ as courier scammers skip fake fees and missed deliveries

Category: Cyber Threats,Cybercrime,Information SecurityDISC @ 9:24 am
“Back to basics” as courier scammers skip fake fees and missed deliveries

These scams can take many different forms, including:

  • A fake gift sent by an online ā€œfriendā€ is delayed by customs charges. This is a common ruse used by romance scammers, who sucker you into an online friendship, for example by stealing other peopleā€™s profile data from online data sites, courting you online, and then ā€œsendingā€ you a ā€œgiftā€, often jewellery or something they know you would appreciate if it were real. The scammer then pretends to be the courier company handling the ā€œdeliveryā€, correctly identifying the item, its value and its made-up shipping code. Finally, thereā€™s a customs or tax payment to make before the item can be released in your country (something that often happens with genuine deliveries via geniune courier companies). Some unfortunate victims pay out this fee, in cash, in good faith. In this sort of scam, the crooks are directly after your money.
  • A fake order will be delivered once you have confirmed the purchase. These fake orders range from low-value subscriptions that have auto-renewed, all the way to expensive new mobile phones or gaming consoles that will ship imminently. Given that itā€™s easier to guess what you havenā€™t just bought than what you have, these crooks are banking that you will click the link or phone the ā€œcustomer supportā€ number theyā€™ve helpfully provided in order to cancel or dispute the charge. Once they have you on the hook, skilled social scammers in a call centre operated by the crooks offer to ā€œhelpā€ you to cancel the bogus order or subscription (something that can be annoyingly hard for legitimate goods and services). In this sort of scam, the crooks are after as much personal information as they can persuade you to hand over, notably including full credit card data, phone number and home address.
  • A fake delivery failed and the item was returned to the depot. These fake delivery notices typically offer to help you reschedule the missed delivery (something that is occasionally necessary for legitimate deliveries of geniune online orders), but before you can choose a new date you usually need to login to a fake ā€œcourier companyā€ website, hand over credit card data, or both. The credit card transactions are almost always for very small amounts, such as $1 or $2.99, and some crooks helpfully advise that your card ā€œwonā€™t be charged until the delivery is completeā€, as a way of making you feel more comfortable about committing to the payment. In this sort of scam, the crooks wonā€™t bill you $2.99 now, but they will almost certainly sell your credit card details on to someone else to rack up charges later on.

KISS ā€“ Keep It Simple and Straightforward

Tags: Cyber Scam, Scam Me If You Can, scammers

Sep 01 2021

Threats Grow as Digital Wallets Gain Popularity

Category: Crypto,Cyber ThreatsDISC @ 11:35 am
Threats Grow as Digital Wallets Gain Popularity

The pandemic, as well as usersā€™ personal preferences, have helped enable the rapid emergence of digital payment applications and digital wallets, which compete with credit cards and cash as preferred payment options.

The growing popularity of digital wallets such as Google Pay, Samsung Pay and Apple Pay is making them a bigger target for malicious actors, according to a report from security analytics software specialist Cognyte.

The study, which collected and analyzed threat actorsā€™ conversations about digital wallets from 2016 through 2020, found the number of threat actorsā€™ interactions around the topic almost doubled from 2017 to 2018.

By 2019, this number grew by 456%, reaching 31,878 interactions and by 2020 it grew by another 292%, reaching 96,363 interactions.

Increase in Popularity and Threats

Next Generation Crypto Hardware Wallet

Trezor Model T - Next Generation Crypto Hardware Wallet with LCD Color Touchscreen and USB-C, Store your Bitcoin, Ethereum, ERC20 and more with Total Security

Tags: Digital Wallets

Aug 30 2021

Men, Executives Pose Higher Cybersecurity Risk

Category: Cyber Threats,Phishing,social engineeringDISC @ 1:12 pm
Men, Executives Pose Higher Cybersecurity Risk

When it comes to online behaviors, women are far safer than men, according to a wide-ranging survey from SecurityAdvisor.

Despite the fact that women made up 42% of the sample data, they account for 48% of the top safe users and only 26% of risky users. Men, on the other hand, account for 74% of risky users: A big driver of these risky behaviors stems from menā€™s and womenā€™s online behaviors.

According to SecurityAdvisorā€™s data, men are more likely to visit dangerous adult websites, use P2P software and watch pirated content than women.

SecurityAdvisor analyzed more than 500,000 malicious emails and an additional 500,000+ dangerous website visits by enterprise employees in more than twenty countries. Employees range from entry-level to executives and operate across many industries, including health care, financial services, communications, professional services, energy and utilities, retail and hospitality.

ā€œOur partner here, Kelley McElhaney from Berkeley University, noted that women are more aware of long-term ramifications of risky behaviors,ā€ SecurityAdvisor CEO Sai Venkataraman said. ā€œAlso, society tends to tolerate failures by dominant groups better, hence men donā€™t fear the consequences or fear consequences less.ā€

He also pointed out that men, from an early age, are socialized to take risks and win, hence they are less afraid of a potential negative outcome and engage in riskier behaviors.

cybersecurity alert fatigue

C-Level Executives are Prime Targets

CYBER SECURITY FOR TOP EXECUTIVES: Everything you need to know about Cybersecurity by [Alejandra Garcia]
CYBER SECURITY FOR TOP EXECUTIVES

Tags: Higher Cybersecurity Risk

Aug 26 2021

Samsung can remotely disable their TVs worldwide using TV Block

Category: cyber security,Cyber Spy,Cyber ThreatsDISC @ 1:39 pm
Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.

“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.

“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”

As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”

https://twitter.com/SamsungSA/status/1423674642443784198

How TV Block works

Tags: Samsung can remotely disable, Smart TV, Smart TV Security, TV Block

Jun 22 2021

Threat actors in January attempted to poison the water at a US facility

Category: Cyber ThreatsDISC @ 12:00 am
Threat actors in January attempted to poison the water at a US facility

Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility…

Cyber Threats and Nuclear Weapons

“The technology controlling United States nuclear weapons predates the Internet. Updating the technology for the digital era is necessary, but it comes with the risk that anything digital can be hacked. Moreover, using new systems for both nuclear and non-nuclear operations will lead to levels of nuclear risk hardly imagined before. This book is the first to confront these risks comprehensively. With Cyber Threats and Nuclear Weapons, Herbert S. Lin provides a clear-eyed breakdown of the cyber risks to the U.S. nuclear enterprise. Featuring a series of scenarios that clarify the intersection of cyber and nuclear risk, this book guides readers through a little-understood element of the risk profile that government decision-makers should be anticipating. What might have happened if the Cuban Missile Crisis took place in the age of Twitter, with unvetted information swirling around? What if an adversary announced that malware had compromised nuclear systems, clouding the confidence of nuclear decision-makers? Cyber Threats and Nuclear Weapons, the first book to consider cyber risks across the entire nuclear enterprise, concludes with crucial advice on how government can manage the tensions between new nuclear capabilities and increasing cyber risk. This is an invaluable handbook for those ready to confront the unique challenges of cyber nuclear risk”–

Tags: cyber threats, Cyber Threats and Nuclear Weapons, threats

Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Category: Cyber Attack,Cyber Espionage,Cyber maturity,Cyber resilience,cyber security,Cyber Strategy,Cyber surveillance,Cyber Threats,Cyber War,Cybercrime,Cyberweapons,Information SecurityDISC @ 8:46 am
Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)Ā·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grantā€™s Newest Book Should Be Required Reading For Your Companyā€™s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (cybersecurityventures.com)

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Cybersecurity Stats

Apr 14 2021

The FBI Is Now Securing Networks Without Their Ownersā€™ Permission

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 10:30 am
The FBI Is Now Securing Networks Without Their Ownersā€™ Permission

In January, weĀ learned aboutĀ a Chinese espionage campaign that exploitedĀ four zero-daysĀ in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

Now, months later, many of those shells are still in place. And theyā€™re being used by criminal hackers as well.

On Tuesday, the FBI announced that itĀ successfullyĀ receivedĀ a court order to remove ā€œhundredsā€ of these web shells from networks in the US.

Tags: Securing Networks

Apr 14 2021

FireEye: 650 new threat groups were tracked in 2020

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 10:09 am
FireEye: 650 new threat groups were tracked in 2020

FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020

FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 were initially detected by the victims, a data that is an improvement of 12% from 2019.

Since its launch, Mandiant tracked more than 2,400 threat groups, 650 of them were tracked in 2020. Over the years, the experts combined or eliminated approximately 500 groups, leaving more than 1,900 distinct groups tracked at this time (+100 compared to 2019).

The threat actors tracked by Mandiant include nation-state actors, financially motivated groups, and uncategorized groups (known as UNCs).

ā€œIn 2020, Mandiant experts investigated intrusions that involved 246 distinct threat groups. Organizations faced intrusions by four named financial threat (FIN) groups; six named advanced persistent threat (APT) groups, including groups from the nation-states of China, Iran and Vietnam; and 236 uncategorized threat (UNC) groups. Of the 246 threat groups observed at intrusion clients, 161 of these threat groups were newly tracked threat groups in 2020.ā€ reads the report published by FireEye.

The Cyber Threat

Tags: new threat groups were tracked

Mar 22 2021

FCC Boots Chinese Telecom Companies, Citing Security

Category: Cyber Attack,Cyber Communication,Cyber Espionage,cyber security,Cyber Spy,Cyber surveillance,Cyber Threats,Cyber War,CybercrimeDISC @ 11:01 am
FCC Boots Chinese Telecom Companies, Citing Security

he Federal Communications Commissionā€™s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.

The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to ā€œpublish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.ā€

In June 2020, the FCC designated both ZTE and Huawei as national security threats. ā€œā€¦ [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to Americaā€™s communications networksā€”and to our 5G future,ā€ said then-FCC chairman Ajit Pai. Pai continued, ā€œBoth companies have close ties to the Chinese Communist Party and Chinaā€™s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the countryā€™s intelligence services.  The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Todayā€™s action will also protect the FCCā€™s Universal Service Fundā€”money that comes from fees paid by American consumers and businesses on their phone billsā€”from being used to underwrite these suppliers, which threaten our national security.ā€

ZTEā€™s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.

FCC Boots Chinese Telecom Companies, Citing Security

Tags: Chinese Telecom

Mar 22 2021

How to stay ahead of the rise of synthetic fraud

Category: Cyber Attack,Cyber Threats,CybercrimeDISC @ 9:30 am
How to stay ahead of the rise of synthetic fraud

There are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.

Synthetic fraud on the rise

Banks around the world have faced difficulty in recognizing this type of complex fraud. Synthetic identity fraudsters are expert cybercriminals. They make use of the dark web to acquire legitimate personal information which they then blend with falsified information. They will then use this newly formed identity to establish a positive credit report and spend or borrow until theyā€™ve maxed out their spending abilities.

They will often have multiple synthetic identities in play simultaneously to maximize the impact of their efforts. And it is hard to detect because these synthetic identities even have genuine profiles with the credit bureaus which the fraudsters creatively engineer.

An economic environment primed for fraud

Due to the economic toll the coronavirus pandemic has taken on the world,Ā global GDPĀ is expected to be negative this year. As a result, there has been and will continue to be an increase in the size of the banksā€™ loan portfolios, as businesses that are struggling to manage working capital requirements in a challenging commercial climate seek new lines of credit. The same demand for additional credit is similarly anticipated for retail customers.

As such, it will be easier to hide fraud within an environment where there is more lending activity, a larger portfolio to monitor and more losses to recover. This environment allows criminals to hide inside the noise of economic turmoil, while financial institutions struggle to cope with the sheer volume of applications, overwhelmed with the amount of identity checking they have to undertake.

It will also become harder to differentiate between delinquencies and defaults from genuine customers in distress and deliberate attacks from fraudsters as these loans come due for repayment.

Further, more individuals may be tempted to turn to fraud to maintain their lifestyles in an environment where theyā€™ve lost jobs, financial security and are dealing with other economic difficulties.

How to stay ahead of the rise of synthetic fraud

Tags: synthetic fraud

Feb 28 2021

Npower shuts down app after hackers steal customer bank info

Category: Cyber Threats,Cybercrime,HackingDISC @ 11:03 pm
Npower shuts down app after hackers steal customer bank infoĀ Ā 

Tags: Npower

Feb 26 2021

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Category: Botnet,Cyber Attack,Cyber Espionage,Cyber Spy,Cyber surveillance,Cyber Threats,Cyber War,CybercrimeDISC @ 10:54 am
Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack

In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released aĀ joint statementĀ that blames Russia for theĀ SolarWindsĀ supply chain attack.

The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.

The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor,Ā likely Russian in origin.

According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert theĀ Sunburst backdoorĀ into the supply chain of the SolarWinds Orion monitoring product.

Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released theĀ source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated withĀ Solorigate.

ā€œIn this blog, weā€™ll share our journey in reviewing our codebases, highlighting one specific technique: the use ofĀ CodeQLĀ queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.ā€ reads theĀ blog postĀ published by Microsoft. ā€œWe are open sourcing theĀ CodeQL queriesĀ that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.ā€

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Tags: CodeQL, Solorigate compromise

Nov 08 2020

FBI: Hackers stole source code from US government agencies and private companies

Category: Cyber Attack,Cyber Espionage,Cyber Threats,Cybercrime,HackingDISC @ 2:22 pm

FBI blames intrusions on improperly configured SonarQube source code management tools.

FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.

Officials provided two examples of past incidents:

“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.

“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”

Source: FBI: Hackers stole source code from US government agencies and private companies | ZDNet





Nov 05 2020

Spotting a Common Scam

Category: Cyber Threats,Identity Theft,Information Privacy,Information Security,Security AwarenessDISC @ 3:00 pm

Spotting a CommonĀ ScamĀ 

Image
These scams seek to collect personal information about you, often appearing to come from a real businessĀ or agency.Ā Someone may pose as an official disaster aid worker, orĀ send you aĀ fraudulentĀ COVIDĀ contact tracing email.Ā If you receive a message with a link, you should not click it as it may download malware to your device to steal passwords and personal information.Ā GovernmentĀ agencies like FEMA or the IRSĀ will never contact you asking for a FEMA registration number, a Social Security number, or a bank account or credit card number to give you aĀ COVIDĀ or FEMA paymentā€”or ask you to pay anything up front to fill out an application or to access state or federal resources.
Image

 

 

 

Before sharing, check that what you are reading is from a trustworthy source. Disinformation can be life threatening in a global pandemic.

 

Image

No curesĀ or vaccines have been approved for COVID-19 yet. Online offers claiming to provide a medicine orĀ device to treat or prevent COVID should be ignored. When there is a new breakthrough in the treatment and prevention of COVID, it will be widely reported on by reputable news sources.

 

Image

 

 

Fake charitiesĀ often emerge followingĀ aĀ crisis, soliciting donations, but not using them for the described purpose. Before donating, check outĀ www.ftc.gov/charityĀ Ā to research the organization and make sure itā€™s legitimate.

 

Image

If you receive a robocall, you should hang up instead of pushing any buttons or giving away any personal information.Ā If a call claims to be from the IRSĀ orĀ FEMA, butĀ demands immediate payment through debit card or wire transfer, it is fraudulent.Ā Federal agenciesĀ will never demand immediate payment over the phone, threaten immediate arrest, or ask you to make a payment to anyone other than the U.S. Treasury.

Warning Signs that a Loved One may be the Victim of a ScamĀ 
VictimsĀ to a scamĀ may be embarrassed or uncomfortable asking forĀ help. Itā€™s not always obvious when someoneĀ has been scammed, so check in with your loved ones frequently, especially if they are older, live alone, or are otherwise high risk.

Warning signs include large ATM withdrawals, charges, or checks; secretiveness and increased anxiety about finances; large quantities of goods being delivered that they do not need; an unusual number of phone calls or visits from strangers; and a sudden lack of money, unpaid bills, or a change in daily habits.

 

For more information, and to get helpĀ with a potential FEMA fraud, you can call theĀ National Center for Disaster Fraud Hotline at 866-720-5721Ā or FEMAā€™sĀ Public Inquiry Unit at 916-210-6276. ForĀ questionsĀ about pandemic scams,Ā go toĀ www.ftc.gov/coronavirusĀ orĀ www.cdc.goc/coronavirus/2019-ncovĀ .





Tags: common scam, scam

Jun 16 2020

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

Category: Cyber Attack,Cyber Espionage,Cyber resilience,cyber security,Cyber Threats,Cyber War,CybercrimeDISC @ 10:19 am

The publication of ā€˜Vault 7ā€™ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agencyā€™s elite computer hackers ā€œprioritized building cyber weapons at the expense of securing their own systems,ā€ according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.

Source: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found.

Wikileaks Vault 7: What’s in the CIA Hacking Toolbox?
httpv://www.youtube.com/watch?v=X45Bb8O-gMI

CIA Hacking Tools Released in Wikileaks Vault 7 – Threat Wire
httpv://www.youtube.com/watch?v=5LYSjLwkAo4

Download a Security Risk Assessment steps paper!

Download a vCISO template

Take an awareness quiz to test your basic cybersecurity knowledge

Subscribe to DISC InfoSec blog by Email




Jun 13 2020

Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet

Category: Cyber Espionage,Cyber Threats,Threat detectionDISC @ 12:13 pm

Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away.

Source: Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email




« Previous PageNext Page »