Jan 30 2021
The Security Mirage
The feeling of security and the reality of security don’t always match, says computer-security expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the “security theater” now playing at your local airport, while neglecting more probable risks — and how we can break this pattern.
Jan 29 2021
Vovalex is likely the first ransomware written in D
A new ransomware called Vovalex is being distributed through fake pirated software that impersonates popular Windows utilities, such as CCleaner.
When it comes down to it, all ransomware infections boil down to the same function – encrypt a device’s files and then drop a ransom note demanding payment in some form.
While Vovalex is no different, what stands out to Advanced Intel’s Vitali Kremez and MalwareHunterTeam, who found the ransomware, is that it may be the first ransomware written in D.
Source: Vovalex is likely the first ransomware written in D
Jan 29 2021
Lebanese Cedar APT group broke into telco and ISPs worldwide
Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world.
Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted companies around the world.
The APT group has been active since 2012, experts linked the group to the Hezbollah militant group.
The activities of the group were first spotted by Check-Point and Kaspersky labs in 2015.
ClearSky experts linked the Lebanese Cedar group to intrusions at telco companies, internet service providers, hosting providers, and managed hosting and applications companies.
The attacks began in early 2020 and threat actors breached internet service providers in the US, the UK, Egypt, Israel, Lebanon, Jordan, the Palestinian Authority, Saudi Arabia, and the UAE.
“Based on a modified JSP file browser with a unique string that the adversary used to deploy ‘Explosive RAT’ into the victims’ network, we found some 250 servers that were apparently breached by Lebanese Cedar” reads the report published by the ClearSky. “We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years.”
Jan 28 2021
Privacy as a Service
The simplest, fastest, and most affordable way to comply with privacy legislation like the EU’s GDPR (General Data Protection Regulation), the CPRA (California Privacy Rights Act), New York’s SHIELD Act, and others. With Privacy as a Service, you can:
* Achieve scaled privacy compliance quickly
* Remain one step ahead of legislative developments with affordable advice and support
* Reduce privacy risks with one simple subscription service
* Enjoy peace of mind with your own dedicated data privacy manager
Jan 28 2021
TeamTNT group adds new detection evasion tool to its Linux miner
The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn.
Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials.
The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.
“The group is using a new detection evasion tool, copied from open source repositories,” reads the analysis published by AT&T Alien Labs.
The threat actor behind the botnet used the new tool to hide the malicious process from process information programs such as `ps` and `lsof`and evading the detection.
The libprocesshider open-source tool is available on Github since 2014 and is able to “hide a process under Linux using the ld preloader.” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded. If the custom shared library exports a function with the same signature of a library that is located in the system libraries, the custom version will override it.
Jan 27 2021
Security in the digital world
This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to:
* Keep your information secure
* Put the necessary controls on your home network, protecting your family from cyber crime
* Prevent identity theft when shopping online or using contactless payment
* Keep your children safe when using the Internet.
Jan 27 2021
Law enforcement announced global action against NetWalker Ransomware
A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators.
Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.
“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.
“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”
The group has been active since 2019, the NetWalker ransomware has been offered with the Ransomware-as-a-Service (RaaS) model.
The list of victims of the group is long, it includes Pakistan’s largest private power company K-Electric, Argentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF), the latter paid a $1.14 million ransom to recover its files.
Jan 27 2021
ISO Self Assessment Tools
ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit
Jan 27 2021
Europol-led op knocks 700 servers offline
Command ‘n’ control botnet of notorious Emotet Windows ransomware shut down in multinational police raid
EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators’ homes in the Ukraine.
“To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week’s action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside,” said Europol in a jubilant statement this afternoon.
Police forces from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine all took part in the takedown.
“Analysis of accounts used by the group behind Emotet showed $10.5m being moved over a two-year period on just one Virtual Currency platform,” said Britain’s National Crime Agency, which added: “NCA investigators were able to identify that almost $500,000 had been spent by the group over the same period to maintain its criminal infrastructure.”
Jan 27 2021
Maritime port cybersecurity
MARITIME CYBER SECURITY
Although acknowledging previous relevant cases, the chosen starting point will be June, 16th 2017, when the International Maritime Organization (IMO) formally adopts the recommendations included in the three declarations of principles in the Resolution MSC.428 (98) entitled Cyber Risk Management in Safety Management System.
In this sense, the cyber security risk assessment becomes integral part of the objective (Art.1.2) included in the ISM Code; according to which the management of the cyber security risk must be included in the general objective, for this reason shipping companies must “…ensure safety at sea, prevention of human injury or loss of life, and avoidance of damage to the environment, in particular to the marine environment and to property“. In particular, these objectives are identified in the pursue of the following obligations:
1. provide for safe practices in ship operation and a safe working environment;
2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards; and
3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.
In the declarations related to the MSC.428 (98), the IMO introduces for the first time the date of Jan., 1st 2021, stating that: “…Administrations (are encouraged) to ensure that cyber risks are appropriately addressed in safety management system no later than the first annual verification of the company’s Document of Compliance after 1 January 2021“.
The second date to remember is Jul. 5th 2017, when the IMO, through the Maritime Safety Committee released the Guidelines on Maritime Cyber Risk Management included in the MSC-FAL.1/Circ.3. These guidelines suggest recommendations identified as “high level“ for the management of cyber risk in the maritime sector, with special reference to shipping. The pursued aim is to promote the mitigation of cyber risks, through the adjustment of the safety management system, included in the ISM Code framework.
« Previous Page — Next Page »
