âTodayâs hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.â
Human interaction online has largely moved to the cloud
Apps and browsers are used as humans connect with work, family, and friends. Cybercriminals are taking advantage of this by attacking outside of email and taking advantage of less protected channels like SMS text, social media, gaming, collaboration tools, and search apps.
Spear phishing and human hacking from legitimate infrastructure increased in August 2021, 12% (or 79,300) of all malicious URLs identified came from legitimate cloud infrastructure like including AWS, Azure, outlook.com, and sharepoint.com â enabling cybercriminals the opportunity to easily evade current detection technologies.
A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year.
A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.
This is the first time that these attacks are publicly disclosed, they took place in March, July, and August respectively. The three facilities hit by ransomware operators are located in the states of Nevada, Maine, and California. In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment.
The advisory reports common tactics, techniques, and procedures (TTPs) used by threat actors to compromise IT and OT networks of WWS facilities, they include:
Spearphishing campaign aimed at the personnel to deliver malicious payloads such as ransomware and RAT;
Exploitation of services and applications exposed online that enable remote access to WWS networks (i.e. RDP accesses);
Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions.
The former chief software officer for the U.S. Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. In a no-holds-barred interview, he unloads his frustrations, built up over three years of inept bungling at the Pentagon.
He quit his job last month, in disgust. âWe are setting up critical infrastructure to fail,â Chaillan warned. And now Defense Department officials will be bracing themselves for more criticism as he vows to testify to Congress.
Lauren Knausenberger now holds the poisoned chalice. In todayâs SB Blogwatch, we plan to fail.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fruit salad word salad.
Kindergarten levelâ In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told [me] the failure of the US to respond to Chinese cyber and other threats was putting his childrenâs future at risk. âWe have no competing fighting chance against China in 15 to 20 years. Right now, itâs already a done deal; it is already over in my opinion,â he said. ⊠Chaillan, 37, who spent three years on a Pentagon-wide effort to boost cyber security and as first chief software officer for the US Air Force, said Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities. He argued these emerging technologies were far more critical to Americaâs future than hardware such as big-budget fifth-generation fighter jets such as the F-35. ⊠Senior defence officials have acknowledged they âmust do betterâ to attract, train and retain young cyber talent. ⊠Chaillan announced his resignation in a blistering letter at the start of September, saying military officials were repeatedly put in charge of cyber initiatives for which they lacked experience, decrying Pentagon âlaggardsâ and absence of funding. ⊠Chaillan said he plans to testify to Congress about the Chinese cyber threat to US supremacy, including in classified briefings, over the coming weeks. ⊠He added US cyber defences in some government departments were at âkindergarten level.â
A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
Coinbase is the worldâs second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue â coinbase.com.password-reset[.]com â was targeting Italian Coinbase users (the siteâs default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.
Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think itâs what computer scientists or mathematical analysts call a solved game.
Tic-tac-toe (noughts and crosses outside North America), for example, is a solved game, because itâs easy to create a list of every possible play, and figure out the best possible move from every game position on the list. (If neither player makes a mistake then the game will always be a draw.)
Even games that are enormously more complex have been âsolvedâ in this way too, such as checkers (draughts)âŠ
âŠand in comparison to playing checkers, spotting phishing scams feels like an easy contest that the recipient of the message should always win.
And if phishing is a âsolved gameâ, surely itâs not worth worrying about any more?
The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with the release of version 8.0.1.
The issue resides in the open-source library used by the Git GUI client to generate SSH keys, all the keys generated using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken are potentially affected.
The latest version of the Git GUI client (version 8.0.1) uses a new SSH key generation library.
âThis issue only affects GitKraken users who generated SSH keys through the GitKraken interface using versions 7.6.x, 7.7.x, 8.0.0. If you are not sure what version you used to generate your SSH key, we encourage you to renew your key through the following process.â reads the advisory.
âAffected users need to:
1. Remove all old generated SSH keys stored locally.
2. Generate new SSH keys using GitKraken 8.0.1, or later, for each of your Git service providers.â
The development team already notified the Git hosting service providers GitHub, Bitbucket, GitLab, and Azure DevOps, they also revoked the weak public keys used.
The development team is not aware of any accounts being compromised due to this weakness.
Jack draws on years of experience introducing quantified risk analysis to organizations like yours, to write An Adoption Guide For FAIR. In this free eBook, he’ll show you how to:
Lay the foundation for a change in thinking about risk
Plan an adoption program that suits your organization’s style.
Identify stakeholders and key allies for socialization of FAIR
Select and achieve an initial objective, then integrate business-aligned, risk-based practices across your organization.
You donât get one for a while, and then three come at once.
For buses on busy urban routes, at least, the explanation of the phenomenon goes something like this.
If three buses start out travelling the same route together in a nicely spaced sequence, then the first one is most likely to be the slowest, because it will be stopping to scoop up most of the waiting passengers, while the ones behind will tend to travel faster because they need to stop less often or for shorter periods.
So buses naturally tend to scrunch up and arrive in bursts.
Burst-mode software patches
When it comes to software patches, however, the problem often works the other way around.
If the first patch arrives too quickly, then it may not have been reviewed or tested quite as much as you might like.
So itâs not so much that the next patch in the queue catches up because the first one is too slow, but that the next one has to be completed in a rush to keep upâŠ
âŠand, if you arenât careful, then that second patch might itself beget a third patch, needed to patch the patch that patched the first patch.
Three Apache buses
And thus with Apache: just two days ago, we reported a path validation bug dubbed CVE-2021-41773 that was introduced in Apache 2.4.49:
A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates.
A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras.
âThe identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.â reads the advisory published by the vendor in early September.
The flaw received a CVSS v3 score of 8.1, the vendor recommended its customers to install security updates.
The list of affected models is very long, it includes IPC-X3XXX,HX5XXX, HUM7XX, VTO75X95X, VTO65XXX, VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, TPC-PT8X21B, NVR1XXX, NVR2XXX, NVR4XXX, NVR5XXX, NVR6XX.
It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version.
Security professionals work hard to plan secure IT environments for organizations, but the developers who are tasked with implementing and carrying these plans and procedures are often left out of security planning processes, creating a fractured relationship between development and security.
This was the conclusion from a VMware and Forrester study of 1,475 IT and security managers, including CIOs and CISOs and managers with responsibility for security strategy and decision-making.
The report found security is still perceived as a barrier in organizations, with 52% of developer respondents saying they believed that security policies are stifling their ability to drive innovation.
Only one in five (22%) developers surveyed said they strongly agree that they understand which security policies they are expected to comply with and more than a quarter (27%) of the developers surveyed are not involved at all in security policy decisions, despite many of these decisions greatly impacting their roles.
The research indicated that security needs a perception shift and should be more deeply embedded across people, processes and technologies.
This means involving developers in security planning earlier and more often; learning to speak the language of the development team rather than asking development to speak security, sharing KPIs and increasing communication to improve relationships and automating security to improve scalability, the report recommended.
âRegardless of whether if itâs customer-facing functionality or a business logic concern, every line of code developed should prioritize security as a design feature,â he said. âOnce security is taken as seriously as other drivers for DevOps adoption, then a fully holistic integration can be achieved.â
#DevSecOps: A leaderâs guide to producing secure software without compromising flow, feedback and continuous improvement
The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers.
The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state.
The move is the response of the Arizona administration to hundreds of thousands of cyberattacks that hit the state.
At a ceremony Monday at the Department of Public Safetyâs Arizona Counter Terrorism Information Center in Phoenix, Ducey explained that Cyber Command Center has been established to protect the IT infrastructure of the state.
âThe Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the stateâs computers against attacks and by extension, help protect the over 7 million residents of the Grand Canyon State.â reads a post published by AZCentral.
âWhen we protect your data, we protect you at home as well,â Arizona Department of Homeland Security Director Tim Roemer said in an interview. âWe help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.â
In the case of a severe cyber attack, experts at the center will coordinate the incident response activities.
Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.
Whatâs interesting is how this cheating was discovered. Itâs not that someone noticed the communication devices. Itâs that the proctors noticed that cheating test takers were acting hinky.
Cheating on Tests: How To Do It, Detect It, and Prevent It
Users worldwide are not able to access Facebook, Instagram, and WhatsApp services due to a BGP problems. Users attempting to visit the above services are displaying âDNS_PROBE_FINISHED_NXDOMAIN.â
The mobile applications of the social network giant and its Tor hidden services are also not working.
At the time of this writing, it is unclear if the outage is the result of a technical issue or it is the result of a cyber attack against the infrastructure of the social network giant.
As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means itâs a great opportunity to do three things: Stop. Think. Connect.
Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness.
Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021
Cybersecurity Awareness Month 2021 Kick-off Week
Cybersecurity Awareness Month 2021 has officially begun! join CISA in spreading cybersecurity awareness and encourage everyone to own their role in protecting Internet-connected devices. âDo Your Part. #BeCyberSmart.â
The focus of Cybersecurity Awareness Monthâs first week is âDo Your Part. #BeCyberSmart.â
Cybersecurity starts with YOU and is everyoneâs responsibility. There are currently an estimated 5.2Â billion Internet usersâover 65% of the world’s population![1]Â This number will only grow, making the need to #BeCyberSmart more important than ever.
Cybersecurity Awareness Monthâs second week focuses on steps individuals and organizations can take to reduce their risks to phishing and ransomware.
This year has seen an increase in phishing incidents that often lead to ransomware attacks. These attacks disrupt the way we work, learn, and socialize. With our homes, schools, and business more connected than ever, itâs vital to #BeCyberSmart.
Cybersecurity Awareness Monthâs third week is Cybersecurity Career Awareness Week. This week, learn the vital role cybersecurity professionals play in global society and security. Also, learn how you can explore #Cybersecurity as your next career.
The final week of Cybersecurity Awareness Month looks at how #Cybersecurity is a year-round effort and should be one of individuals and organizations first considerations when they create or buy new devices and connected services.
For ways on how organizations and individuals can incorporate cybersecurity best practices into their decision making processes, visit www.cisa.gov/cybersecurity-awareness-month.
U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide.
âThis month, the United States will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,â announced President Biden.
The Biden Administration announced that it will work with representatives of 30 countries to accelerate the cooperation among states and international law enforcement agencies in fighting cyber criminal activities. Biden also announced a special effort in building a coalition of nations to advocate for and invest in trusted 5G technology and to secure its supply chains.
The coalition also aims at managing both the risks and opportunities associated with the adoption of emerging technologies like quantum computing and artificial intelligence.
CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation
Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021Â
A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack.
An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.
According to Kidd, the Alabama hospital did not disclose that it was hit by a severe cyberattack that interfered with the care for her baby, Nicko Silar.
âNicko suffered a severe brain injury when medical staff failed to notice the umbilical cord was wrapped around her neck because of a âlack of access to critical services and information caused by the cyberattack,â the suit said. She died nine months after the cord cut off her blood and oxygen supply.â reported The New York Post.
The hospital released a public statement about the security breach the day before the infant was born announcing it âhas continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect.â
The 2022 Report on Healthcare Cyber Security: World Market Segmentation by City
You might be forgiven for thinking that cybercrime is almost all about ransomware and cryptocoins these days.
In a ransomware attack, the crooks typically blackmail you to send them cryptocurrency in return for giving you your stolen data back (or for not selling it on to someone else).
In a cryptocoin attack, the crooks typically take your cryptocurrency for themselves, perhaps by exploiting a bug in the trading software you use, or by stealing your private keys so they have direct access to your cryptocurrency wallet.
This sort of criminality sometimes involves amounts reaching tens of millions of dollars, or even hundreds of millions of dollars, in a single attack.
But gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime.
Indeed, the US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fraudulently obtained cards to spend on themselves.
âŠbut if we reasonably assume an average of $200 a gift card (we know that in many scams, crooks come away with more than that on each card), weâre still looking at $1,000,000 of ill-gotten gains in this court case alone.
Don’t Panic! I’m A Professional Fraud Analyst – 2022 Diary: Customized Work Planner Gift For A Busy Fraud Analyst.
The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats.
Insider threats pose a severe risk to organizations, the attacks are carried out by current or former employees, contractors, or others with inside knowledge, for this reason they are not easy to detect.
An attack from insiders could compromise sensitive information, cause economic losses, damages the reputation of the organization, theft of intellectual property, reduction of market share, and even physical harm to people.
The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats.
âThe Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat. By answering a series of questions, users receive feedback they can use to gauge their risk posture. The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.â reads the announcement published by CISA.
Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021
Held every October, Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) co-lead Cybersecurity Awareness Month.
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
A new APT group has emerged thatâs specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Serverâs ProxyShell and leveraging both new and existing malware to compromise networks.
Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday.
To avoid detection, ChamelGang hides its malware and network infrastructure under legitimate services of established companies like Microsoft, TrendMicro, McAfee, IBM and Google in a couple of unique ways, researchers observed.
Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victimsâ software development processes.
Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.
If an attacker (like an APT) compromises third-party developers, itâs possible to infiltrate thousands of organizationsâ cloud infrastructures, the report warned.
Supply Chain Flaws in the Cloud
Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.
âOur researchers estimated that the typical cloud-native application is built upon hundreds of these packages,â he said. âLetâs call them âLegos.â Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.â
The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to âshift security left.â
âShifting security left is about moving security as close to development as possible,â said Chiodi. âHistorically, security and development teams have operated independently of each other.â He added that development teams like to move quickly and try new things and security is more often the opposite.
âThe concept of âshift leftâ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,â Chiodi said. âIf security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.â
He pointed out the first wave of migrations to the cloud was marked by âlift and shift,â meaning that organizations simply took existing applications as-is and moved them to the cloud.
âWhen they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,â he said.